Introduction and Overview

We have drafted this privacy policy (version 16.06.2022-112053902) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, what personal data (hereinafter referred to as “data”) we as the responsible party—and our commissioned processors (e.g., providers)—process and will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral. In short, we provide comprehensive information about the data we process about you.

If you still have questions, we would like you to contact the responsible party mentioned below or in the imprint, follow the existing links, and view additional information on third-party pages. Our contact details can, of course, also be found in the imprint.


This privacy policy applies to all personal data processed by our company and all personal data processed by commissioned companies (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as the name, email address, and postal address of a person. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

  • All online presences (websites, online stores) that we operate
  • Social media presences and email communications
  • Mobile apps for smartphones and other devices

Legal Basis

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, namely the legal bases of the General Data Protection Regulation, which enable us to process personal data. As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can naturally read this EU General Data Protection Regulation online at EUR-Lex, the access to EU law, at EUR-Lex In addition to the EU regulation, national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), abbreviated DSG. In Germany, the Federal Data Protection Act, abbreviated BDSG, applies. If other regional or national laws apply, we will inform you in the following sections.

Contact Details of the Responsible Person

If you have questions about data protection or the processing of personal data, you will find the contact details of the responsible person or entity below:

Stefanie Hofer
The Treasury
Palais Harrach
Freyung 3
A-1010 Wien

Phone: +43 676 9728984
Imprint: The Treasury

Data Transfer to Third Countries

We only transfer or process data in countries outside the EU (third countries) if you consent to this processing, it is legally required or contractually necessary, and in any case, only to the extent generally allowed. Your consent is most often the main reason we process data in third countries. Processing personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, can mean that personal data is processed and stored in unexpected ways.

We explicitly point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as Google Analytics) may result in data not being anonymized during processing and storage.


In the context of our online offer, we use “cookies”. Cookies are small files that are stored on the user’s computer and can store information for providers. Temporary cookies are deleted after the browser is closed; permanent cookies remain for a specified period and can provide the stored information when the online offer is called up again.

You can influence the use of cookies. Most browsers have an option that restricts or completely prevents the storage of cookies.

Social Networks

To display advertising tailored to your preferences on your preferred social media channels, we use their cookies and tracking technologies. For this, pseudonymized data is transferred to the networks and may be merged with further data by the network. The Treasury is responsible for the corporate presences within the meaning of the EU GDPR and other data protection regulations along with:

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) LinkedIn (Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

However, you use these platforms and their features at your own risk. This applies especially to the use of interactive functions (e.g., commenting, sharing, rating).

We further point out that your data may be processed outside the European Union. Regarding US providers that are certified under the “Privacy Shield,” we note that these providers are committed to complying with EU data protection standards. If you are a member of a social network and do not want the network to collect data about you via our presence and link it to your stored member data at the respective network, you must log out of the network before visiting our fan page, delete the cookies present on the device, and restart your browser. After re-logging in, you are, however, again recognizable as a specific user for the network. For a detailed presentation of the respective processing and the opt-out options, we refer to the linked information below:

Facebook Privacy Policy: Facebook Privacy Opt-Out: Facebook Settings and Your Online Choices Privacy Shield: Privacy Shield

Instagram Privacy Policy: Instagram Help Opt-Out: Network Advertising Initiative and Your Online Choices Privacy Shield: Privacy Shield

LinkedIn Privacy Policy: LinkedIn Privacy Opt-Out: LinkedIn Guest Controls Privacy Shield: Privacy Shield

Google Analytics Privacy Policy

We use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files that are stored on users’ computers and that allow an analysis of their use of the website. The information generated by the cookie about users’ use of this website is usually transferred to a Google server in the USA and stored there.

In the event of the activation of IP anonymization on this website, Google will truncate the IP address of users within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate the use of the website by users, to compile reports on website activities, and to provide other services related to website and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly; however, the provider points out that in this case, you may not be able to use all the functions of this website in full. Users can also prevent the collection of data generated by the cookie and related to their use of the website (including their IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: Google Analytics Opt-out.

Google Tag Manager Privacy Policy

For our website, we use the Google Tag Manager from the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. With the Google Tag Manager, we can centrally install and manage code sections from various tracking tools that we use on our website.

The Google Tag Manager is an organizational tool that allows us to integrate and manage website tags centrally via an interface. This involves embedding JavaScript code sections into the source code of our page. The tags often come from Google-internal products like Google Ads or Google Analytics, but tags from other companies can also be integrated and managed through the Manager. These tags perform various tasks. They can collect browser data, feed marketing tools with data, integrate buttons, set cookies, and even track users across multiple websites.

E-Mail Marketing

To keep you always informed, we also use the option of email marketing. In doing so, if you have agreed to receive our emails or newsletters, your data is also processed and stored. Email marketing is a part of online marketing. News or general information about a company, products, or services is sent via email to a specific group of people who are interested in it.

If you want to participate in our email marketing (usually via newsletter), you normally just need to register with your email address. To do this, you fill out an online form and send it off. However, it may also happen that we ask you for your title and name so that we can address you personally. When you subscribe to our newsletter via our website, you confirm by email membership in an email list. In addition to the IP address and email address, your title, name, address, and telephone number may also be stored.

Mailchimp Privacy Policy

Like many other websites, we also use the services of the newsletter company MailChimp on our website. The operator of MailChimp is the company The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. Thanks to MailChimp, we can easily send you interesting news via newsletter. With MailChimp, we don’t need to install anything and can still draw from a pool of really useful features. In the following, we go into more detail about this email marketing service and inform you about the most important data protection-relevant aspects.

With MailChimp, we can choose from a wide range of different email types. Depending on what we want to achieve with our newsletter, we can conduct single campaigns, regular campaigns, autoresponders (automatic emails), A/B tests, RSS campaigns (sending at predefined times and frequencies), and follow-up campaigns.

In MailChimp’s “Cookie Statement” (at: MailChimp Cookies), you can find out exactly how and why the company uses cookies.

Google Ads (Google Adwords) Conversion Tracking

We use Google Ads as an online marketing measure to promote our products and services. As part of our advertising measures through Google Ads, we use conversion tracking from the company Google Inc. on our website. However, for all Google services, the company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible in Europe. With the help of this free tracking tool, we can better tailor our advertising offer to your interests and needs.

You have the option not to participate in Google Ads conversion tracking. If you deactivate the Google conversion tracking cookie via your browser, you block the conversion tracking. In this case, you will not be included in the statistics of the tracking tool. You can change the cookie settings in your browser at any time. This works a little differently in each browser. In the “Cookies” section, you will find the relevant links to the instructions for the most well-known browsers.

If you fundamentally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. This way, you can decide for each individual cookie whether you allow it or not. By downloading and installing this browser plugin at Google Ads Opt-out, all “advertising cookies” are also disabled. Keep in mind that by disabling these cookies, you do not prevent the advertisements, but only the personalized advertising.

LinkedIn Insight Tag

We use the LinkedIn Insight Tag conversion tracking tool on our website. The service provider is the American company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For data protection-relevant aspects in the European Economic Area (EEA), the EU, and Switzerland, the company LinkedIn Ireland Unlimited (Wilton Place, Dublin 2, Ireland) is responsible.

LinkedIn processes data from you, among other things, in the USA. We point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

As the basis for data processing when recipients are located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or for data transfer there, LinkedIn uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard contractual clauses (Standard Contractual Clauses – SCC) are templates provided by the EU Commission and are intended to ensure that your data also meet European data protection standards when they are transferred to third countries (such as the USA) and stored there. Through these clauses, LinkedIn commits to maintaining the European level of data protection when processing your relevant data, even if the data are stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses, among other places, here: EU Standard Contractual Clauses

More information about the standard contractual clauses at LinkedIn can be found at LinkedIn DPA or LinkedIn EU SCCs

Learn more about the LinkedIn Insight Tag at LinkedIn Insight Tag Help. More about the data processed through the use of the LinkedIn Insight Tag can also be found in the privacy policy at LinkedIn Privacy Policy.