Information about the data processing "CHECK-AT App" in accordance with Art. 13 and 14 of the General Data Protection Regulation (GDPR)

Name and contact details of the responsible authority:

Federal Ministry of the Interior
Herrengasse 7
1010 Vienna
Telephone:+43 1 531 26-0
Fax: +43 1 531 26-108613
Email:post@bmi.gv.at

Contact details of the data and privacy officer:

Herrengasse 7,
1010 Vienna
Telephone+43 1 53 126-0
Email:bmi-datenschutzbeauftragter@bmi.gv.at

Categories of personal data that are processed:

With the help of the Check-AT app, the following data can be read from the QR code affixed to the passport and ID card: Photograph, name, gender, citizenship, date of birth, issuing country, document type, passport or ID card number and validity period.

When the app is started, certificates and verification steps are checked to ensure they are up to date and downloaded again if necessary. During this process, the IP address and the user agent (name and version of the app) are also logged.

The app does not collect any cookies, sessions or market research data.

Purposes for which the personal data is processed:

The app serves as a tool for verifying the authenticity of the Austrian passport and ID card by comparing the identity data read from the QR code with the data on the passport or ID card.

The authenticity of the QR code is verified with the help of certificates. The technical protocol is created to ensure data security and availability of the service.

The app can be used by both private individuals and public authorities.

The legal grounds for the processing:

§ 3 Passport Act 1992, Federal Law Gazette No. 839/1992 as amended in conjunction with PassV, Federal Law Gazette No. 861/1995 as amended. Art. 32 GDPR.

Tasks/authorizations to establish identity, for example: § 35 SPG, § 34b VStG, § 118 StPO

The duration for which personal data is stored:

The identity data is displayed in the app until the user closes the app.
The technical log data ( including the IP address and user agent) is being deleted after 30 days.

The categories of recipients of the personal data:

Processors: Austrian State Printing House GmbH; Akenes SA - Exoscale; Zammad GmbH; Hetzner Online GmbH; Youniqx identity AG (for maintenance and support)

Rights of the concerned party:

A right of appeal to the Austrian Data Protection Authority (1030 Vienna, Barichgasse 40-42, telephone:+43 1 52 152-0, e-mail:dsb@dsb.gv.at) exists in accordance with § 24 para. 1 DSG.
The right to information exists in accordance with Art. 15 GDPR.
The right to rectification exists in accordance with Art. 16 GDPR.
The right to erasure exists in accordance with Art. 17 GDPR.
The right to object exists in accordance with Art. 21 GDPR.
The right to restriction of processing exists in accordance with Art. 18 GDPR.