Information on processing “CHECK-AT app” pursuant to Art. 13 and 14 of the General Data Protection Regulation (GDPR)

Name and contact details of the data controller and responsible entity:

Federal Minister of the Interior
Herrengasse 7
1010 Vienna
Telephone: +43 1 53 126-0
Telefax: +43 1 531 26-108613
Email: post@bmi.gv.at

Contact details of the data protection officer:

Herrengasse 7,
1010 Vienna
Telephone +43 1 53 126-0
Email: bmi-datenschutzbeauftragter@bmi.gv.at

Categories of personal data processed:

With the help of the Check-AT app, the following data can be read from the QR code on the ID card: Photograph, name, gender, citizenship, date of birth, issuing state, type of document, ID card number and period of validity.

When the app is started, certificates and test steps are checked for topicality and re-downloaded if necessary. In the course thereof, the IP address and the user agent (name and version of the app) are also logged. No cookies, no sessions and no market research data are collected.

No cookies, no sessions and no market research data are collected.

Purposes for which the personal data are processed:

The purpose of the app is to verify the authenticity of the new Austrian ID card by comparing the identity data read from the QR code with the data printed on the ID card.

The authenticity of the QR code is verified using certificates. The technical protocol is produced to ensure data security and availability of the service.

Legal basis of the processing:

Section 3 Passport Act, BGBl. No. 839/1992 as amended in conjunction with PassV, BGBl. No. 861/1995 as amended. Art. 32 GDPR.

Duration for which the personal data will be stored:

The identity data is displayed in the app until the user closes the app. Technical log data (incl. IP address and user agent) are deleted after 30 days.

Categories of recipients of the personal data:

Processor: Österreichische Staatsdruckerei GmbH, Akenes SA - Exoscale; Zammad GmbH; and youniqx Identity AG (for maintenance and support).

Rights of the data subject:

A right of appeal to the Austrian Data Protection Authority (1030 Vienna, Barichgasse 40-42,
Telephone: +43 1 52 152-0, email: dsb@dsb.gv.at) exists in accordance with Section 24 (1) Austrian Data Protection Act (DSG).
The right to the disclosure of information exists in accordance with Art. 15 GDPR.
The right to rectification exists in accordance with Article 16 GDPR.
The right to deletion exists in accordance with Art. 17 GDPR.
A right of objection exists in accordance with Art. 21 GDPR.
The right to the restriction of processing exists in accordance with Art. 18 GDPR.