Hero image

Data protection declaration of EVVA Sicherheitstechnologie GmbH

With this data protection declaration we aim to provide you with an overview of how we process your personal data and which risks arise for you as a result of data protection rights. The data we process in detail and how we use it depends mainly on the products you use.

Further information on data processing at Xesar and AirKey can be found here:

Information on data processing relating to the AirKey product.pdf
Information on data processing relating to the Xesar product.pdf


EVVA Sicherheitstechnologie GmbH

Wienerbergstrasse 59-65
1120 Vienna Austria 

Phone: +43 (1) 811650

We record and process your data to the extent that is technically absolutely necessary to operate our website and provide you with the best possible access to our services.

When you access our website, our servers automatically record information that is technically necessary and of an unavoidable nature, in particular for the purpose of establishing the connection, providing fundamental functionality and guaranteeing system security. This includes the type of browser used, the operating system used, DNS information in relation to your IP address, the connection data of the computer used (IP address), the website from which you are visiting our website (referrer URL), the pages you visit on our website and the date as well as duration of your visit. We are not able to draw conclusions on who provided the data (certain persons) because we apply pseudonyms. We do not merge this data with other data sources.

If you contact us using an integrated form, we collect additional personal data. The contact form illustrates which data we collect in each case. The data is saved to process your request. Mandatory data has been indicated by an asterisk (*). All further data is voluntary. We delete the data collected within the context of the contact form after it is no longer necessary to save it or restrict processing if there are statutory archiving periods. Article 6 Paragraph 1 lit. b) of the GDPR forms the legal basis for the processing of your personal data if this concerns establishing contact within the context of a conclusion of a contract. In any other case, it is in our justified interest to respond to your requests so that in this case Article 6 Paragraph 1 lit. f) GDPR forms the legal basis.

Within the context of our website we fall back on the range of services provided by Google Maps. Consequently, we can integrate interactive maps into our website and thus boost the information content in your interest. On the basis of your visit to the website Google is provided with information that you opened the corresponding sub-page. The IP address, date and time of your request, time zone, content of the request (specific page), access status/HTTP status code, correspondingly transferred data quantity, website from which the request was submitted, browser, operating system and its interface, language and browser software version are also transferred. This is carried out regardless of whether Google provides a user account which you have logged in to or whether you do not have a user account. If you have logged in to Google, your data is directly assigned to your account. If you prefer not to be assigned to your Google profile, you must log out from your account prior to activating the button. Google saves your data as user profiles and uses it for the purposes of advertising, market research and/or demand-based design of its website. This type of evaluation is carried out in particular (even for users that have not logged in) to provide demand-based advertising and to notify other users of the social network about your activities on our website.

As per the GDPR you also have the right to object to this. However, for this purpose, you must directly contact Google. Please refer to the following website for more information about your corresponding rights and your privacy protection configuration options in this context: www.google.de/intl/de/policies/privacy. Regardless of this we would also like to point out that Google also processes your personal data in the USA and that the company has signed up to the EU-US Privacy Shield, thus making it legal as per GDPR.

The legal basis for processing is Article 6 Paragraph 1 lit. f) GDPR.

We use the services of Jentis GmbH (Schönbrunner Straße 231, 1120 Vienna) for the purpose of analysing customer user behaviour and website optimisation. Jentis therefore has access to web analysis data, which is evaluated, stored, prepared and made available by the analysis tools in use and Jentis. For this purpose, data is transmitted to Jentis for analysis purposes, while Jentis also collects data on our behalf with regard to browser variants and visitor behaviour. In this case, the IP address is anonymised by Jentis (omission of the last octet) and, therefore, any personal reference is guaranteed to be removed. Jentis sets a consecutive ID, which also does not represent a personal reference within the meaning of the GDPR.


We use the range of services provided by Google AdWords to be able to use advertising materials (so-called Google AdWords) to draw attention to our offers on external websites. In relation to the advertising campaign data we can determine how successful individual advertising measures are. With this tool we aim to provide you with advertising that may be interesting to you, make our website more interesting for you and continuously optimise our Internet pages.

These functions are provided by Google using so-called "ad servers". For this purpose, we use ad server cookies that are able to measure certain parameters to measure the success and display advertising or measure user interaction. If you access our website via a Google advert, Google Adwords saves a cookie on your PC. These cookies are usually rendered void after 30 days and they are not intended to personally identify you. As a rule, this cookie saves the following analysis values: unique cookie ID, number of ad impressions per position (frequency), last impression (relevant to post view conversions) and opt-out information (label indicating that users would no longer like to be approached).<br/> <br/> These cookies enable Google to recognise your Internet browser. If users have visited certain website pages of an AdWords customer and the cookie saved on their computer has not yet expired, Google and the customer can identify that the user has clicked the advert and was forwarded to this page. A different cookie is assigned to each AdWords customer. Consequently, cookies cannot be traced using the websites of AdWords customers.

We do not collect and process personal data in the listed advertising measures. Google merely provides us with statistical evaluations. These evaluations help us identify which of the applied advertising measures are particularly effective. We are not provided with advanced data resulting from the use of advertising materials and we can – in particular – not identify users on the basis of this information.<br/> On the basis of the marketing tool used your browser automatically establishes a direct connection with the Google server. We cannot influence the scope and downstream use of the data that is collected on the basis of the application of this tool by Google and for this reason, we shall inform you as per our levels of information: thanks to the integration of AdWords Conversion Google is provided with the information that you have opened the corresponding part of our Internet services or clicked one of our adverts. If you have signed up to any Google services, Google can attribute the visit to your account. Even if you have not signed up to Google or are logged out there is the option that the provider collects and saves your IP address.

There are different methods to prevent participating in this tracking method:

  1. Configure your browser software in a certain way – in particular by suppressing third-party cookies – and you will not receive third-party adverts.
  2. Deactivate the cookies for conversion tracking by configuring the browser to block cookies from the "www.googleadservices.com" and https://www.google.de/settings/ads domains. Please note that you will delete this setting once you delete your cookies.
  3. Deactivate interest-based adverts by providers forming part of the "About Ads" self-regulating campaign using the link www.aboutads.info/choices. Please note that you will delete this setting once you delete your cookies
  4. Permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers using the following link: http://www.google.com/settings/ads/plugin. Please note that you may not be able to use the full functionality of this website in this case.

Article 6 Paragraph 1 Section 1 lit. f. GDPR forms the legal basis for the processing your data.<br/> <br/> Click the following link for more information about data protection at Google: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively you can visit the Network Advertising Initiative (NAI) website at: http://www.networkadvertising.org. Google has signed the EU-US Privacy Shield agreement: https://www.privacyshield.gov/EU-US-Framework.

We use cookies so the use of the websites and preferences of website users are implemented in a user-friendly way – but also to technically enable the functionality of the underlying content management system in the first place. Cookies are text files that are saved on your hard drive to enable an identification of the browser if you once again open the website.

You can prevent cookies from being saved on your hard drive by configuring your browser accordingly. You can delete any already saved cookies at any time. Please refer to the corresponding browser manual for instructions on how to delete cookies or prevent them from being saved on your hard drive. If you do not accept cookies, the usability of our Internet offer may be restricted.

The legal basis for processing is Article 6 Paragraph 1 lit. f) GDPR.

We protect our websites and any other systems using technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. Depending on the browser used, the data is transferred using 128 bit or 256 bit SSL encryption. Despite regular checks and continuous improvements to our security measures we cannot guarantee complete protection from all risks. In an effort to enable the functionalities of upstream security systems, it is necessary to save the data collected on the basis of Section 3 for a duration of up to one year after having applied pseudonyms to be able to identify, verify and protect from any delayed attacks.

The legal basis for processing is Article 6 Paragraph 1 lit. f) GDPR.

Personal data will be deleted or blocked as soon as the reason for saving the data no longer applies or you demand deletion. Please note that we can exclusively delete your data if there are no statutory stipulations preventing this, e.g. statutory archiving obligations. The data is also deleted if any storage terms specified in the standard expires unless there is a necessity to continue saving the data for the conclusion or performance of a contract or you have given your corresponding consent.

We also collect and process personal data from applicants for the purposes of processing our application process. In this process, data may also be processed electronically. This is always the case if applicants send application documents using electronic means, i.e. by email or using an online form implemented on our Internet page. If we employ an applicant, the transferred data is saved for the purpose of processing the employment relationship while taking into account the statutory specifications. However, if we do not conclude an employment contract with applicants, the application documents are deleted six months after announcement of the decision not to employ, unless there is a legal basis for a mainly justified interest of the responsible party for longer storage of the data or explicit consent by applicants that permits us to continue to process the applicant data.

We aim to assess all applicants on the basis of their qualifications and for this reason, we ask to destroy any data relating to race and ethnic origin, political opinions, religious or ideological beliefs or potential membership in trade unions, genetic data, biometric data to uniquely identify natural persons, health data or data relating to sex life or sexual orientation in the application, providing this is possible.

As a rule, you have the right to correct, delete, restrict and withdraw. Contact us for this purpose. Please contact our data protection officer if you are of the opinion that the processing of your data is in breach of data protection legislation or your claims to data protection rights have been infringed in any other way. You are also free to submit a complaint to the supervisory authority if we are unable to find a solution for you in this way. The data protection authority in Austria is responsible for this.

Data protection officer:

Peter Oskar Miller
Ungargasse 37
1030 Vienna
Email: evva(at)datenschutzbeauftragter.at

Austrian data protection authority

Barichgasse 40-42
1030 Vienna
Phone: +43 1 521 52-25 69
Email: dsb(at)dsb.gv.at

As per Article 15 GDPR you have the right to disclosure. It goes without saying that we aim to follow up any request for disclosure as per the statutory requirements and deadlines. On the basis of special circumstances, such as around 100 years of company history and comprehensive archiving of all data required for the purpose of a long-term provision of our products it is unavoidable that we also save basic personal data for a prolonged period of time. As per recital (ErwG) 47 this is also permitted as in this process neither the interests, nor the basic rights and basic liberties of affected persons can prevail.

However, as a result of the company's history the majority of the data has not been saved/is not suitable for saving in electronic form and as a result, disclosure as per Article 15 GDPR may be unintentionally incomplete or incorrect. In an effort to prevent this to a large extent and in the interest of the person asking for disclosure, EVVA must rely on the support by the person asking for disclosure on the basis of recital (ErwG) 63 and in this context the company notifies of the obligation to participate on behalf of affected parties. For this reason, EVVA is not only authorised, but also obliged to verify the identity of persons seeking disclosure as part of a request to disclosure as per recital (ErwG 64) and the company must also notify these persons about the fact that there is an obligation to participate on behalf of affected parties as per recital (ErwG) 63. Consequently, we ask affected persons to already provide corresponding, conclusive proof of identity as part of the request and give basic information, such as the known communication methods with EVVA (application, former subsidiary employee, master key system number, etc.).