Die Unternehmensgruppe

The BVS Group

The Upper Austrian Fire Prevention Agency ("Brandverhütungsstelle für Oberösterreich") and its subsidiaries (hereinafter referred to as “BVS Group”) is a competent partner regarding preventive fire protection for legislators and administrations but also for businesses, planners and the general public.

As part of our activities we need to process personal data, whereby each of the subsidiary companies of the BVS Group can be a data controller within the meaning of the European General Data Protection Regulation (GDPR).

The data controllers are:

  1. BVS - Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H.
    Petzoldstraße 45, A-4020 Linz, datenschutz@bvs-ooe.at
  2. BVS-Holding GmbH
    Petzoldstraße 45, A-4020 Linz, datenschutz@bvs-ooe.at
  3. IBS - Institut für Brandschutztechnik und Sicherheitsforschung Gesellschaft m.b.H.
    Petzoldstraße 45, A-4020 Linz, datenschutz@ibs-austria.at
  4. IBS - Technisches Büro GmbH
    Petzoldstraße 45, A-4020 Linz, datenschutz-tb@ibs-austria.at
  5. ISC - Institut für Sicherheit und Conformität im Brandschutz Gesellschaft m.b.H.
    Petzoldstraße 45, A-4020 Linz, datenschutz@isc-austria.at
  6. Oberösterreichische Blitzschutzgesellschaft m.b.H.
    Petzoldstraße 45, A-4020 Linz, datenschutz@blitz-ooe.at
  7. IGS – Institut für geprüfte Sicherheit eGen
    Petzoldstraße 45, A-4020 Linz, datenschutz@bvs-ooe.at

For matters concerning data protection of the BVS Group, you may also contact our external data protection officer:

Mr. Stefan Schiffer
Leonfeldner Straße 124, 4040 Linz, Austria
e-mail: dsba-bvs@qed.at, mobile: +43 699 12547249

Joint Controllers

Joint controllership of processing activities such as customer management, customer service and own-purpose marketing, event organization, data privacy file and process management, accounting or human resource management allows to determine – in close coordination and cooperation with each company - the purposes and means of processing data, to ensure the efficiency, effectiveness and expediency of the business processes. This increases the confidentiality, integrity, availability and resilience of systems and services by reducing redundancy and by sharing resources. The IT systems and the IT infrastructure that are required for joint processing activities are operated as a shared service.

The BVS - Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H. is the dominant company of the BVS Group. The other companies are required to implement the data protection frameworks in their division, but are still involved in defining the purposes and means of processing for the joint processing activities.

The BVS - Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H. assures the rights of the data subjects in accordance with Art. 15 to Art. 22 GDPR as well as the information obligations according to Art. 13 and Art. 14 GDPR for all processing activities. It is also the designated contact point for data subjects:

BVS - Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H.
Petzoldstraße 45, 4020 Linz, Austria
e-mail: datenschutz@bvs-ooe.at, phone: +43 732 7617-250

The right of the data subjects, pursuant to Art. 26 (3) GDPR, to exercise their rights in respect of and against each of the controllers remains unaffected.

The BVS - Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H. is in charge of the management and maintenance of the records of processing activities, the definition, review and updating of the technical and organisational measures as well as the notification of a personal data breach to the supervisory authority, with corresponding cooperation obligations for the other companies.

Whose personal data do we process?

When we process personal data, it means that we collect, record, store, adapt, retrieve, use, transmit, make available or erasure data.

In the context of our activities we process personal data of people from outside the BVS Group with whom we are in direct contact or who become known to us within the scope of our business transactions. These are in particular:

  • (Prospective) customers of the BVS Group when they are natural persons; or the contact persons of (prospective) customers when they are legal persons (e.g. companies or authorities).
    Due to our wide-ranging scope of activities, we have (prospective) customers from different fields. In particular they are manufacturers of construction products, planners, construction companies or owners of buildings, contractors of expert opinions on fire and explosion investigations and course and seminar participants.
  • Suppliers of the BVS Group when they are natural persons; or the contact persons of suppliers when they are legal persons.
  • Building project participants who are not customers or suppliers as well as persons involved in the installation and acceptance of fire protection systems (e.g. employees of construction companies and fire protection representatives).
  • Speakers at courses and seminars arranged by us.
  • Injured parties and other involved parties at fires and explosions that are examined by us.
  • Applicants at one of the BVS Group companies.
  • Visitors to our internet presence.
What kind of personal data do we process?

We process personal data provided by you and data which we collect from our business partners during business transactions as well as data we receive from other persons and organisations (such as authorities, insurances, banks and fire services) or data which are taken from publicly accessible sources (like public registers, websites or professional networks). Separate information will be provided to you on all further data sources.

We basically process only those personal data that are necessary in order to identify natural persons and to be able to communicate with them. These data are:

  • Identification data (e.g. first name, surname, date of birth)
  • Name affixes (e.g. academic degrees, job titles)
  • Contact data (e.g. address, telephone number, email address, website address)
  • Organisation data (e.g. company affiliation, legal form, GLN, VAT number, business purpose)
  • Correspondence with these persons (e.g. emails with appendices)

In addition, we process personal data in the different BVS Group companies depending on the activity, especially:

  • Payment details (e.g. bank details of customers, speakers and suppliers)
  • Building data and plans of which the owners are natural persons
  • Credit rating data (e.g. enquiries of "AKV-Alpenländischer Kreditorenverband") in case the (prospective) customer is a natural person (individual company).
  • Course and seminar participation and certificates issued for that purpose
  • Injury data of fires and explosions (e.g. damage location, damage amount, cause of the fire) as far as natural persons are concerned
  • Applications and CVs of applicants
  • Usage data gathered when visiting our website: The collection of this information is conducted with technical means supplied by third persons – details can be found below in the section Additional information for our internet presence. The evaluation of these data is solely processed in anonymous form.

Separate information will be provided on all further data categories which are not equivalent to the ones described above.

What are the purposes and legal bases of processing your data?

Contract performance and associated legal obligations and legitimate interests

We process personal data primarily for the contractual handling of the orders of our customers, suppliers or authorities. We only store those personal data that are necessary for us within the context of the contact, data that are subject to legitimate interest or data that we are legally obliged to collect, as well as data which are necessary for us when deciding whether we want to submit or accept an offer.

General personal data (such as names or contact data) are processed due to legitimate interest for the whole BVS Group (see below).

Personal data extending beyond these general data shall only be processed in the subsidiary within the BVS Group that maintains the business relation or the public contract. If any of this data shall be transmitted to another subsidiary within the BVS Group, separate information will be provided.

Legal obligations and performing tasks in public interest

When processing data from fires and explosions in Upper Austria, we fulfil an important legal mandate of the Upper Austrian Fire and Emergency Act ("Oö. Feuer- und Ge­fahrenpolizeigesetz"). This covers the preparation of fire damage statistics as regulated by the Upper Austria Fire and Emergency Regulation ("Oö. Feuer- und Gefahrenpolizei­verordnung") where we collect data about a fire; including personal data.

In accordance with the Fire and Emergency Act we also have to train fire experts that determine fire and explosion causes as well as experts for fire prevention and preven­tive fire protection and have to provide such experts for courts and authorities when needed (e.g. fire police checks). When preparing according expert opinions, it is necessary to process personal data.

Likewise, we are obliged to carry out and promote education and further training of persons involved in fire prevention and preventive fire protection tasks. Due to the Fire and Emergency Regulation we have - together with the Provincial Fire Brigade School for Upper Austria - to train fire protection representatives and, moreover, to carry out courses for operators of fire alarm systems, sprinkler systems, gas extinguishing systems, smoke and heat exhaust systems and pressure ventilation systems. For this, we store the necessary identification and organizational data of the training and course participants as well as the associated evidence and certificates.

Legitimate interest

The jointly processing of general personal data (such as person master data or contact data) for the entire BVS Group shares from the legitimate interest of keeping these data centralised. This avoids double recordings of persons and assures that an update is available to all companies within the BVS Group.

Some personal data are being processed to enable us to improve our services and offerings or to draw existing customer’s attention to our offers. In any case, we will only process your data if we are convinced that your interests or fundamental rights and freedoms are not overridden by our interests.

For example, we save the name and contact data of the contact persons of our business partners.

Customers are informed about specific offers or reminded of the expiration of deadlines (e.g. inspection of fire protection systems, expiry of certificates, refresher courses for fire protection representatives).

Occasionally, we use the personal data to reconquer or attract customers (direct marketing).


You will only receive marketing emails (newsletter), if you have expressly consented to receiving our newsletter. Withdrawal of your consent is possible at any time - find details on how to unsubscribe in our newsletter.

How long we keep your data?

We shall store your personal data only until such time that it is required for the purposes of processing, or for the duration of statutory or contractual storage periods or for as long as it can be necessary to establish, exercise or defend legal claims. Separate information will be provided on storage periods for specific processing activities.

From whom do we receive your data?

Personal data that we do not collect from yourself are derived from following sources:

  • From our business partners and other project participants (e.g. identification data, contact data or organisation data, building data and plans, correspondence)
  • From public authorities, public prosecutors or courts (e.g. identification data, contact data or organisation data, building data and plans, injury data of fires and explosions)
  • From the fire department education center for Upper Austria (e.g. idientification data and certificates in the course of the education for fire protection officers)
  • From insurances (e,g, identification data and contact data, injury data of fires and explosions)
  • From publicly available sources (e.g. credit rating data, execution and insolvency data, conformity data "ÜA/Übereinstimmung Austria")

You will be informed separately about any further data sources.

To whom do we transmit your data?

Transfer of data to other controllers within the BVS Group

Within the BVS Group, we will principally only transmit general personal data. All other data may be transmitted between BVS Group subsidiaries if more subsidiaries are involved in an order or if a contract has direct relation to a former order of another BVS Group company.

Transfer of data to recipients outside the BVS Group

We will only transmit your personal data to recipients outside the BVS Group based on the respective processing purpose and legal bases, e.g. if you have consented to the transfer, or if it is necessary for the performance of a  contract or for compliance with a legal obligation to which we are subject.

Recipients of personal data are, in particular:

  • Customers, authorities, other project participants and cooperation partners: e.g. data used in the processing of orders.
  • Fire brigades: e.g. data used in the approval of fire control plans.
  • Banks: e.g. data used in payment transactions.
  • "Alpenländischen Kreditorenverband" (AKV): e.g. data used for credit rating and collection orders.
  • Insurances, authorities or courts: e.g. data on injured parties from fires and explosions.
  • Lawyers: e.g. data of the respective legal representation.
  • Tax authority: e.g. data used for the company audit and tax calculation.
  • "Raiffeisenverband Oberösterreich" and other public accountants: e.g. data used in audits of the BVS Group.
  • Newsletter sender: e.g. email addresses of newsletter recipients.

Transfer of data to third countries

We will only transfer personal data to third countries insofar as the customer or one of his partners comes from a third country and if it the data transfer is necessary for the contract performance.

However, it cannot be ruled out that personal data which is published on our website is not retrieved from a third country.

Additional information for our internet presence

As part of our Internet presence, we access services from external providers. These providers process your personal information either as joint controllers with us or as our processors.

Google Analytics

Our websites use features of the web analytics service Google Analytics for the legitimate interest of obtaining statistical information about visits to our websites (e.g., location, language, navigation, length of stay). Provider is Google Ireland Limited, e-mail: support-at@google.com. We have concluded a corresponding data processing agreement with the provider.

Google Analytics uses targeted cookies. For more information on how Google handles user data with Google Analytics, please refer to their privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Google Analytics transfers data to a third country (US). Google has committed to comply with the EU-US Privacy Shield agreement, details can be found at https://support.google.com/analytics/answer/7105316?hl=en.

You can prevent the collection of the data generated by the cookie and related to your use of the website to Google as well as the processing of this data by Google by disclaiming the use of cookies for advertising and statistics (cookie banner).

Google reCaptcha

Our websites use functions of the Google reCaptcha service on input forms (such as the contact form). Provider is Google Ireland Limited, e-mail: support-at@google.com. We have concluded a corresponding data processing agreement with the provider.

The service transmits user data (e.g., IP address, operating system, browser, website visitor behaviour, length of stay) to Google to determine whether the input to our website forms is made by a human or through an automated program. The transfer of the data takes place already before entering our forms. If you are logged in to the browser with a Google Account at this time, Google may merge your data. For more information on how Google handles user data with Google reCaptcha, please refer to their privacy policy: https://www.google.com/intl/en/policies/privacy/.

Facebook fan page

We offer a Facebook fan page https://www.facebook.com/bvs.ooe/ for customer service and marketing for our own purposes based on the legitimate interest in the positive presentation of our company, our services and products to the public and for the purpose of direct marketing pursuant to recital 47 GDPR. The "BVS - Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H." is joint controller according to Art. 26 GDPR with Facebook Ireland Limited, 4 Grand Canal Square, D2 Dublin, Ireland.

When calling the Facebook fan page, Facebook determines the IP address of the user and sets cookies. If you are logged in to the browser with a Facebook account, Facebook can merge your data.

More information on being a joint controller with Facebook and how Facebook handles user data can be found at the Facebook page insights supplement: https://en-gb.facebook.com/legal/terms/page_controller_addendum/.

Which rights do you have?

Right of access and right to rectification

You principally have the right to obtain access and the right to rectification of false data. You have the right of access to the personal data that we process from you. If the data are no longer up to date or incomplete, you can demand from us the rectification of inaccurate personal data. For exceptions and details please see Art. 15 and Art.16 of GDPR.

Right to erasure

You have the right to obtain from us the erasure of your personal data without undue delay insofar as no legal basis for the processing of the data exists, or it has ceased to exist. For exceptions and details please see Art. 17 of GDPR.

Right to restriction of processing

You have the right to obtain from us the restriction of processing of your personal data insofar as you contest the accuracy of your personal data, or the processing is unlawful and you request the restriction of their use instead, or we no longer need the personal data but they are required by you for the establishment, exercise or defence of legal claims, or if you have objected to processing pending the verification whether our legitimate grounds override yours. For exceptions and details please see Art. 18 of GDPR.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us based on your consent or a contract with you. For exceptions and details please see Art. 20 of GDPR.

Right to object

Insofar as we process your personal data based on a legitimate interest, you have the right to object. We shall only process your personal data if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. For exceptions and details please see Art. 21 of GDPR.

Right to withdraw your consent

If you have given us your consent to the processing of your data, you can withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing your personal data before its withdrawal. For exceptions and details please see Art. 7 of GDPR.

Please turn to us directly, if you wish to exercise these rights.

If you are concerned that the processing of your data violates the data protection law or that your claims on data protection are infringed in any other way, you have the right to complain at a supervisory authority. In Austria the data protection supervisory authority is:

Österreichische Datenschutzbehörde

Date of last revision:
October, 15th 2019