Privacy policy

    The experts of the technical department support clients in the field of fire safety design of buildings, cable cars and rail vehicles. They keep an eye on the legal aspects and structural conditions as well as on the cost-benefit ratio.

    If you have any questions about data protection, please contact us:

    IBS – Technisches Büro GmbH
    Petzoldstraße 45, 4020 Linz,, +43 732 7617-450

    For matters concerning data protection of the BVS Group, you may also contact our external data protection officer:

    Mr. Stefan Schiffer
    Leonfeldner Straße 124, 4040 Linz
    E-Mail:, Mobile: +43 699 12547249

    Joint Controllers

    Together with our subsidiaries (BVS Group) we process personal data, whereby each of the subsidiary companies of the BVS Group can be a data controller within the meaning of the European General Data Protection Regulation (GDPR):

    1. BVS – Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H.
      Petzoldstraße 45, 4020 Linz,
    2. BVS-Holding GmbH
      Petzoldstraße 45, 4020 Linz,
    3. IBS – Institut für Brandschutztechnik und Sicherheitsforschung Gesellschaft m.b.H.
      Petzoldstraße 45, 4020 Linz,
    4. IBS – Technisches Büro GmbH
      Petzoldstraße 45, 4020 Linz,
    5. ISC – Institut für Sicherheit und Conformität im Brandschutz Gesellschaft m.b.H.
      Petzoldstraße 45, 4020 Linz,
    6. Oberösterreichische Blitzschutzgesellschaft m.b.H.
      Petzoldstraße 45, 4020 Linz,
    7. IGS – Institut für geprüfte Sicherheit eGen
      Petzoldstraße 45, 4020 Linz,

    Joint controllership of processing activities such as customer management, customer service and own-purpose marketing, event organization, data privacy file and process management, accounting or human resource management allows to determine – in close coordination and cooperation with each company – the purposes and means of processing data, to ensure the efficiency, effectiveness and expediency of the business processes. This increases the confidentiality, integrity, availability and resilience of systems and services by reducing redundancy and by sharing resources. The IT systems and the IT infrastructure that are required for joint processing activities are operated as a shared service.

    The BVS – Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H. is the dominant company of the BVS Group. The other companies are required to implement the data protection frameworks in their division but are still involved in defining the purposes and means of processing for the joint processing activities.

    The BVS – Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H. assures the rights of the data subjects in accordance with Art. 15 to Art. 22 GDPR as well as the information obligations according to Art. 13 and Art. 14 GDPR for all processing activities. It is also the designated contact point for data subjects:

    BVS – Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H.
    Petzoldstraße 45, 4020 Linz, Austria
    e-mail:, phone: +43 732 7617-250

    The right of the data subjects, pursuant to Art. 26 (3) GDPR, to exercise their rights in respect of and against each of the controllers remains unaffected.

    The BVS – Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H. is in charge of the management and maintenance of the records of processing activities, the definition, review and updating of the technical and organisational measures as well as the notification of a personal data breach to the supervisory authority, with corresponding cooperation obligations for the other companies.

    Whose personal data do we process?

    When we process personal data, it means that we collect, record, store, adapt, retrieve, use, transmit, make available or erasure data.

    In the context of our activities, we process personal data of people from outside the BVS Group with whom we are in direct contact or who become known to us within the scope of our business transactions. These are in particular:

    • (Prospective) customers of the BVS Group when they are natural persons; or the contact persons of (prospective) customers when they are legal persons (e.g. companies or authorities).

    Due to our wide-ranging scope of activities, we have (prospective) customers from different fields. In particular they are manufacturers of construction products, planners, construction companies or owners of buildings, contractors of expert opinions on fire and explosion investigations and course and seminar participants.

    • Suppliers of the BVS Group when they are natural persons; or the contact persons of suppliers when they are legal persons.
    • Building project participants who are not customers or suppliers as well as persons involved in the installation and acceptance of fire protection systems (e.g. employees of construction companies and fire protection representatives).
    • Injured parties and other involved parties at fires and explosions that are examined by us.
    • Applicants at one of the BVS Group companies.
    • Visitors to our internet presence.
    What kind of personal data do we process?

    We process personal data provided by you and data which we collect from our business partners during business transactions as well as data we receive from other persons and organisations (such as authorities, insurances, banks and fire services) or data which are taken from publicly accessible sources (like public registers, websites or professional networks) – Details can be found below in section “From where do we receive your personal data?”.

    We basically process only those personal data that are necessary in order to identify natural persons and to be able to communicate with them. These data are:

    • Identification data (e.g. first name, surname, date of birth)
    • Name affixes (e.g. academic degrees, job titles)
    • Contact data (e.g. address, telephone number, email address, website address)
    • Organisation data (e.g. company affiliation, legal form, GLN, VAT number, business purpose)
    • Correspondence with these persons (e.g. emails with appendices)

    In addition, we process personal data in the different BVS Group companies depending on the activity, especially:

    • Payment details (e.g. bank details of customers, speakers and suppliers)
    • Building data and plans of which the owners are natural persons
    • Credit rating data (e.g. enquiries of “AKV-Alpenländischer Kreditorenverband”) in case the (prospective) customer is a natural person (individual company).
    • Injury data of fires and explosions (e.g. damage location, damage amount, cause of the fire) as far as natural persons are concerned
    • Applications and CVs of applicants
    • Usage data gathered when visiting our website: The collection of this information is conducted with technical means supplied by third persons – details can be found below in the section Additional information for our internet presence The evaluation of these data is solely processed in anonymous form.

    Separate information will be provided on all further data categories which are not equivalent to the ones described above.

    What are the purposes and legal bases of processing your data?

    Contract performance and associated legal obligations and legitimate interests

    We process personal data primarily for the contractual handling of the orders of our customers, suppliers or authorities. We only store those personal data that are necessary for us within the context of the contact, data that are subject to legitimate interest or data that we are legally obliged to collect, as well as data which are necessary for us when deciding whether we want to submit or accept an offer.

    General personal data (such as names or contact data) are processed due to legitimate interest for the whole BVS Group (see below).

    Personal data extending beyond these general data shall only be processed in the subsidiary within the BVS Group that maintains the business relation or the public contract. If any of this data shall be transmitted to another subsidiary within the BVS Group, separate information will be provided.

    Legitimate interest

    The jointly processing of general personal data (such as person master data or contact data) for the entire BVS Group shares from the legitimate interest of keeping these data centralised. This avoids double recordings of persons and assures that an update is available to all companies within the BVS Group.

    Some personal data are being processed to enable us to improve our services and offerings or to draw existing customer’s attention to our offers. In any case, we will only process your data if we are convinced that your interests or fundamental rights and freedoms are not overridden by our interests.

    For example, we save the name and contact data of the contact persons of our business partners.

    Customers are informed about specific offers or reminded of the expiration of deadlines (e.g. inspection of fire protection systems, expiry of certificates, refresher courses for fire protection representatives).

    Occasionally, we use the personal data to reconquer or attract customers (direct marketing).

    How long we keep your data?

    We shall store your personal data only until such time that it is required for the purposes of processing, or for the duration of statutory or contractual storage periods or for as long as it can be necessary to establish, exercise or defend legal claims. Separate information will be provided on storage periods for specific processing activities.

    From where do we receive your personal data?

    Data that we do not receive from you directly mainly come from the following sources:

    • From our business partners and other project participants (e.g. identification, contact and organisational data, plans, correspondence)
    • From publicly accessible sources (e.g. credit rating data, execution and insolvency data)

    Separate information will be provided on all other data sources.

    To whom do we transmit your data?

    Transfer of data to other controllers within the BVS Group

    Within the BVS Group, we will principally only transmit general personal data. All other data may be transmitted between BVS Group subsidiaries if more subsidiaries are involved in an order or if a contract has direct relation to a former order of another BVS Group company.

    Transfer of data to recipients outside the BVS Group

    We will only transmit your personal data to recipients outside the BVS Group based on the respective processing purpose and legal bases, e.g. if you have consented to the transfer, or if it is necessary for the performance of a contract or for compliance with a legal obligation to which we are subject.

    Recipients of personal data are, in particular:

    • Customers, authorities, other project participants and cooperation partners: e.g. data used in the processing of orders.
    • Fire brigades: e.g. data used in the approval of fire control plans.
    • Banks: e.g. data used in payment transactions.
    • “Alpenländischen Kreditorenverband” (AKV): e.g. data used for credit rating and collection orders.
    • Insurances, authorities or courts: e.g. data on injured parties from fires and explosions.
    • Lawyers: e.g. data of the respective legal representation.
    • Tax authority: e.g. data used for the company audit and tax calculation.
    • “Raiffeisenverband Oberösterreich” and other public accountants: e.g. data used in audits of the BVS Group.

    Transfer of data to third countries

    We will only transfer personal data to third countries insofar as the customer or one of his partners comes from a third country and if it the data transfer is necessary for the contract performance.

    However, it cannot be ruled out that personal data which is published on our website is not retrieved from a third country.

    Additional information for our internet presence

    Our websites use services from external providers. These providers process your personal data either as our joint controllers or as our processors.


    We do not store any personal data about the usage of our websites and refrain from using Google Analytics and web analysis cookies. Instead, we use the privacy-friendly web analysis tool Matomo to collect anonymous statistics on visits to our websites (e.g. on language, navigation, length of stay).

    In addition, we waive all cookies that are not needed to provide visitors with our websites and services (e.g. the webshop). Consent does not have to be obtained for technically and functionally necessary cookies (Art. 165(3) of the Austrian Telecommunication Act (Telekommunikationsgesetz) of 2021), which is why our websites do not display cookie banners.

    Google maps

    For the presentation of our locations and other geographical information, we use the online mapping service Google Maps after having obtained your express consent for this in accordance with Art. 49(1)(a) of GDPR. By giving your consent, you agree to having your user data (IP address, tracking ID, etc.) processed in the USA or other insecure third countries where no adequate protection of your data currently exists. There is a risk that your data will be processed for control and monitoring purposes without any means of redress.

    You can revoke your consent at any time by deleting the browser data of the respective BVS Group website. The revocation of consent shall not affect the lawfulness of the processing carried out up to that point.

    Facebook fan page

    We operate a fan page on Facebook at for customer support and marketing, which serves our own purposes out of a legitimate interest in the positive presentation of our company, services and products to the public and for the purpose of direct marketing in accordance with Art. 47 of GDPR. BVS – Brandverhütungsstelle für Oberösterreich registrierte Genossenschaft m.b.H. is thereby a joint controller pursuant to Art. 26 of GDPR together with Facebook Ireland Limited, 4 Grand Canal Square, D2 Dublin, Ireland.

    When the Facebook fan page is accessed, Facebook determines the user’s IP address and sets cookies. If you are logged into the browser with a Facebook account, Facebook may merge your data.

    For more information on shared accountability with Facebook and how we handle user data, see Facebook’s Page Controller Addendum:

    Which rights do you have?

    Right of access and right to rectification

    You principally have the right to obtain access and the right to rectification of false data. You have the right of access to the personal data that we process from you. If the data are no longer up to date or incomplete, you can demand from us the rectification of inaccurate personal data. For exceptions and details please see Art. 15 and Art.16 of GDPR.

    Right to erasure

    You have the right to obtain from us the erasure of your personal data without undue delay insofar as no legal basis for the processing of the data exists, or it has ceased to exist. For exceptions and details please see Art. 17 of GDPR.

    Right to restriction of processing

    You have the right to obtain from us the restriction of processing of your personal data insofar as you contest the accuracy of your personal data, or the processing is unlawful and you request the restriction of their use instead, or we no longer need the personal data but they are required by you for the establishment, exercise or defence of legal claims, or if you have objected to processing pending the verification whether our legitimate grounds override yours. For exceptions and details please see Art. 18 of GDPR.

    Right to data portability

    You have the right to receive the personal data concerning you, which you have provided to us based on your consent or a contract with you. For exceptions and details please see Art. 20 of GDPR.

    Right to object

    Insofar as we process your personal data based on a legitimate interest, you have the right to object. We shall only process your personal data if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. For exceptions and details please see Art. 21 of GDPR.

    Right to withdraw your consent

    If you have given us your consent to the processing of your data, you can withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing your personal data before its withdrawal. For exceptions and details please see Art. 7 of GDPR.

    Please turn to us directly, if you wish to exercise these rights.

    If you are concerned that the processing of your data violates the data protection law or that your claims on data protection are infringed in any other way, you have the right to complain at a supervisory authority. In Austria the data protection supervisory authority is: Österreichische Datenschutzbehörde

    Status: 23rd March 2022