LG Feldkirch - 57 Cg 30/19b - 15

From GDPRhub
Revision as of 10:23, 10 March 2020 by MB (talk | contribs)
LG Feldkirch - 57 Cg 30/19b - 15
CourtsAT.png
Court: LG Feldkirch (Austria)
Country: Austria
Relevant Law:

Article 9(1) GDPR

Article 82 GDPR

Decided: 7. 8. 2019
Published: n/a
Parties: Österreichische Post AG
National Case Number: 57 Cg 30/19b - 15
European Case Law Identifier: n/a
Appeal: https://gdprhub.eu/index.php?title=OLG_-_1_R_182/19b
Language: German
Original Source: Addendum (in DE)

Austrian Regional Court ("LG Feldkirch") finds that generating information about political affiliation by the Austrian Postal service without a legal basis under Article 9 GDPR gives raise to € 800 in non-material damages under Article 82 GDPR.

English Summary

Facts

The Austrian postal service ("Österreichische Post AG", a private stock company, of which 52,9% is owned by the Republic of Austria) also sells data for direct marketing purposes ("list brokerage"). These lists include names and addresses and other factors that are largely generated using other public information and predictive models. The postal service also sold data that included a likeliness of the political affiliation (similar to: 45% social-democratic, 20% conservative, 5% Green Party). This was mainly intended for postal mailings by said political parties. The data was generated using public information about voting behavior in each voting district in Austria, aga and alike and was sold publicly.

The postal service mainly relied on § 151 of the Austrian Business Code of 1994 ("Gewerbeordnung 1994", GewO) that regulates address brokers. The national law does not differentiate between different types of data, but limits the use solely to marketing purposes.

The postal service took the view that predictions about the political affiliation of a data subject does not itself constitute "special categories of data" under Article 9 GDPR.

A data subject (Dr. Christian Wirthensohn, a privacy lawyer) made an access request, receiving a copy of his alleged political affiliations (a percentage per political party). He sued the postal service for € 2.500 in emotional damages for a number of alleged violations (illegal processing of data, lack of data minimization, delayed access to data, lack of information).

Dispute

What is the relationship between national laws (like § 151 GewO) and GDPR?

Is a prediction of a political affiliation a "special category of data" under Article 9(1) GDPR?

How much are the damages under Article 82 GDPR in this case?

Holding

The Court found a violation of the GDPR, as the data falls under Article 9 GDPR and awarded € 800 in emotional damages. The Austrian Business Code cannot override Article 9 GDPR. There are no rules on the calculation of damages in GDPR, so it is a matter of the Court's discretion to assess the amount. No violation of the principled of data minimization. There is no emotional damages in delayed access to data or a lack of information, therefore the additional € 1.700 were not granted.

Comment

This decision of the LG Feldkirch was later overruled by the OLG Innsbruck, which rejected the data subject's claim (https://gdprhub.eu/index.php?title=OLG_-_1_R_182/19b)

Further Resources

Share blogs or news articles here!

See also

The Austrian DPA has issues a similar decision against the postal service and issued a € 18 Mio fine - see DSB - Austrian Postal Service.

English Machine Translation of the Decision

The decision below is a machine translation of the original. Please refer to the German original for more details.

REPUBLIC AUSTRIA
REGIONAL COURT FELDKIRCH
 
57 Cg 30/19b -15
(Please state in all entries)

Schillerstraße 1
6800 Feldkirch

Phone: +43 5 76014 343 044, FAX 092
 

IN THE NAME OF THE REPUBLIC

The Landesgericht Feldkirch (Regional Court, Feldkirch), through the judge Sandra Ladnerin, has awarded the case of the plaintiff MMag. Dr. Christian Wirthensohn, resident in
represented by Thumher Wittwer Pfefferkorn & Partner Rechtsanwälte GmbH in 6850 Dornbirn, against the defendant Österreichische Post Aktiengesellschaft, 1030 Vienna, Rochusplatz 1, represented by WOLF THEISS Rechtsanwälte GmbH & Co KG in 1010 Vienna, on account of EUR 2,500.00 s. A. after public and oral proceedings


1. decided:

The application of the defendant party for interruption of the proceedings until the administrative proceedings initiated by the data protection authority with transaction number DSB-D213.747/0002-DSB/2019 have been finally settled is dismissed".


II. rightly recognized:

1. the deplored party is owed to pay the plaintiff within 14 days EUR 800,-- including 4 % interest since 02.03.2019.
2. the additional request of contents, the deplored party is owed to pay the plaintiff further EUR 1,700, - including 4 % interest since 02.03.2019, is rejected.
(3) The plaintiff owes to the defendant to reimburse to the defendant the costs of the proceedings determined at EUR 440.11 (including EUR 82.97 to 20% VAT) for the attention of the defendant's representatives.





 
REASONS FOR THE DECISION:
With the complaint filed on 29.03.2019 at the Feldkirch Regional Court, the plaintiff requested EUR 2,500.00 including 4% interest since 02.03.2019 and, in summary, submitted that on 19.07.2018 he had requested the defendant party to provide information on the personal data concerning him processed by the defendant party. This request had been served on the defendant at its business address entered in the commercial register on 20 July 2018. The defendant party was late in fulfilling its duty to provide information (Art. 12 para. 3, Art. 4 item 7 DSGVO) - the defendant party had to be held responsible for the apparently omitted forwarding of the request for information by its employees; in any case, the exercise of the right could not be made more difficult - and had only imperfectly complied with it. In the proceedings before the data protection authority, the defendant party had in any case admitted that the original information had been incomplete. Even the supplement to this information could not change this incompleteness.
The defendant party processed information about the plaintiff's alleged party-political preferences, i.e. data of special categories, without a legal basis and without consent (Art.
9 DSGVO, § 151 (4) GewO).  These are - irrespective of the type of Data collection - personal data, because a personal reference is established. Also the statement that someone has a low affinity to a party is naturally a statement about the political opinion. The defendant party used his data for a lively, cross-border address trade. The DSGVO took precedence over the GewO.
The defendant party had also violated its information obligations under Article 14 OSGVO because it had not informed him about the data processing. In any case, the provision of information on the homepage was not sufficient.
Furthermore, the defendant party processed the plaintiff's data, in particular residential addresses, which were no longer current but 15 years old, as well as details of 118 items delivered in the last three years (including sender, item number, recipient data, pictures), for which there was no legitimate purpose and which constituted a violation of the principle of data minimisation (Art. 5 para. 1 lit c DSGVO). The accuracy and timeliness of the plaintiff's data (address data) had not been verified for years, which is why the defendant infringed the principle of data accuracy (Art. 5 para. 1 lit d DSGVO). The defendant also infringed the principle of storage limitation, because it stored data for several years until
90th birthday of the respective person and therefore does not provide for an appropriate storage period (Art. 5 para. 1 lit e DSGVO).
The defendant is engaged in unlawful profiling (automated processing, storage and retrieval personal data to evaluate personal aspects) by performing statistical calculations on affinities (bioaffin, investment affin, non-donation affin, distance selling affin, relocation affin). There is no justification. A "decision" is not important here, as long as there is a comparable impairment.
The defendant stores the data in a publicly accessible database, which is why it has made its data publicly accessible without legal grounds. It had passed on its unlawfully processed data to an unrestrictable group of recipients, i.e. third parties, even without a legal basis, some of whom had passed on the data again.
At no time did he give his consent or consent to data processing.
He is entitled to non-material damages, with a reversal of the burden of proof with regard to culpa in contrahendo. He was inconvenienced by the unlawful and careless handling of his data by the defendant. In particular, he was prevented from checking his data and irretrievably lost control over his data. In determining the amount of damages, it should be borne in mind in particular that the defendant had infringed several provisions over a longer period of time, this relating to particularly protected data, and had not passed them on in a delimitable manner.
In this case, complaints had also been lodged with the data protection authority. The first, due to delay, had been discontinued informally, the second, due to deficiencies in content, was still pending. The data protection authority had also initiated an official examination procedure because of the storage of data on political affinities by the defendant party.
The defendant contested, filed a motion for dismissal and, in summary, submitted that the petition was undecided. There was no compensable damage, no causal causation and no unlawful and culpable conduct.
The implementation of provisions under data protection law did not in itself constitute damage. A certain weight must be attached to impairments (materiality threshold) in order for it to be possible to speak of immaterial damage. Only damages actually incurred were to be compensated, not exemplary damages or punitive damages. The penalty component was already covered by fines. The damages sought were excessive and disproportionate, even if immaterial damages were affirmed.
 
There had been no delay in providing information. The plaintiff's request for the provision of information had not been received by the responsible department of the defendant party set up specifically for data protection. The defendant had reacted immediately to the initiation of the complaint procedure with the data protection authority, which is why it had also been discontinued.
With regard to the alleged incompleteness of the provision of information, which was disputed, one case was still pending before the data protection authority. The information could be obtained up to the end of the appeal proceedings as to what had happened. The plaintiff did not claim the extent to which there was still an incompleteness.
The defendant party had a trade licence as an "address publisher and direct marketing company" in accordance with § 151 GewO. It creates - legally and legally compliant
- on the basis of anonymous opinion polls and publicly available information, statistical projections concerning the probability of party interests of certain persons and assign them to a certain marketing group (possible target group for election advertising of a certain political party), which does not meet the criterion of personal data in conceptual terms. There is a lack of personal reference, i.e. of information about a specific person. It is only a general, probability-based average statement. The statement was not accessible to the right of rectification provided for in the DSGVO because the allocation value was derived mathematically correctly. This is another reason why it is not personal data. In any case, it was not sensitive data within the meaning of M 9 (1) DSGVO because it did not contain a direct statement about the concrete political opinion of the plaintiff, which was based on the actual conduct of the person concerned, nor did it contain an indirect statement. Moreover, it is a neutral non-statement, because the plaintiff was not assigned to certain marketing groups.
Since it is not personal data, the information obligations under Article 14 DSGVO are not relevant either. An obligation to provide information was also ruled out because of the disproportionate effort involved. Separate information could be omitted in the case of data purchased from third parties. In the course of data collection in 2013, the defendant party voluntarily provided information anyway. Its data protection declaration, which is available on its company website, also contains detailed - permissibly general - information.	Due to his online account, the plaintiff had been aware of this privacy statement at least since June 2011.
The storage of previous residential addresses - with the note "moved" - is necessary in order to enable companies to remain in contact with moved customers without lengthy and expensive research.
 
In any case, documentation on mailings is necessary and permissible for the duration of the short 3-year limitation period, for example to defend against legal claims against the defendant, but also to track deliveries.
The data stored by the defendant party were all correct. This applies in particular also to former living addresses of the plaintiff, which were provided with the note "moved". It already follows from this that the defendant party takes appropriate measures to check that the information is correct and up to date.
Also a offence against the memory delimitation is not to be blamed on the deplored party. It processes data only as long as it is needed for marketing purposes. In this respect, the DSGVO, which compensates for this circumstance by rights of data subjects (right of revocation and right of objection), does not provide for a time limit.
There was also no infringement of the ban on profiling. The affinities were not personal data. Profiling is not prohibited per se, but only certain decisions with legal effect that are based on it and have a detrimental effect on qualifications. This is not the case with individualised advertising and the attribution of marketing classifications. The plaintiff did not even claim such a "decision".
All transmissions and disclosures by the defendant were lawful. It was also not at all recognizable! which data should have been unlawfully transmitted.
The defendant was not at fault. Whether the data set "party affinity" constituted a data category according to Art. 9 DSGVO was not yet conclusively clarified legally. The defendant, as the average subject of the norm, may also assume that
§ 151 GewO is not superseded by the DSGVO. Any error of law was therefore excusable.
The plaintiff's exercise of rights was abusive because he claimed a loss of control without having exercised his rights (objection to the processing, restriction of the processing, deletion of the data).
Evidence was admitted and recorded by:

Inspection of the documents submitted by the parties, namely application for information of the plaintiff of 19.07.2018 together with enclosures (Supplement ./A), proof of delivery (Supplement ./B), complaint of the plaintiff to the data protection authority of 03.09.2018 together with enclosures (Supplement ./C), Respondent's Response of 03.10.2018 (Supplement ./D), Data Protection Authority's Notice of 05.10.2018 (Supplement .JE), Respondent's Statement to Data Protection Authority of 03.10.2018 (Supplement ./F), Respondent's Notice and Complaint of 03.10.2018 (Supplement ./F), Respondent's Notice and Complaint of the applicant to the Data Protection Authority dated 26.10.2018 (Supplement .IG), Notification from the Data Protection Authority dated 31.10.2018 (Supplement ./H), Supplement to the Respondent's Information dated 04.12.2018 (Supplement ./1), Notification from the Data Protection Authority dated 12.12.2018 (Supplement ./J), Response from the Respondent to the Data Protection Authority dated 04.12.2018 (Supplement ./K), Statement of the Plaintiff to the Data Protection Authority dated 19.12.2018 (Supplement ./L), Notification of the Data Protection Authority dated 07.05.2019 (Supplement .IM), Press Release of the Data Protection Authority dated 12.02.2019 (Supplement .IN), Letter of Formal Notice from the Plaintiff's Representative dated 01.03.2019 (Supplement ./0), letter of the representative of the defendant party of 21.03.2019 (Supplement .IP), information ESW Software Warda KG (GmbH & Co) of 29.10.2018 (Supplement .IQ), complaint data protection authority of 16.11.2018 (Supplement ./R), decision data protection authority of 18.03.2019 (Supplement ./S), e-mail data protection authority of 05.03.2019 (Supplement .IT), Article Zeit Online of 26.05.2014 (Supplement ./U), Activity Report 2018 of the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (Excerpt) (Supplement .N), Guidelines of the Art 29 Group on Automated Decisions in Individual Cases including Profiling - WP251riv.01 (Supplement JW), Letter of the Defendant dated 07.08.2012 and 22.07.2013 (Supplement ./X), E-Mail dated 02.08.2012 (Supplement .N), E-Mail dated 25.06.2014 (Supplement ./2), E-Mail dated 13.06.2011 (Supplement ./AA), Trade Licence of the Defendant for Trade and Industry "Adressenverlag und Direktmarketinguntemehmen" (Supplement ./1), data protection information of the Austrian Post AG (Supplement ./2), screenshot homepage www.post.at (Supplement ./3), Inspection of the decision of the data protection authority of 11.02.2019 on business number DSB-D213.747/0002-DSB/2019 (Supplement ./1), Interrogation of the plaintiff as a party (AS 103 to AS 107).

The defendant was not questioned (AS 108).

The examination of the witness offered by the defendant party was not necessary. This in particular because the facts in the evidence of which the witness was offered were essentially not substantiated by the plaintiff anyway, which is why they could be used as the basis for the findings on the basis of the defendant's submissions. To the extent that the witness was offered on legal questions or facts that were not essential to the decision, her examination was dispensable anyway.
An "inspection of the plaintiff's account - also requested by the defendant - was to be refrained from on the basis of factual and authentic considerations.
 
On the basis of the evidence evidence gathered, the following facts are considered as proven firm:

Since 03.04.2001, the defendant party has had a trade licence as an "address publishing house and direct marketing company" pursuant to § 151 GewO (undisputedly AS 9, AS 24; Supplement ./1). Since then it has been conducting address trading in the course of this trade, selling both target group addresses which it has purchased and received from other address traders and data which it has collected itself (S 3, S 6 in Supplement ./1; not substantiated contested AS 69).
The defendant party stores data of several million people (not substantiated contested AS 68).
The Defendant conducted anonymous opinion polls, anonymously asking for social demographic criteria such as gender, age, place of residence, type of residence (single-family home, town house, etc.), formal education, etc., as well as the interest of political parties in election advertising among interviewees. On the basis of these criteria, the defendant party formed marketing groups, which usually consisted of several hundred people or more per group, but at least ten people per group. For these marketing groups, the defendant party then calculated average probabilities in the form of percentages. On the basis of these, the defendant in turn developed an algorithm for calculating, among other things, the probability with which persons with certain social-demographic characteristics could have advertising interests in certain Pontic parties in certain regions. The defendant described the result of these calculations (marketing analysis procedure) as "party affinities" of the respective marketing group. In the same way, the defendant party encouraged probability values to bioaffinities, investment affinities, donation affinities, distance selling affinities, life phases, etc. of marketing groups. The defendant party finally assigned individuals to the marketing groups and thus to the "party affinities" and other affinities calculated by it on the basis of their regional and social-demographic characteristics (not substantiated contested AS 55 f; S 3 f, S 7 in Supplement ./1; S 3 in Supplement ./D).
With regard to the plaintiff, the defendant party has identified the following "party affinities" and other affinities using the marketing analysis procedures described above and stored them in the category "marketing data" relating to the plaintiff (S 3 in Supplement ./D):

These 'party affinities' and other affinities of the plaintiff were not transferred by the defendant to third parties (not substantiated contested AS 94, AS 96; PV plaintiff AS 107).
The plaintiff has provided the defendant with a statement of claim in connection with a move in 2012.
 
Have a forwarding order set up (PV Plaintiff AS 104).

The defendant party offers the so-called "ADRESS-CHECK-Service" to companies. This service enables companies to match their customer data with the relocation data stored by the defendant and thus to find out the new address of moved customers. This allows companies to stay in touch with their relocated customers without lengthy and expensive investigations. Because moving persons often do not inform all companies with which they are or were in contact of their new address, it often happens that after a move, even after a long time, mail is sent to an old, no longer current address. In order to be able to announce the new address to as many companies as possible and to avoid undeliverable items, the defendant stores the former residential addresses of persons who have not objected to the use of data for marketing purposes of third parties for several years (AS 71 is not substantiated).
The defendant shall store the following address data of the plaintiff, which it has also passed on to third parties (AS 96, AS 71; S 2 in Supplement ./1):

The plaintiff has not lived at one of the aforementioned earlier addresses of the plaintiff for almost 15 years (AS 89 is not substantiated).
The plaintiff sends and receives mail of any kind via the postal and parcel delivery service of the defendant party (PV Kläger AS 103). In connection with its delivery service ("logistics" area), the defendant is regularly confronted with inquiries from customers or other persons regarding the traceability of past shipments (AS 72 is not substantiated). The defendant shall store consignment information (parcel logistics) for up to three years (Supplement ./1, in particular page 4; not substanziie.rt disputed AS 71 f). With regard to the plaintiff, the defendant party stores "parcel logistics data" for 118 shipments from October 2016 to November 2018 with the shipment number, transport period, recipient and sender (enclosures ./1 and ./K).
The defendant also operates an online service with which the plaintiff registered with the e-mail address on 13.06.2011 (S 10 in Supplement ./D). This service can be used, for example, to track the transmission of a parcel or to change a delivery option (PV Kläger AS 103 f).
By registered letter dated 19.07.2018, the plaintiff addressed a request for information to the defendant party at the address "Rochusplatz 1, 1030 Vienna", in which he requested information as to whether and if so which personal data concerning him were being processed by the defendant party. At the same time, he requested disclosure of the processing purposes and legal basis for the processing, the recipients to whom disclosures were and are made, as well as the storage period and origin of the data (Supplement ./A). This request for information was received by the defendant party on 20.07.2018 (Supplement ./8). Since the defendant party initially did not respond to the plaintiff's request for information, the plaintiff lodged a complaint against the defendant party on 3 September 2018 with the data protection authority (Supplement ./C) on the grounds that the information had not been provided, which forwarded it to the defendant party for comment (Supplement ./E).
The address "Rochusplatz 1, 1030 Vienna" is the general address of the defendant entered in the commercial register. The defendant party has a special and separate contact option for questions or enquiries regarding data protection at the following address
"Bahnsteggasse 17-23, 1210 Vienna". This special contact possibility can also be reached via the e-mail address "kundenservice@post.at" and the telephone number "0800 010 100" (not substantiated denied AS 66 f; supplement ./2). Since the plaintiff's request for information of 9 July 2018 was addressed to the general address of the defendant party and there were delays in the internal forwarding of this request to the internal competent authority of the defendant party, the internal competent authority of the defendant party for data protection matters was only informed by the data protection authority of the plaintiff's complaint on 25 July 2018.09.2018 Knowledge of the request for information of 09.07.2018 (not substantiated disputed AS 67; last S in Supplement ./F).
 
On 03.10.2018, the defendant party provided the plaintiff with information with reference to his request for information, in which it informed him, among other things, that it had summarized data concerning him, in particular for logistics (delivery of items such as letters and parcels), marketing purposes and the address publisher.   The information contained the H' evidence that the plaintiff was under may, under certain conditions, request the limitation of the processing and the deletion of his personal data or object to the processing (Supplement ./D). The defendant submitted a data sheet containing the "marketing data" of the plaintiff stored by the defendant with two data sets, a data sheet containing the plaintiff's "ProfileAddress" data set stored by the defendant, a data sheet containing the plaintiff's "personal address data" (letter logistics) stored by the defendant with four data sets and a data sheet containing the plaintiff's "online service master data" stored by the defendant. In addition, the defendant informed the plaintiff that it had sent relocation information concerning him, namely salutation, title, first name, surname, date of birth, old and new address and the date of the relocation, to seven companies specified in the information. In this context, the Defendant advised the Plaintiff that if the Plaintiff objects to the continued use of the data for marketing purposes, the Defendant will notify those companies of the revocation. The defendant also informed the plaintiff about the legal basis of its data processing, the storage period and purpose of the processing as well as about the companies acting as contract processors for the defendant (Supplement ./D).
As a result of this information, the plaintiff's complaint proceedings for failure to provide the information - with the plaintiff's consent - for subsequent elimination of the infringement were closed informally by the data protection authority (Supplements ./E, ./F, .IG and ./H).
On 26 October 2018, the plaintiff filed a further complaint with the data protection authority, which he justified by stating that the information provided by the beldagten party was incomplete for several reasons and therefore deficient in content (Supplement .IG). The data protection authority also forwarded this complaint to the respondent for comment (Supplement ./J). On 4 December 2018, the defendant party then sent the plaintiff further information, namely a completed data sheet "Personal Address Data" (letter logistics) concerning the plaintiff with four data records, a data sheet on data stored by it on the "Customer Satisfaction Survey on PostApp" as well as a data sheet on the plaintiff concerning the "Parcel Logistics Database", from which it can be seen that the plaintiff received 118 items as recipients. At the same time, the shipment information of these 118 items in detail (consignment number, transport period, consignee, sender). All of the 118 stored items related to items between October 2016 and November 2018 (enclosures ./1 and ./K). At the same time, the defendant submitted a statement to the data protection authority (Supplement ./K) on 04.12.2018. The data protection authority has not yet decided on the plaintiff's complaint regarding alleged deficiencies in the content of the information (Supplement .IM).

Since May 2018, "www.post.at" has been available on the website of the defendant party under the heading "Privacy".
"Legal Notices", subcategory "Legal Notices/Data Protection Notices", the data protection declaration of the defendant party in the version "May 2018" can be accessed via a direct link, which contains extracts of the following content (not substantiated contested AS 69 f; Supplements ./2 and ./3):

Questions or inquiries regarding data protection:
If you have any questions or queries regarding data protection, please contact Post-KundenseNice at :
- kundenseNice@post.at (mailto: kundenseNice@post.at),
- 0800 010 100 or
- Austrian Post AG, Post-KundenseNice, Bahnsteggasse 17-23,1210 Vienna
Privacy policy of Österreichische Post AG
Status: May 2018
1. who is fiJr responsible for handling your data?
1.1 Austrian Post AG, Rochusplatz 1, 1030 Vienna ("Post", "we", "us") is responsible for adequately protecting your personal data. Swiss Post therefore complies with all legal provisions relating to the protection, lawful handling and confidentiality of personal data and data security.
1.2 We process your personal data in accordance with the provisions of data protection law, in particular the Basic Data Protection Ordinance (DSGVO), the Data Protection Act (DSG), the special provisions of the Postal Market Act and all other relevant laws.
1.3 In this data protection declaration we inform you why and in what form we process your data, when you visit our website, subscribe to our newsletter, if you are our Interest-Customer or if you are our supplier or business partner.
2 What is Swiss Post's interest in your data and for what reason and for what purpose may Swiss Post process it?
2.1 Performance of contract and implementation of pre-contractual measures: We use your personal data in accordance with Art. 6 Para. 1 lit b DSGVO
- for the provision of postal services (letter and postal dispatch or delivery), for example when you send a parcel
- for payments of pensions, unemployment benefits
- for logistics services, e.g. transport of goods
- for ongoing customer support and processing of your enquiries, e.g. if you contact us with a question
- for financial services
- for communication and information technology services in automatic data processing and information technology, e.g. when using our homepage or data processing in our distribution centres for letter and parcel delivery)
- for the administration of master data and contract data, e.g. if you have a user account, a mailbox with us or are a postal partner
- for the execution of contracts, e.g.: for forwarding orders or storage permits, for postal orders, for parcel stamps, for e-mails or for lotteries
- for the provision of printing services (e.g. postcard app, post-web printing, photo processing)
- for order processing iZm philately products, e.g. stamp subscriptions, My Stamp
- For real estate sales (for example, when renting or selling real estate)
- for vehicle marketing
Within the scope of the aforementioned purposes, we process your personal master data, address data (e.g. for the provision of postal services), contact data (e.g. e-mail address, telephone number), payment data, shipment data, usage data, document content data, identification data (e.g. ID card data, company register number, KSV number, UJD number), image data.
The conclusion and fulfilment of the respective contract are only possible if we can process your personal data. If you do not provide us with the necessary data, no contract can be concluded.
2.2 Your data may also be processed in the interest of the postal service or elne[s] third parties.
This data processing takes place in accordance with Art. 6 Para. 1 fit f DSGVO
- for the provision of postal services including investigation and handling of claims (letter and postal dispatch or delivery), for example when we deliver a parcel to you. For this purpose, we process the personal data we receive from the sender.
- to compile statistics for the development of new tariffs, processing offers and applications, contract administration and provision of services, event management
- customer service incl. inquiry/complaint management
- to the Ueferanten administration
- for accounting and bookkeeping purposes
- to ensure the protection of property and responsibility through video surveillance
- for visitors and access management
- for Training and Event Management
- for the acquisition of subsidies
- for a sustainable environmental and waste management system and for the implementation of the sustainability strategy
- for marketing purposes: The use of your data for marketing purposes may also represent a legitimate interest. Such use of your data by Swiss Post can occur if you have a customer relationship with us, for example, because you have a user account with Swiss Post or use services such as mail forwarding, mailboxes or storage permits. In this case, it is miJg/ich that we use your data for market research such as satisfaction surveys and studies on services provided and for consultation, as well as for direct marketing, provided that the respective use of data can be regarded as processing serving a legitimate interest as a result of a weighing of interests.
Otherwise we will use your data for these purposes only with your separate and at any time revocable consent.
- Use of your data for marketing purposes of third parties in the context of § 151 GewO (activity as address publisher and direct marketing company). Swiss Post aims to support advertising companies in their active and targeted customer communication. The data used for this purpose (name, gender, title, academic degree, address, date of birth, professional, industry or business name and affiliation with the customer and interest file from which we obtained your data) will be collected by Swiss Post itself from the persons concerned, for example in the lottery. You will be informed in writing when you enter your data that the use of the data for marketing purposes of third parties is intended. You have to contradict the possibility of this data use with this collection, in addition, at each later time. You can find more information on the objection here. However, the data can also be purchased from other address publishers and direct marketing companies. In this case, you have been informed by the suppliers of these address publishers about the planned use of the data.
The names and addresses determined in this way can then be forwarded to advertising companies for advertising mailings by post or for other marketing purposes. The data can also be used for analyses and evaluations. In order to improve customer communication, data can be evaluated using marketing analysis procedures and merged with other data. Characteristics used for this purpose are determined with the help of publicly accessible information, such as the regional statistical grids of Statistik Austria (non-personal), surveys of those affected similar to the surveys used to create voter flow analyses and projections. The lawfulness of the processing of these data is permanently checked and ensured according to the high legal standards.
- for the purpose of "compliance". This means conformity with legal and other requirements, such as ESt- and social security deductions, recording/reporting obligations, audits, conformity with checks by government/authorities, a "good governance reaction to legal processes, pursuit of legal rights/relief, defence in legal disputes, administration of internal inquiries/complaints/claims, investigations and conforming behaviour with strategies and procedures, fulfilment of a confidence-building communication policy as well as of educational and information needs. Special categories of personal data (in particular data relevant to criminal law) may also be processed in accordance with Art. 9 DSGVO. In doing so, we observe all special provisions prescribed by law for their processing.
- for the planning, implementation and documentation of internal auditing measures and forensic analyses to ensure continuous improvement of our business processes and fulfilment of regulatory obligations, and for investigations for the purpose of clarification and prevention in the event of suspected criminal conduct against Swiss Post. Special categories of personal data (such as data relevant to criminal law in particular) may also be processed in accordance with Art. 9 DSGVO. In doing so, we observe all special provisions prescribed by law for their processing.
- for the processing of claims and insurance claims. Special categories of personal data (such as in particular health data, data relevant to criminal law) may also be processed in accordance with Art. 9 DSGVO. In doing so, we observe all special provisions prescribed by law for their processing.
- The following services are provided: IT security and IT operation, performance of load tests, development of new products and systems, adaptation of existing products and systems, migration of data to ensure the sustainability and integrity of the systems and thus also of the processed data in the broader sense. The personal data are mainly used for tests, if this cannot be done with justifiable economic effort on the basis of anonymous data. Data security in accordance with Art 32 DSGVO is of course guaranteed throughout.
In addition to the aforementioned personal data, we process your personal master data, address data (e.g. when providing postal services), contact data (e.g. e-mail address, telephone number), payment data, consignment data, document content data, identification data, complaint contents/queries in the context of an enquiry/complaint, image and sound data (e.g. video, image or telephone recordings).
2.3 Fulfilment of legal obligations: Swiss Post also has legal obligations, e.g. the Postal Market Act, the Delivery Act, regulatory requirements, documentation obligations, as well as corporate and capital market law, tax law or corporate law requirements, and auditing and Reporting obligations. To enable us to fulfil these obligations, we process your personal data in accordance with Art. 6 para. 1 lit c DSGVO exclusively to the extent required by the respective law.
2.4 Consent: We will obtain your consent in accordance with Art. 6 para. 1 lit a DSGVO, unless one of the justifications described in points 2.1 to 2.3 above applies. We will of course fully comply with any additional regulations (including the Telecommunications Act). Your voluntary consent, which may be revoked at any time with effect for the future, is required by Swiss Post primarily for the following purposes:
- Post Account: If you have registered for a Post Account with Swiss Post's online services, we process the following data categories: Personal master data, address data, contact data and, in the event of identification, the necessary identification data.
- Marketing purposes such as electronic mailings such as e-mail, SMS, messages in the mail customer portals and mobile data applications, via social networks and making contact by telephone. On the basis of your consent, Swiss Post may send you marketing information about events and suggestions for products and services from Swiss Post's range of services via these channels.
- Tracking user behaviour on the websites and in Swiss Post apps if you use them. Further information on cookies can be found below under point 9 Legal Notice and Cookie Information for Websites.
2.5 Before Swiss Post processes your data for purposes other than those set out in this document, we will inform you separately in addition.
3. to whom may your data be passed on?
3.1 Data transmission within the Post Group of Companies: We may pass on individual data processing operations to specialised divisions or companies within our Group of Companies. This is done so that Swiss Post can process your customer data better, e.g. for internal administrative purposes.
3.2 External service providers: We comply with legal and contractual obligations. In our society based on the division of labour, the necessary data processing is often carried out by specialised companies, so-called service providers (contract processors). These companies are able to provide such services in a cost-effective and high-quality manner. Therefore, we transmit your personal data to these companies to the extent necessary for the respective service provision.	Such services include, for example, data storage in secure computer centres, printing of invoices and advertising letters, postcards, photos and the digitalisation of contracts or invoices (creation of a digital image that cannot be changed).	Our contract processors include IT service providers, print service providers, customer service providers, contract managers, market research institutes, marketing companies and advertising agencies.
3.3 Courts and authorities: There are also legal obligations which Swiss Post can only fulfil if it transfers your personal data to authorities (such as social security institutions, financial authorities or law enforcement agencies, supervisory authorities, customs authorities) or courts to the extent necessary.
3.4 Other recipients: Within the framework of the contractual relationship and in particular in connection with our obligation to perform, your personal data may - depending on the individual case - be transmitted further (such as other postal service providers (e.g. UPU, /PC), freight forwarders, doctors, hospitals, insurance companies and brokers, experts, consultants, lawyers, interest groups, address publishers and direct marketing companies, banks and investment companies, insurance companies, auditors, consultants, FiJrderste/len, shareholders, investors). Under certain circumstances, your data may also be passed on to advertising companies. These are for example enterprises such as trading companies or associations, which want to address consumers.
4. may your data also be passed on to another country (including outside the EU)?
4.1 Yes, if an adequate level of data protection has been confirmed by the European Commission to this third country or if other appropriate data protection safeguards are in place (e.g. binding internal company data protection rules or EU standard data protection clauses).
4.2 In special cases, the transfer to a third country may also take place with your express consent, provided that we have informed you about the possible risks of the intended transfer and the lack of appropriate data protection safeguards (point 4.1).
5 How long will your data be stored?
5.1 As soon as Swiss Post no longer needs your personal data for the purposes described above, it will store them as long as no further statutory retention periods apply.
5.2 The statutory limitation period under the General Civil Code is between three and thirty years. During this period, claims may be asserted against Swiss Post. As long as it is necessary, depending on the possible claim, we may retain your personal data required for this purpose.
5.3 Due to corporate law requirements (e.g. Federal Tax Code, Corporate Code), your contract data must be stored for at least seven years after the end of the contract.
6 Which rights do you have?
6.1 If you wish, we can provide you with information about all your personal data that we process at any time. In addition, in some cases you also have the right to data portability and thus to have your personal data disclosed to us published in a structured, common and machine-readable format.
6.2 Under certain circumstances, you may request that your personal data be limited in its processing, corrected or updated, or you may object to such processing.
6.3 In some of the cases mentioned above, Swiss Post is entitled to process your personal data with your consent. You may revoke your consent at any time without stating reasons with effect for the future, until then we will process it lawfully.
6.4 You have further questions, suggestions or criticism? In this case, you can contact the data protection officer mentioned under point 8. In addition, you have an opportunity to lodge a complaint with iJsterreichische Datenschuzt behiJrde: österreichische DatenschutzbehiJrde, Barichgasse 40- 42, 1030 Vienna.
7. your right of objection
As a data subject, you can object to the use of your data at any time if the processing serves the purpose of direct marketing.
In addition, you have the right to object at any time if your particular situation gives rise to reasons for doing so.
If you wish to object, you can do so on our homepage at www.post.aVkontaktformular, telephone 0800 010 100 or by writing to the Postal Customer Service, Bahnsteggasse 17-23, 1210 Vienna.
8. contact
You can reach Swiss Post by e-mail at kundenservice@post.at (mailto: kundenservice@post.at) or by telephone at 0800 010 100 or at Postkundenservice, Bahnsteggasse 17-23, 1210 Vienna.
If you have any questions or suggestions regarding data protection, please contact our data protection officer at the e-mail address datenschutz@post.at or by post at Österreichische Post AG, Datenschutzbeauftragte, Rochusplatz 1, 1030 Vienna.
f...r
Even before May 2018, the data protection declaration of the defendant party in its currently valid version was available online in this manner on the website of the defendant party. The content of the data protection declaration of the defendant party prior to May 2018 was identical to that of the defendant party prior to May 2018 in the version "Mai

 
2018" is not completely identical. However, the exact content of the defendant's data protection declaration available online before May 2018 is not ascertainable.
The data protection declaration of the defendant party in its currently valid version was and is also available online via the link "www.post.at/online-services" (inspection AS 108; supplement ./X).
On the occasion of the plaintiff's registration with the defendant's online service, the latter sent the plaintiff a PIN by e-mail on 13.06.2011 and at the same time informed him in extracts as follows (Supplement ./AA):,,{...] Welcome as an online customer of Austrian Post AG.

Your user account with the customer number has been successfully set up. You can already use the Austrian Post AG online shop.
To additionally use the online services of Austrian Post at www.post.at/online-services, please have your account activated once at a post office branch. You will need a printout of the registration form and an official photo ID.
[...]"
The plaintiff had the defendant's online service activated on 2 August 2012 (Supplement .N).
On 07.08.2012, the defendant party sent the plaintiff a letter with the following content (supplement ./X; submission AS 103) in connection with the creation of a forwarding order for the move:
Dear Dr. Wirthensohn,

Thank you for entrusting us with the forwarding of your mail to your new address. We have processed your forwarding order and ask you to check the essential data on the back. If you have correction requests for your order data, please use the reply envelope.
[ ...]
Are you already familiar with Swiss Post's online services? Once you have registered and identified yourself, this will enable you to conveniently order and process postal services online in the future. Further information can be found at www.post.at/online-services.
[...]

 
POSTKUNDENSERVICE YOUR ORDER DATA
Form number:

Product: Domestic forwarding order Duration (relocation) Period of forwarding: from 07.08.2012 to 06.08.2013
The redirection is carried out for the following person(s):

Old address (from which mail is forwarded):

New address (where you will receive the mail):

Consent to data transfer granted: No

Please check your order data. If you wish to correct the order data, please fill in the data to be corrected completely and in block letters. Please send us the signed invoice with the enclosed reply envelope.
[...]
Use of data:

I give my express consent to the use of my above-mentioned data (in the case of the optional indication of further persons also with regard to their data) for marketing purposes of third parties by the exercise of the trade of the address publishers and direct marketing companies authorized tradesmen. In the case of the optional indication of further persons, I confirm that I have been instructed and authorised to consent to the transfer of data on their behalf.
□ No, I do not agree with such use of data.
[...]

Date, place "Signature

The plaintiff neither signed this letter nor returned it to the defendant (PV Kläger AS 107; Enclosure ./X).
In a letter dated 25 July 2013, the defendant informed the plaintiff that the forwarding order would end in two weeks due to the move (Supplement ./X).
At no time did the plaintiff receive further information from the defendant about data processing of the defendant party beyond the information provided in accordance with his request for information and the information contained in the previous letters (PV Kläger AS 104 f).
At no time did the plaintiff give the defendant express consent to the processing of data concerning him, in particular not with regard to special categories of personal data within the meaning of Art 9 DSGVO (Supplement ./0; PV Plaintiff AS 104; S 2 in Supplement ./X).
The plaintiff did not exercise his right of opposition or his right of cancellation against the defendant (not substantiated contested AS 97; PV plaintiff AS 106 f). This on the one hand because he did not want to expose himself to difficulties of proof in relation to the present proceedings and on the other hand because he no longer fully trusts the defendant in data protection matters anyway (PV Kläger AS 106 f).
The plaintiff has been dealing with data protection since 2001. This primarily as a hobbyhorse, but also as a lawyer, but not professionally or professionally full-time (PV Plaintiff AS 105).
Upon receipt of the respondent's information that the respondent had provided relocation information relating to the plaintiff to seven companies, the plaintiff addressed a request for information to each of these companies. Obtaining information from these companies is difficult. To date, the plaintiff has only received information from one of these companies in response to its requests to these data receiving companies. This information shows that this company in turn forwarded its data to two other companies (PV Plaintiff AS 106 f; Supplements
IQ, ./R and ./S; S 5 in supplement ./0 ).

By the data processing of the defendant party and their behavior in connection with his request for information the plaintiff considers himself violated in his fundamental right to data protection In particular the storage of the party affinities disturbs him (PV plaintiff AS 106). The plaintiff did not suffer any health impairment in this connection. Also his professional advancement was not impaired (PV plaintiff AS 106).

 
The defendant party blocked the plaintiff's stored data record after filing the complaint, so that the plaintiff's data is no longer used by the defendant party for marketing purposes since then (AS 97, not substantiated).
With letter of 01.03.2019 the Klagsvertreterin in the name of the plaintiff requested the deplored party, to the payment of an immaterial compensation according to kind 82 exp. 1 DSGVO at a value of EUR 2,500.00 within 14 days (supplement ./0). In a letter dated 21 March 2019, the defendant party refused to make a payment to the plaintiff (Supplement .IP).
Due to media reports that the defendant allegedly sold, among other things, personal data, including data concerning political opinion, the data protection authority initiated official proceedings against the defendant in January 2019 (S 3 in Supplement ./1; Supplement .IN). With decision of 11.02.2019 on DSB D213... 747/0002-DSB/2019, the data protection authority determined in proceedings - in which the plaintiff is not a party (undisputed AS 35) - inter alia that the respondent had unlawfully processed special categories of personal data pursuant to Art 9 DSGVO ("party affinities") in the course of its business of "address publishers and direct marketing companies" by not obtaining the consent of the data subjects (supplements ./1 and .IN). This decision is not yet legally binding (ON 14) due to a complaint filed by the defendant against it with the Federal Administrative Court.
The established facts are based on the following assessment of evidence:

First of all, reference is made to the evidence results in the parentheses of the individual findings, which are identical or have remained unchallenged, and which could be used as a basis for the findings without hesitation. Insofar as these were documents, their authenticity was not disputed and there were no doubts as to their accuracy. In the course of his interrogation, the plaintiff left a credible impression, which is why his statements, which were also undisputed, were also unobjectionable. The same applies to the findings based on only unsubstantiatedly disputed submissions.
The defendant's submission that it did not pass on any affinities of the plaintiff to third parties was not substantiated by the plaintiff. Nor did the plaintiff at any time claim that the party affinities had been transmitted. In his statement, he also admitted that he did not know whether the party affinities had been passed on. The information provided by the defendant does not suggest that affinities were passed on in relation to the plaintiff. Therefore, on the basis of these proceedings and the results of the evidence, it could be established that a transfer of party and other affinities was not possible.

 affinities concerning the plaintiff to third parties.

In its submission (Item 2.6.7 in AS 69), the defendant party itself conceded that the May 2018 version of the data protection declaration had only been available on the website since May 2018. However, it was plausible and credible that the data protection declaration of the defendant had already been available online before, only its exact content could not be objectified. With regard to the entry into force of the DSGVO in May 2018 (Art 99 DSGVO), it is in any case true to life that the data protection notices retrievable before May 2018 were not completely identical with those in Supplement ./2, because a revision was probably carried out precisely with regard to this entry into force.
The plaintiff has given a convincing and plausible account of the fact that the defendant did not provide the plaintiff with any further information beyond the information provided in accordance with his requests for information and the information contained in the letters found. In its submission (item 2.6.4 in AS 68), the defendant party itself took the view that informing each individual person concerned would entail a disproportionate effort, which also suggests that the defendant did not provide any personal information on its own initiative.
The plaintiff also credibly stated that at no time had the defendant consciously given his consent to data processing. His statement is auc-h with the contents of the supplement ./0 and ./X in line. The fact that the plaintiff did not unconsciously give the defendant an explicit consent to the data processing, for example within the framework of an acceptance of general terms and conditions, already results from the fact that the defendant party could not show such consent, which it would undoubtedly have done if it had such consent. Nor did the defendant rely on such consent on the part of the plaintiff.
Furthermore, it could be inferred from the plaintiff's credible statements that and to what extent it was difficult to obtain information from the companies supplied with part of his data by the defendant, and that and why he did not exercise his rights of objection and deletion against the defendant.
From the statement of the plaintiff in connection with the supplement ./0 it was finally convincing to infer that he feels violated by the defendant party in his fundamental right to data protection and in particular that he is disturbed by the storage of party affinities concerning him.
 
From a legal point of view this follows:
on point 1,:
There is no reason for interruption in the sense of § 190 Abs 1 ZPO. The plaintiff is not a party to the proceedings DSB-D213.747/0002-DSB/2019 of the data protection authority. The civil courts are not bound by a legal assessment of an administrative authority. A usefulness of an interruption is not recognizable.
to verdict 11:
1.
Pursuant to Art. 82 (1) DSGVO, any person who has suffered material or immaterial damage as a result of an infringement of this Ordinance is entitled to compensation from the person responsible or from the processor. Pursuant to Article 29 (1) DSG, any person who has suffered material or immaterial damage as a result of an infringement of the DSGVO or of Article 1 and Article 2, 1st main part DSG shall be entitled to damages against the controller or against the processor under Article 82 DSGVO.
If the provisions of the DSGVO and/or the delegated acts are infringed, the party who disregards them is liable to pay damages to the injured party in accordance with the general provisions of civil law. Art 82 DSGVO constitutes an independent tortious liability provision. On the basis of § 29 (1) sentence 2 DSG, the domestic provisions on damages supplement the liability for damages under the DSGVO, so that these are decisive for the general conditions for a claim unless the DSGVO contains a special provision (Schweiger in Knyrim, DatKomm Art 82 DSGVO Rz 1 ff).
The concept of damage under the DSGVO must be interpreted broadly and autonomously. It includes physical, material and immaterial damage. According to ErwGr 75, possible compensable damages are discrimination, identity theft or fraud, financial misuse, damage to reputation, misuse of the confidentiality of personal data subject to professional secrecy, unauthorised cancellation of pseudonymisation and other significant economic or social disadvantages. According to ErwGr 75, damage may also consist of the data subject being deprived of his rights and freedoms or prevented from controlling the personal data concerning him (Schweiger in Knyrim, DatKomm Art 82 DSGVO Rz 13 ff).
The DSGVO does not standardise any materiality threshold for the substitution of the intangible

 
Damage. Nevertheless, not all feelings of unwillingness associated with an infringement of a right are eligible for compensation, but the impairment of interests must be given weight, because such a materiality threshold is immanent in Austrian tort law (Schweiger in Knyrim, DatKomm Art 82 DSGVO Rz 24 ff).
The way in which immaterial damage is assessed is not regulated in the DSGVO or the DSG. Since the determination of the amount of immaterial damage causes considerable difficulties, the determination of the damage is based on free judicial conviction within the meaning of § 273 ZPO (Code of Civil Procedure). An overall assessment is made on the basis of the circumstances of the individual case. Relevant assessment criteria are, in particular, the effects on the injured person, the category of data concerned, the severity and duration of the infringement and whether any data were transmitted to third parties (Schweiger in Knyrim, DatKomm Art 82 DSGVO Rz 30 ff).
The facts giving rise to liability must be asserted and proved by the injured party, i.e. the occurrence of a (material or immaterial) loss, the breach of the norm, i.e. the (objective) illegality by the injuring party, as well as the causality of the behaviour of the injuring party with regard to the loss incurred. The 'claimant has the opportunity to prove that he is in no way responsible for the damage incurred, i.e. that the causes of the damage lie outside his area of responsibility or that he had no opportunity to prevent the damage occurring (Schweiger in Knyrim, DatKomm Art 82 DSGVO Rz 92 f).
2.

According to Art. 4 para. 1 DSGVO, personal data are all information relating to an identified or identifiable natural person (data subject); a natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data for the unambiguous identification of a natural person, health data or data relating to the sexual life or sexual orientation of a natural person are so-called special categories of personal data within the meaning of Art 9 (1) DSGVO. Processing

 
of such data is generally prohibited pursuant to Art. 9 (1) DSGVO. Art. 9 (2) DSGVO, however, provides exceptions to this basic rule. Thus, the processing of special categories of personal data is exceptionally permitted under Art. 9 para. 2 lit. a DSGVO if the data subject has expressly consented to the processing of such data for one or more specified purposes, unless the prohibition under para. 1 cannot be lifted by the consent of the data subject in accordance with Union law or the law of the Member States.
Pursuant to Art. 4 item 11 DSGVO, consent is any voluntary, informed and unequivocal expression of the will of the data subject in the form of a statement or other unambiguous confirmatory act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her. If processing is based on consent, the data controller must be able to prove that the data subject has consented to the processing of his/her personal data in accordance with Art. 7 (1) DSGVO.
Also § 151 GewO, to which the defendant party refers and which regulates the use of personal data for marketing purposes of third parties by traders authorised to carry on the business of address publishers and direct marketing companies, stipulates in its para 4 that, insofar as special categories of personal data are concerned pursuant to Art 9 para 1 DSGVO, these may only be processed by the traders if the person concerned has expressly consented to the processing of these data for marketing purposes of third parties.
The other exceptions in Art. 9 para. 2 lit b to j DSGVO are not relevant in the present case.
From the point of view of the court, the affinities determined by the defendant by means of marketing analysis procedures due to the fact that these were subsequently attributed to the plaintiff as an individual are clearly information relating to an identified natural person, i.e. personal data. Even if the defendant party argues that the data have their origin in anonymous surveys, this does not change the fact that, due to the assignment to individuals, these are not statements of general statistics, but statements about identified individuals.
The question of whether the party affinities fall under the special categories of personal data must also be clearly answered in the affirmative from the point of view of the court, since these are images of political opinions.
According to the findings of the court, the defendant party has not obtained the consent of the

 
The plaintiff has obtained information from party affinities concerning him for the purpose of investigation and storage (= processing as defined in Art. 7 No. 2 DSGVO), nor has he been personally informed thereof. This is to be seen as a considerable violation of the DSGVO, which has disruptively impaired the plaintiff's fundamental right to data protection and the associated freedoms. The fact that the defendant's data protection declaration, which is of a general nature, was and is accessible online via the website does not change this.
The fact that the defendant has identified and stored the plaintiff's party affinities without his consent and information justifies immaterial damages. In view of the fact that, on the one hand, the political opinion of a person is particularly sensitive data worthy of protection and, on the other hand, the plaintiff's party affinities stored by the defendant were not transferred to third parties as established, an amount of EUR 800.00 seems appropriate as compensation for the immaterial inconvenience suffered by the plaintiff.
With its further requirement reasons however in the result no success is decided to the plaintiff:
With regard to the question of the delayed provision of information, it is not clear what is meant by immaterial damage that can be compensated. Art 12 (3) DSGVO stipulates that information must be provided immediately, but in any case no later than one month after receipt of a request for information. The defendant, who is responsible for internal forwarding difficulties to the special body set up by it, did not meet this deadline. However, the subsequent provision of information within the framework of the complaint procedure eliminated a violation of rights in this regard or at least prevented quantifiable damage to the plaintiff in this context.
The same applies to a violation of information duties (beyond the topic of party affinities). On the basis of the established facts, the defendant party did not sufficiently fulfil its information obligations under Art. 14 DSGVO on its own initiative. Only - but at least - via requests for information by the plaintiff in connection with the complaints submitted by him did the defendant finally provide the plaintiff with information in two pieces of information, which is why no relevant immaterial damage is apparent in this respect either.
The plaintiff has not submitted to what extent the information provided by the defendant on the plaintiff's request should still be incomplete in the two pieces of information. Documents cannot replace a submission. In addition, damage exceeding the materiality threshold is also questionable in this respect (see Schweiger in Knyrim, DatKomm Art 82 DSGVO Rz 26).

A violation of the principle of data minimisation within the meaning of Art 5 (1) lit c DSGVO and of the principle of storage limitation within the meaning of Art 5 (1) lit e DSGVO concerning the plaintiff's personal data must be denied.
In connection with the "ADRESS-CHECK Service" offered by the defendant, it seems appropriate and legitimate to also store several of the plaintiff's previous addresses in connection with the note "moved" for several years. The storage of consignment information (consignment number, transport period, consignee, consignor) on pacts within the framework of the logistics of the defendant over a maximum period of three years also appears to be harmless.
Especially since the plaintiff's previous addresses in the defendant's storage system are in any case marked "distorted", a violation of the principle of data accuracy pursuant to Art. 5 (1) lit d DSGVO is also not discernible.
In total, the complaint is justified with regard to a partial amount of EUR 800.
Insofar as the plaintiff penetrates with his petition, he is also entitled to default interest. The start of the interest run was not substantiated. The amount of the interest request is covered in § 1000 Abs 1 ABGB.
The additional request at a value of EUR 1,700, - s. A. is to be rejected.

3.
The cost decision is based on §§ 43 para 1, 54 para 1a ZPO.

The plaintiff penetrated with 32% of its desire. The respondent is therefore entitled to 36% of its costs. As rightly objected by the plaintiff, the pleading of 05.07.2019 is not eligible for compensation, as it was neither submitted in due time nor necessary for the appropriate prosecution. Also the recorded compensation for loss of time and the recorded travel expenses cannot be reimbursed, because the defendant has already recorded the double standard rate according to § 23 (5) RATG, which also reimburses costs and compensation according to SP 9 RATG, for the daily constitution of 9 July 2019. The travel expenses and the duration of the time missed were also not certified. On the other hand, the defendant must be reimbursed for the ERV costs recorded. In the opinion of the court, the mere misnaming as "cash expenses" does not do any harm. In total, the defendant is entitled to compensation of EUR 497.83 (including EUR 82.97 VAT) of its legal costs.
 
The plaintiff is entitled to 32% of his cash expenses, i.e. EUR 57.72.

After offsetting the mutually compensable amounts, the costs awarded to the defendant as shown in the award are incurred.

Feldkirch Regional Court, Department 57 Feldkirch, 07 August 2019
Sandra Ladner, Magistrate, Judge
 
Electronic copy in accordance with § 79 GOG