Privacy policy

ASFINAG Autobahnen- und Schnellstraßen-Finanzierung-Aktiengesellschaft, 1030 Vienna, Schnirchgasse 17, T +43 50 108-10000, F +43 50 108-10020,, FN 92191 a (hereinafter "ASFINAG") is responsible for the data processing described in the following.

The ASFINAG data protection officer is available at: ASFINAG Data Protection, c/o Autobahnen- und Schnellstraßen-Finanzierung-Aktiengesellschaft, 1030 Vienna, Schnirchgasse 17,, Tel. +43 1 955 1266, Fax +43 1 955 1277.

ASFINAG Autobahnen- und Schnellstraßen- Finanzierungs-Aktiengesellschaft attaches great importance to the protection of your personal data. If the use of our website is not possible without the provision of personal data; the use of your personal data (such as name, address, e-mail address) is always voluntary and only with your consent. This also applies to the transfer of your personal data to third parties (subsidiaries or other third parties).

We have applied the necessary technical and organisational measures according to the legal requirements for electronic communication and data protection.

Data analysis / Matomo

Our website uses the open source software "Matomo" ( as a web analysis tool. This enables us to create an analysis of the use of the website. The purpose of this analysis is to improve the website for you by, among other things, detecting navigation problems in the website and adapting functions and offers according to your preferences.

Matomo sets the cookies listed below. The data collected by the cookies is automatically anonymised immediately by shortening the IP address and thus making it impossible to trace it back to your end device or person.

In addition, the data is stored exclusively on our server and is not transmitted to other servers or third parties. The determination with immediate anonymisation of your data is absolutely necessary for the operation of the website.


Our website uses a service from MTCaptcha to prevent automated queries and to allow access only to legitimate users and to protect against abuse by spammers and bots. The cookies set by this service serve exclusively to prevent the use of forms by bots and automatic scripts and are absolutely necessary for the operation of the website. No personal data is collected. For more information on data protection when using MTCaptcha, please see


The legal basis for the use of functionally necessary cookies is our legitimate interest in accordance with Art 6 Paragraph 1 lit f GDPR to ensure the technical operation and basic functions of our website as well as to save your selected cookie settings and operate the website accordingly. For all other cookies (other than those that are functionally necessary), the legal basis for their use is your consent in accordance with Art. 6 para. 1 lit a GDPR. You have the right to revoke your consent at any time, but this does not affect the legality of the processing carried out up to that point.

Name Storage period Type/purpose
__RequestVerificationToken End of session Prevents unauthorised posting of website content (so-called cross-site request forgery). Contains no information about the user.
ASP.NET_SessionId End of session Multi-purpose platform session cookie used by websites based on Microsoft.NET technology.
.ASPXANONYMOUS 1 hour Unique ID for anonymous users.
_pk_id 13 months Collects statistics about the user's visits to the website, such as the number of visits, average time spent on the website and which pages were read.
_pk_ses 30 minutes Used by Matomo Analytics Platform to track page views of the visitor during the session.
jsV End of session Set by MTCaptcha and is used to store the script version used.
mtv1ConfSum End of session Set by MTCaptcha as test data for validation.
mtv1Pulse End of session Set by MTCaptcha as an identification string.
contrast 365 days Saves the setting for increased contrast in order to activate this setting by default the next time you visit the website.

In the following, you will find a list of the essential cookies we use that require consent:

Name Storage period Type/purpose
NonEssentialCookiesAccepted 3 months Storage of the cookie banner decision


1 year

Language preferences of the user


Below you will find a list of the cookies we use that require consent when you consent to all cookies:

Name Storage period Type/purpose
dtCookie Session Follows the visit of several requests for Dynatrace services.



Measures the server latency for Dynatrace performance.



Used for Dynatrace services to identify the correct endpoints.


2 years

Defines a unique visitor ID for the user for Dynatrace services in order to identify the visitor to whom the sessions are to be assigned.



Stores timestamps for Dynatrace services to determine when sessions start and end.



Used to store context information of user actions for Dynatrace services across different pages.

The use of our products is not possible without cookies. 


Dynatrace gains insight into the performance of the web application and the navigation of our users on the website. Dynatrace records click paths, JavaScript errors, browser types and geographic regions, but does not record the contents of fields such as payment data. If all cookies are accepted, the name, email address and IP address fields are also collected. This data helps us to identify functional problems. Collected data will be deleted automatically after 35 days.

Dynatrace privacy policy

Information on the rights of the data subjects

According to the General Data Protection Regulation, data subjects have the following rights:

1. Right to receive information

Each data subject has the right – after verifying its identity – to request information from ASFINAG as to whether its personal data is being processed. If this is the case, the data subject shall have the right to obtain further information on the purposes and legal basis of the processing, the categories of data concerning it, the data sources, the recipients of its data, the (non-)existence of an automated decision-making process including profiling, instructions regarding its rights and obligations, and a copy of the personal data.

2. Right to rectification and erasure

If the personal data is inaccurate or incomplete, the data subject may request the rectification, completion or erasure of data relating to it as part of the processing purposes, if necessary by means of a supplementary declaration. In particular, ASFINAG is obliged to erase personal data if the erasure is prescribed by law or if any existing consent for processing has been revoked, if there is no further legal basis for processing, or if personal data is no longer necessary for the purposes for which it had originally been collected.

However, the right to erasure does not exist if the processing is necessary to fulfil a legal obligation of ASFINAG or to perform a task that is in the public interest or that is performed in the exercise of official authority or is required to assert, exercise or defend legal claims.

3. Right to restriction of processing

Every data subject has the right to have the processing of its personal data restricted. One of the following conditions must be fulfilled for this:

  • The accuracy of the personal data is contested by the data subject for a period of time long enough to allow ASFINAG to verify the accuracy of the personal data;
  • The processing is unlawful and the data subject rejects the deletion of the personal data and instead requests the restriction of the use of the personal data;
  • ASFINAG no longer needs the personal data for processing purposes and, at the same time, the data subject needs it for the assertion, exercise or defence of legal claims;
  • If the data subject has objected to the processing, until it has been established whether the legitimate reasons of ASFINAG outweigh those of the data subject.

However, limited data may still be used to protect the rights of another person, for important public interest or to assert, exercise or defend ASFINAG's legal claims.

4. Right to data transferability

The data subject shall have the right to receive the personal data concerning it that it has provided to ASFINAG in a structured, conventional and machine-readable format or – if technically possible – to have such data transferred to another responsible party. However, this right only exists if the processing is based on the legal basis of a contract or the consent of the data subject.

5. Right to object

The data subject shall have the right to object at any time to the processing of personal data concerning it on grounds relating to its particular situation. This right shall apply only if the processing

  • is necessary for the performance of a task that is in the public interest, or
  • takes place in the exercise of official authority vested in ASFINAG, or
  • is necessary to safeguard the legitimate interests of ASFINAG or a third party.

ASFINAG will then no longer process the personal data unless it can prove compelling reasons worthy of protection for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

6. Right to object to direct marketing

Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning said data subject for the purposes of such marketing. If the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

7. Right to appeal to the supervisory authority

Every data subject has the right to file a complaint with the data protection authority, Barichgasse 40-42, 1030 Vienna,