Privacy Policy

We are committed to ensure the protection of your Personal Data and your privacy.

About us

CCSA is the Crystal-Cortenberg SA, with its business address at Avenue de Cortenbergh 60, 1000 Brussels. It is registered in Brussels under the number BE 0476349479.

AT60 – the House of the Austrian Economy belongs to the CCSA. It showcases the diversity and strength of Austria’s economy and acts as a vibrant platform for information, dialogue, and networking within the European Union. Through the joint presence of the Austrian Federal Economic Chamber and its partners, AT60 gives Austrian business a strong, visible voice at the EU level.

For all matters related to this Privacy Policy, you can contact: info@at60.eu.

About this Privacy Policy

This Privacy Policy applies to the personal data (hereafter referred to as “data“) that we collect for the purpose of providing our various services.

The Privacy Policy describes the processing of data that we carry out:

(i) via our Website – see Section I: “Data processing in connection with our Website and online booking system

(ii) for the Business Center and Event Activities- see Section II: “Data processing in connection with Business Center and Event Activities “

(iii) for Recruitment – see Section III: “Recruitment

Data processing that is common to all sections is grouped under the Section IV: “Common provisions”.

About the terms used

The terms used in the Privacy Policy have the meaning given to them by Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter, the “GDPR“).

We use any of the terms “we”, “us”, and “our” to refer to CCSA/AT60.

We use the terms “Parties” to refer to you and us.

SECTION I: Data Processing in connection with our WEBSITE and online booking system

This Section of our Privacy Policy applies to your use of CCSA’s website and online booking system, including all its sub-pages (collectively referred to as “Website”). We use this Section to explain our online information practices. CCSA is the data controller for this Website under the GDPR.

1.1. Consent

By using our Website https://www.cms.at60.eu, you agree to the conditions of this Privacy Policy. If you no longer accept our Privacy Policy, you must cease using the CCSA’s Website.

If we change our Privacy Policy, we will post the changes on this page to keep you informed of the information we collect, how we collect, use, store, transfer, or otherwise process this information, whether or not the information is shared with other parties, and the rights you have regarding the processing of such data.

1.2. What Data do we collect about you?

1.2.1. The personal data that we collect directly from you when using our website and online booking system

This is the personal data that you voluntarily communicate to us:

(i) through our Website when you contact us via info@at60.eu, or any of the other e-mails provided under About Us – AT60.  We use your data in order to be able to contact you and respond to your requests for information or assistance and to satisfy your requests.  The legal basis of the processing is your consent.

(ii) when you use our online booking system to book our FlexDesks, we use your data in order to be able to contact you and respond to your requests for information or assistance and to satisfy your requests.  The legal basis of the processing is your consent. Payments are done via Stripe. Please read Stripe’s  Privacy Policy

(iii) when you wish to join our team and send us your CV to our respective department’s e-mail address (as mentioned in the job ad). We use your data in accordance with our Recruitment Privacy Policy-see section II“Recruitment”.

(iiii) When you contact us for assistance or contact our various services by telephone, you may be asked to provide us with information about yourself, the nature of your call and other information to answer subsequent questions. In this case, your data are used to respond to your requests for information or assistance.

CCSA processes your data only to the extent necessary for the purposes for which it was obtained.

1.2.2. The data we collect when you interact with the Website and online booking system

Cookies

Our Website uses “cookies”. By using the Website, you agree to receive cookies on your computer, tablet or smartphone. It is thanks to cookies that we can offer you optimal navigation on our Site (for example, they help us to remember your preferences since your last visit).

Cookies used on our Website perform two functions:

(a) Essential cookies, are essential for the operation of our Website and subpages, including

  • Session cookies – they are used to maintain the user session open in the browser and expire when you close your browser.

We recommend you not to disable these cookies, as this may affect your browsing experience.

(b) Performance and analytics cookies (Google Analytics), are used by us to understand how visitors use our Website so we can optimize your browsing experience. More information Google Analytics can be found under “social plug-ins”.

You can prevent cookies from being installed on your browser by changing your browser settings so that cookies from this website cannot be placed on your computer or mobile device.

Social plug-ins

When you visit our online pages within a platform, a social network (LinkedIn, Instagram, …) or third-party websites, you are also subject to the privacy policies and terms and conditions of these platforms, social networks and third-party websites. We recommend you also read their privacy policies and terms and conditions. They could also use cookies.

In certain circumstances, our Website and our applications will provide you with social plug-ins from different social networks. If you choose to interact with a social networking site such as Instagram or LinkedIn (for example, by registering an account), your activity on our Website or through our applications will also be accessible on that social networking site. If you are connected to one of these social networks during your visit to our Site or if you interact with one of the social plug-ins, the social network site may add this information to your respective profile on that network depending on your privacy settings. If you wish to prevent this type of data transfer, please log out of your social network account before accessing our Site, or change the privacy settings of the application, if possible. Please read the privacy policies of those social networks for detailed information about the collection and transfer of personal information, your rights and how you can obtain satisfactory privacy settings.

LinkedInhttps://www.linkedin.com/legal/privacy-policy

Instagram: Privacy on Instagram | Account & Information Privacy | About Instagram

WordPress

Google Analytics

We monitor non-personal data via Google Analytics. Google Analytics is a web analysis service of Google Ireland Limited that analyses how users interact with the site. On behalf of CCSA and based on your consent, Google uses this information to report on website activity, which allows us:

  • To analyse how our website is used and assess how its functionality and your browsing experience can be improved
  • For example, we monitor the website traffic, the number of page visits per site, the number of downloads of documents on our website, etc.

We use the IP anonymization in order to ensure anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.  Personal data will be transferred to the US by Google using Model Contract Clauses. The data is automatically deleted after 14 months.

SECTION II: Data Processing in connection with Business Center and Event Activities

The purpose of this Section is to inform you about how CCSA processes the personal data of Business Center and Event contact persons (hereinafter, “Personal Contact Data“). The following is a description of the various data processing operations, in which you may possibly be involved.

As between the Parties, the contact person is the data controller of all data provided and has the right to direct us in connection with processing of such data. Notwithstanding the foregoing, we are data controller for all data that are provided by us to a contact person during the relationship. Each party shall fully comply with its obligations as data controller under the applicable laws in this respect.

Each Party consents that the other Party, in the context of or in connection with the business center or event activities, collects, processes, stores, communicates or archives Personal Contact Data (e.g. names, e-mail addresses, position, physical address and telephone numbers), but only to the extent that such collection, processing, storage, communication or archiving will be necessary to perform the business center and event activities such as inviting you to events, informing you of our offers, meetings, invoicing, etc.

Each Party shall ensure that any disclosure of Personal Contact Data made by it to the other Party is made with the data subject’s consent or is otherwise lawful.

Each Party guarantees the natural persons concerned by the processing of Personal Contact Data the right to be informed and to have access to the Personal Contact Data concerning them, the right of rectification and deletion, the right to limit and oppose the processing, the right not to be subject to automated data processing intended to define their profile or to evaluate certain aspects of their personality, as well as the right to portability, which shall be strictly understood to mean the Personal Contact Data collected directly from the natural persons concerned. In order to exercise these rights, the natural persons concerned may contact the relevant person in charge for personal data as mentioned in this Privacy Policy. Notwithstanding the foregoing, the right to object shall not apply if data are processed pursuant to a legal obligation.

SECTION II: Data Processing in connection with Business Center and Event Activities

2.1. The Personal Contact Data collected when you engage with us in a Business Center or Event Activity

CCSA processes the Personal Contact Data for the purpose of entering into a contract with the respective organisation. The legal basis for such processing is the contractual necessity.

2.2. How does CCSA store personal data and who can access it?

CCSA maintains an automated record of each organisation’s data.  This automated record contains most of the data held in the Business Center and Event’s file.  Additionally, CCSA maintains data in various digital documents.

The persons and entities that can have access to your data are:

  • All CCSA staff based in the offices in Brussels;
  • External professional services, such as IT systems providers (CCSA online domain/website hosting supplier, its database software supplier);
  • In the case of event organisation, the co-organiser and event agency for the sole purpose of organising an event you have registered to;

Third party service providers, as our processors, only hold and use data on our behalf in order to provide us with a service.  We may also disclose personal data to our professional advisors and experts in order to obtain their assistance in carrying out our services and our activities.

Where CCSA engages a third-party processor to process data on its behalf, such as those listed above, CCSA will delegate such processing in writing, will choose a processor that provides sufficient guarantees with respect to technical and organisational security measures governing the relevant processing, and will obligate the processor to act on CCSA’s behalf and under CCSA’s instructions.  In addition, CCSA will impose in writing appropriate data protection and information security requirements on such third-party processors.

2.3. Data retention

CCSA will retain the Personal Contact Data for the duration of the contract with the respective Organisation in accordance with applicable legal requirements, and only for as long as necessary for the purposes described in this Policy or as long as required by law or to defend potential legal claims.

CCSA will retain your Personal Contact Data as follows:

  • Communications: Personal Data will be kept until you withdraw your consent;
  • Event booking: for 1 year after the event, unless you withdraw your consent to the processing of your Personal Data earlier;
  • Information, enquiries and services: for 1 year, unless you withdraw your consent to the processing of your Personal Data earlier;
  • Photographs/videos: Personal Data will be kept until you validly object to our legitimate interest to process your personal data;

SECTION III: Recruitment 

This Section describes the manner in which CCSA collects and uses applicant’s data as part of its recruitment process.

By applying to CCSA, you acknowledge and declare that you have read and accepted this Privacy Policy and thus agree to the collection, storage, use and processing of your data by CCSA for the purposes of application management, recruitment and hiring as detailed below.

3.1. Processing purpose

CCSA collects, stores, uses and processes the data that the applicant provides only for the purpose of managing his or her recruitment process.

The data provided are used for the purposes of managing the application, evaluating the applicant before making an offer of employment, contacting the applicant during processing, sending her/ him advertisementsfor another position that she/he might be interested in, answering questions and/or requesting additional information.

As data controller, CCSA undertakes to respect the principle that the candidate is the sole owner of the data that is collected and processed and to process this data in a transparent, confidential and secure manner.

3.2. Data collection

The CCSA recruitment process can be initiated in two ways:

– an application to an open position, or

– an unsolicited application.

In both cases, the candidate agrees to have his/her profile included in the CCSA database and accessible to the CCSA recruitment service.

Personal data provided to CCSA must be accurate and complete. The transmission of any inaccurate, false or incomplete information may result in the rejection of the application. To this end, CCSA may check the qualifications indicated in the CVs and collect professional references from candidates (trainee supervisor, manager, etc.).

3.3. Type of personal data

The personal data which CCSA is required to process are limited to the data necessary to assess the suitability of the applicant’s abilities for the profile required for the posts which are open.

Personal data include, but are not limited to, the following in particular:

– Identification data (surname, first name(s), date and place of birth, nationality, gender);

– Contact details (postal and email address, telephone number);

– Personal life data (hobbies and interests, driving license category,…);

– Your photo, if you decide to communicate one;

– Professional life data (profile, data on previous employers, termination of last jobs and work done, special projects,…), including reference checks if you have provided them in your CV (which means that you have consented to us contacting these references);

– Information relating to your training (diplomas, certificates, traineeships, special training,…);

– Language skills;

– Any other personal data you provide in your application relating to the performance of the duties;

– Digital evaluation via social networks, insofar as this presence is accessible to us;

– Any other personal data (other than those mentioned above) that may require processing under the law.

It is CCSA‘s policy not to request sensitive data from candidates. Therefore, CCSA requires candidates not to provide sensitive data such as ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, health or sexual orientation in their application, EXCEPT where required by the law of a country to do so in order to fill a position with CCSA. In the latter case, you would be informed and would have to give your express consent.

3.4. Legal basis

The legal basis on which CCSA processes applicants’ data is their consent. However, the applicant is free to withdraw this consent at any time by sending an email to the e-mail addressed used for the purpose of the application.

Withdrawal of consent shall not affect the lawfulness of the processing operation based on the consent given prior to such withdrawal.

3.5. Data retention

CCSA will retain your job applications data for one (1) year after the end of the recruitment process so that we may contact you if another position becomes available in which you might be interested unless you withdraw your consent to the processing of your personal data earlier.

SECTION IV: Common provisions

4.1. Confidentiality and Security 

CCSA’s employees or any of CCSA’s contractual partners who have access to your data in order to provide services to CCSA (e.g. its online domain/website hosting supplier, its database software supplier) are contractually obliged to keep such information in confidence and may not use these data for any other purpose than performing their contractual missions for CCSA.

We will not disclose, sell, rent or exchange your personal data to any other organization or entity unless you are first notified and you expressly agree to it, or as otherwise required by law e.g. doing what a local or foreign court or government agency requires us to do, disclosing Personal Data to another company if we are or may be selling, assigning, or otherwise transferring all or any part of our business or merging with another company.

We maintain reasonable physical, electronic, standard security practices, including encryption, passwords and physical security measures, and managerial procedures to protect the security and confidentiality of personal data. Only a limited number of persons within us are authorized to access, delete or modify your data. We will make reasonable efforts to ensure that your privacy interests are protected.

CCSA stores your data safely and, therefore, CCSA maintains appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage to personal data.

Only a limited number of persons within our organisation are authorized to access, delete or modify your data. These measures are aimed at ensuring the on-going integrity and confidentiality of personal data.  CCSA evaluates these measures on a regular basis to ensure the security of the processing.

4.2. Subcontractors

We may need to share your data with our affiliates and/or third party acting as our subcontractor for the purposes indicated in this Privacy Policy and in compliance with GDPR.  We confirm that such transfer and process are performed in compliance with GDPR.

4.3. What are your rights?

To the extent required by applicable law and subject to legal limitations, you have the right:

  • to have access to your data;
  • to have inaccurate data corrected or removed,
  • to object to the processing of your data;
  • to restrict CCSA’s use of your data;
  • to the erasure of your data;
  • to receive your data in a usable electronic format and transmit it to a third party (right to “data portability”); and
  • to lodge a complaint with their local data protection authority

In particular, CCSA is committed to working with you to obtain a fair resolution of any complaint or concerns about privacy.  If, however, you believe that CCSA has not been able to assist with your complaint or concern, you have the right to make a complaint with the competent EU Member State authority.

If you have any questions or wishes in connection with your personal data or you want to exercise your rights, please contact CCSA by sending an e-mail to info@at60.eu.

4.4. Transfer outside the EU

The persons and companies to whom we may disclose personal data for any of the above reasons may be located in Belgium or in other countries. These other countries might not have laws that provide the same level of data protection as the GDPR. However, those persons or companies must agree to protect any personal data we give them from improper use and disclosure. We will secure appropriate contractual guarantees from such persons or companies’ service providers to ensure equivalent level of protection to personal data, as required by the GDPR.

4.5. Applicable law and jurisdiction 

Any dispute arising from or related to the use of this website or to the acceptance, interpretation or observance of the Privacy Policy shall be submitted to the exclusive jurisdiction of the competent Court of Brussels which shall apply Belgian law.

4.6. How to contact us?

For privacy-related and general enquiries: info@at60.eu   

4.7. Notice updates

In case of any material changes to the way in which CCSA collects or uses Personal Data, the type of Personal Data it collects or any other aspect of this Policy, CCSA will issue a revised Policy.

We are here

Copyright © 2025 CCSA

This website uses cookies useful for your browsing. By using this site, you agree to the use of these cookies. More information on how we use cookies can be found in our Privacy Policy.