REGARDING CONTACT DETAILS AND CUSTOMER INTFORMATION OF NATURAL PERSONS
of VE Vision Education GmbH
(hereinafter, “we“ or the “Operator“)
The protection of natural persons with regard to the processing of personal information is a fundamental right, which we take very seriously. All data processing is done in full compliance with the General Data Protection Regulation (hereinafter, “GDPR“), as well as the relevant laws of the Republic of Austria.
In this document we explain our processes relating to the storage, use and disclosure of the personal information of natural persons (hereinafter, the “Person Concerned“), which we collect and process as part of our company operations and the services we offer.
This notice applies both to the contact details of our contractual partners, which we collect, store and process as part of our B2B-operations (hereinafter, “Contractor Data“), and to the data, which we collect from the users of the software we offer (hereinafter, “User Data“).
Third-party licensees, such as employers, interest groups, instructors and other similar third parties, may, under their own license agreements, acquire licenses in their own name and for their own account, in order to obtain activation codes that enable the Person Concerned to activate functions of the app and other offerings of the Operator. No independents claims or obligations shall arise for the Person Concerned from the relationship between third party licensee and the Operator.
We only store personal information on secure servers that are operated in secure facilities in the European Union and are equipped with state-of-the-art firewall protection. In order to provide our services, the data we collect may be transferred to and stored or processed by our employees or the employees of one of our suppliers.
COLLECTION AND USE OF DATA
During the process of setting-up a business relationship and in the execution of contracts with contractual partners, we collect the following data from our contractual partners:
- first and last name
- email address, including all email correspondence and associated data
- phone and/or fax numbers
- as well as, other forms of contact (website URL etc.)
- and, in some cases, data for the execution of cashless payment transactions
- postal address
With regard to Persons Concerned, who are users of our software, we will be storing and processing the following data as part of the registration process of the user account, in order to be able to identify the user:
- user name,
- first and last name,
- email address,
- phone and/or fax numbers,
- date of birth,
- language skills,
- other personal information entered during the use of the service, as well as the chosen software settings, and
- a profile picture and
- transaction data (in the event of purchases) and interactive user data (for example, learning progress).
The Operator also receives and stores information from terminals and browsers, including IP address, cookie data, software and hardware characteristics, and the requested pages and services (“electronic communications metadata”). The Operator uses this information in order to personalize content, improve services, conduct research, and draft anonymized reports, both for internal purposes and for external clients, such as advertisers. If the Person Concerned has also given the extended consent to the processing of his data in accordance with Point 3, the electronic communication metadata will also be used for the personalization of advertising materials.
The Person Concerned must explicitly and separately agree (i.e. give “extended consent“) to any processing and use of his personal data that goes beyond what is detailed above (for example, for the purpose of personalized advertisements).
PURPOSE AND LEGAL FOUNDATIONS OF THE PROCESSING OF CONTRACTOR DATA
The Operator processes the data and information collected in accordance with Point 1, for the following general purposes:
- to get in contact with the contractual partner,
- to fulfil pre-contractual and contractual obligations,
- to provide the services offered,
- to answer questions and comments,
- to regularly inform contractual partners
PURPOSE AND LEGAL FOUNDATIONS OF THE PROCESSING OF USER DATA
The Operator processes the data and information collected in accordance with Point 2, for the following general purposes:
- to provide the services offered;
- to answer questions and comments;
- to get in contact with the Person Concerned;
- for purposes related to advertisement and market research, to the extent to which the Person Concerned has explicitly consented to
- for statistical purposes
- to ensure that parents, teachers, organisations and educators can provide optimal, goal-oriented mentorship, and
- for any other purpose which may additionally be described during the data collection process.
LEGAL FOUNDATIONS OF DATA PROCESSING
The Operator is entitled to transfer, store and process the personal data which he collects within the scope of the fulfilment of the contract within his IT infrastructure. The Operator may do so himself or via his employees and vicarious agents as defined in § 1313a German Civil Code.
The legal basis for the processing of this personal data are the legitimate interests outlined in Article 6 (1) (f) of the EU General Data Protection Regulation, which are in line with the above-mentioned purposes and form part of the fulfilment of the contract (in accordance with 6 (1) (b) GDPR).
TRANSFER OF YOUR PERSONAL DATA
- For the above-mentioned purposes, we will send your personal data to the following recipients:
IT service providers used by us:
- BMD Systemhaus
DURATION OF DATA STORAGE
- We will generally save your data for the term of the contract or the duration of the registration. Extended data storage only takes place in so far as this is legally required or if the limitation periods of potential legal claims have not yet expired.
- If either the Person Concerned or the Operator make use of their right to terminate the contract, or if the contract expires as the result of time or comes to end for whichever other reason, any personal information about the Person Concerned shall be deleted, in so far as further storage or processing of this data is not necessary on account of
- the right to freedom of expression and information;
- legal obligations arising from the Law of the Union or its member states, which the Operator is subject to; or where such further data processing is necessary in order to fulfil a duty, which is in the public interest or which has been mandated to the Operator by the authorities;
- reasons in the public interest regarding public health as laid out in article 9 paragraph 2 sub h and i GDPR and article 9 paragraph 3 GDPR; or
- the establishment, exercise or defence of legal claims.
RIGHTS WITH REGARD TO PERSONAL INFORMATION
In accordance with the relevant legal conditions, the Person Concerned is entitled:
- to check whether we have stored personal information about him, to know what the content of this information, and to obtain copies of this data;
- to request the authorization, supplementation or deletion of his personal data, in so far as these are incorrect or have not been processed in accordance with the law;
- to request that we limit the processing of his personal data, and
- in certain circumstances, to object to the processing of his personal data or to revoke his prior consent to the data processing,
- to demand data portability;
- to know the identity of any third parties, which have been given access to the personal data, and
- to file complaints with the relevant data protection authority
The Operator uses the Firebase SDK to better understand and optimise user behaviour in the apps. Moreover, the Operator uses other features of Firebase, which allow for better user guidance and the evaluation of causes of app crashes.
The Operator’s mobile apps use services provided by HockeyApp. Through the execution and analysis of crash reports, HockeyApp supports the development process of the Operator’s apps. In order to collect the necessary usage data, a UUID is generated, which is then stored by HockeyApp. In general terms, this UUID cannot be associated with any personal data, as these are not stored.
The Operator uses Facebook’s Software Development Kit (SDK) in the apps. The Facebook SDK is produced and administered by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. This SDK allows the Operator to gain insight into which of the advertising campaigns run on the social network ‘Facebook’ has induced the Person Concerned to download the apps.
The Operator shares the following information with Facebook for this purpose: the app ID, the app version and information regarding the launch of the app. Additionally, individual user activities (events) may be analysed from within the app, making it possible for the Operator to better be able to define the target groups for advertising campaigns. The Operator shares no other data with Facebook. The Operator only receives an aggregated evaluation of app user behaviour from Facebook. Beyond this, the operator has no influence on the information that is processed by Facebook via app events. Further information about the Facebook SDK may be found at:
DISCLOSURE OF PERSONAL INFORMATION
The Operator will not disclose personal data to third parties, except in those cases where the Person Concerned has given their explicit consent to this in line with the “extended consent“ provision (Point 2.4) or in the following circumstances:
- to comply with legal requests for the disclosure of the data; to comply with court orders or legal proceedings; to establish or exercise a legal right; or, to defend himself (the Operator) against legal claims;
- if the Operator believes the disclosure of the data to be necessary in order to investigate, prevent or take action against the Person Concerned with regard to illegal activities, suspected fraud, situations which pose a potential threat to a person’s physical security or breaches of the Operator’s terms and conditions of use; as well as, all those case where this is required by law;
- if the Person Concerned (such as, a student, trainee or employee) uses a service, which is subject to fees, as a beneficiary of a third party (such as his employer, educational establishment, instructor, interest groups and comparable third parties), we shall disclose the following personal data of the user upon request of the third party, subject to the fact that the Person Concerned has given his explicit consent to this disclosure:
- user name / name
- score / learning progress
- game results
- so that the associated third party may keep track of the use of the service;
- if it becomes necessary for the Operator to transmit personal data due to the acquisition/merger of the Operator by/with another company. The Person Concerned will be informed of these circumstances by the Operator prior to the transmission of the personal data and before new privacy policies become applicable.
- Attention: All personal data disclosed online may be collected and used by others. If Persons Concerned disclose personal data online and these therefore become publicly accessible, Persons Concerned may receive unwanted messages from third parties which bear no relation to the Operator.
ADVERTISEMENTS BY THIRD PARTIES
In accordance with Point 5, the Operator deliberately displays specific advertising based on the processing of the user’s personal data. Advertisers may conclude that people, who interact with targeted advertisements, view these advertisements or meet the target audience criteria.
CONFIDENTIALITY AND SECURITY
- The Operator restricts access to personal data to his own employees, and employees of affiliated companies and external service providers who, according to the Operator, have a legitimate claim to access the data, being that this is necessary in order for them to deliver products or services, or to fulfil their tasks.
- The Operator employs physical, electronic and procedural safety devices which comply with the regulations for the protection of personal data. However, the data security for data transmission via the internet cannot be 100% guaranteed. The Operator therefore cannot guarantee the security of the data which the Person Concerned transmits to the Operator. As a result, the Person Concerned access and uses the Operator’s services at his own risk. The user is also responsible for ensuring that access to his devices is limited, that his devices are free of malware of any kind, etc., so as to restrict the means by which the information entered on the service, such as email addresses and payment details, can be tracked.
- The Operator is expressly not liable for losses and damages resulting from non-compliance with this section by the Person Concerned.
- The Operator processes payments for those services which are subject to fees through secure payment providers to ensure that the security of payments meets the general industry standard
CONTACTING THE OPERATOR
If you have any further questions or concerns regarding the processing of your personal information, please feel free to contact us at:
VE Vision Education GmbH
Last updated: May 23rd, 2018