VE Vision Education GmbH
c/o Impact Hub Vienna GmbH
(hereinafter “We” or the “Operator”)
Last update: 25th January 2021
1.1. The protection of rights to privacy / our users in the processing of personal data is a fundamental right which we take very seriously. All data processing is carried out in accordance with the EU Data Protection Basic Regulation (hereinafter referred to as “DSGVO”) and the relevant laws of the Republic of Austria.
1.2. In this document, we explain our procedures regarding the collection, use and disclosure of the personal data of users (hereinafter referred to as “data subjects”), which we collect and process in the course of our service provision and business operations.
1.3. This notice applies to the contact data of our contractual partners (or their representatives and employees, hereinafter refrred to as “partner data”), which we process in the area of corporate customers(hereinafter referred to as “partner data”), to data which we collect from the user in the course of using our software (hereinafter referred to as “user data”) and to data which is processed in connection with our website (hereinafter referred to as “web visitor data”).
1.5. We store personal data only on secure servers that are operated in secure facilities, which are equipped with state-of-the-art firewall protection. The data that we collect may be transferred to, and stored or processed by, employees who work for us or for one of our suppliers for the sole purpose of providing services and support.
2. Purposes, data categories and legal bases for the processing of partner data
2.1. We process personal partner data using the categories listed in 2.2 for the following general purposes:
a. to make contact with the contractual partner,
b. to fulfil pre-contractual and contractual obligations,
c. to provide the services offered,
d. to answer questions and comments,
e. to provide support services and,
f. where appropriate, to inform the contractual partner about news at regular intervals.
2.2. In the course of the initiation of business and in the processing of contracts with partners, we may process partner data under the following data categories:
a. first and last name,
b. e-mail address, including e-mail traffic and correspondence data in general,
c. telephone or fax number and other contact details (website address etc.),
d. where appropriate, data on the execution of cashless payments, and
e. postal address.
2.3. The legal basis for the processing of personal data mentioned in 2.2 is our predominant legitimate interest according to Art. 6 para. 1 lit f DSGVO, which consists of achieving the purposes mentioned in 2.1. The processing of partner data is required to enable us to contact (potential) contractual partners and to conduct our business operations.
2.4. If the contractual partner is an individual person and the processing of their data is absolutely necessary for the performance of the contract, the lawfulness of the data processing also results from this necessity (Art. 6 para. 1 lit b DSGVO).
2.5. Furthermore, the processing of data may be necessary and therefore lawful on the basis of the need to comply with legal obligations (Art. 6 para. 1 lit. c DSGVO).
3. Purposes, categories of data and legal bases for the processing of user data
3.1. We process personal user data using the categories listed in 3.2 for the following general purposes:
a. to make contact with a contractual partner,
b. to fulfil pre-contractual and contractual obligations,
c. to provide the services offered,
d. to answer questions and comments,
e. for the purposes of e-mail marketing and market research, provided that the data subject has given his/her express consent to such processing,
f. to provide support services and,
g. where appropriate, to inform the contractual partner about news at regular intervals.
3.2. We may process user data using the following categories for those who use our software offer:
a. technical electronic communication metadata (e.g. IP address, cookie data, software and hardware characteristics),
c. first and last name,
d. e-mail address,
e. telephone or fax number,
f. date of birth,
h. spoken and learnt languages,
i. other personal information entered by the service and the settings specified,
j. a profile picture if necessary,
k. where appropriate, data on the implementation of cashless payments, and
l. transaction data (for purchases), as well as interactive user data (such as learning progress and app usage behaviour).
3.3. The legal basis for the processing of personal data listed above in 3.2 is our predominant legitimate interest according to Art. 6 para. 1 lit f DSGVO, which consists of achieving the purposes in 3.1. The processing of user data is necessary to enable us to offer our software and services and to enable us to contact users.
3.4. If there is a contract between the user and us and if the processing of the user’s data is absolutely necessary for the fulfilment of the contract, the lawfulness of data processing also results from this necessity (Art. 6 para. 1 lit b DSGVO).
3.5. Occasionally we offer “combination packages”, in which we compile and “brand” various goods and services for customers together with cooperation partners. For this purpose it is necessary that we forward relevant data to our cooperation partners. Cooperation partners are vicarious agents in the sense of § 1313a ABGB (Austrian Civil Code), since without our cooperation partners it is not possible for us to provide the end customer with the combined package. The forwarding of data is therefore absolutely necessary for the fulfilment of the contract, henmce the lawfulness which results from this necessity (Art. 6 para. 1 lit b DSGVO). In addition, the data subject is informed separately about data transfer before the contract is concluded and his or her separate consent is obtained. The legality of the transfer of data is therefore also based on the consent of the data subject (Art. 6 para. 1 lit. a DSGVO).
3.6. Furthermore, the processing of data may be lawful on the basis of the need to comply with legal obligations (Art. 6 para. 1 lit. c DSGVO).
4. Purposes, categories of data and legal bases for the processing of web visitor data
4.1. We process personal web visitor data using the categories listed in 4.2 for the following general purposes:
a. to provide users with the website and to continue to improve and develop the website,
b. to detect, prevent and investigate attacks on the website,
c. to respond to requests,
d. to show special versions of our services and
e. to create website usage statistics.
4.2. We may process the following web visitor data of all persons who visit our website:
a. the IP address of the visitor and the date and time of visit, brand name and version of web browser as well as language setting selected, operating system, Internet Service Provider and website (URL) from which the web visitor was referred to the website,
b. the information that web visitors enter voluntarily into the contact form (i.e. name, e-mail address and message) or in the download menu (i.e. the customer’s telephone number) and
4.3. The processing of this web visitor data is necessary to achieve the purposes in 4.1 lit. a – d and to enable the website to be offered. With regard to the purposes listed in 4.1 lit. a – d, the legal basis for the processing of personal data is based on our overriding legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO, which is to achieve the purposes mentioned in points a – d and to be able to offer the website to users.
4.4. If there is a contract between the user and the Operator and if the processing of the user’s data is absolutely necessary for the fulfilment of the contract, the lawfulness of data processing also results from this necessity (Art. 6 para. 1 lit b DSGVO).
4.5. Furthermore, the processing of data may be lawful on the basis of the need to comply with legal obligations (Art. 6 para. 1 lit. c DSGVO).
4.6. We use “cookies” to improve the operation of the website. Cookies are small text files that can be stored on the user’s computer when the user visits a website. Cookies are generally used to provide users with additional functions on a website. Cookies cannot access, read or modify other data on the user‘s computer.
4.7. We use both cookies that are deleted when the browser is closed (session cookies) and cookies that remain stored on the terminal device after the browser is closed (permanent cookies). The cookies that we use may originate both from ourselves (first party cookies) and from third parties (third party cookies). The website uses Google Analytics (a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)) in order to be able to fulfil the purpose of “website usage statistics” mentioned in 4.1 lit. e.
4.8. Some cookies are technically absolutely necessary for the function of our website. The use of these cookies is lawful according to Art. 6 para. 1 lit. f DSGVO, as we have a legitimate interest in being able to offer a functioning website.
4.11. In order to revoke consent or to restrict it to certain cookies, users should be aware that:
a. a link in the website footer can be used to access the website’s “cookie manager”, in which the cookie settings can be changed at any time.
b. cookie settings can also be changed within the user‘s browser settings. Details can be found in the help function of the browser (usually accessible via the F1 key on the keyboard).
4.12. The revocation of consent to data collection has no bearing on the lawfulness of any processing that took place before revocation.
4.13. The cookies we use in detail:
|_gat_UA-68533319-2:”1″||To save Google Analytics ID. Google Analytics can be deactivated at https://tools.google.com/dlpage/gaoptout||learnmatch.com||2 years|
|_ga||To identify a specific website visitor in order to compile user statistics.||learnmatch.com||2 years|
|_gid||To identify a specific website visitor in order to compile user statistics.||learnmatch.com||2 years|
|wp-wpml_current_language:”en||To save language settings for the website. Please check]||learnmatch.com||10 days|
A cookie manager to enable us to check whether users have consented to the use of optional cookies. The following information is stored in the cookie:
5. Place of data processing and transmission of personal data
5.1. In order to achieve the purposes mentioned above in 2, 3 and 4, it is necessary to transfer data to external service providers. In the course of carrying out the data applications mentioned above in 2, 3 and 4, data will need to be forwarded to recipients of the following categories:
a. our IT service providers (see 5.6 for detail),
b. banks, where this is necessary for the implementation of cashless payments and
c. processing partner for communication.
5.2. In specific individual cases it may also be necessary to transfer data to the following recipients in the following categories:
a. cooperation partners (see 3.5 and 5.3),
b. chartered accountant and tax consultant,
c. lawyers and
d. public bodies (e.g. courts, police, administrative authorities).
5.3. Occasionally we offer “combination packages”, in which we compile and “brand” various goods and services for customers together with cooperation partners. For this purpose it is necessary that we forward relevant data to our cooperation partners. Separate consent will be sought in each individual case.
5.4 Data may be transferred to one of our distribution partners, as they are responsible for the first level support of our customers. For this purpose, it is therefore necessary that we forward the data to our sales partners. The lawfulness [or legality] of such data transfer arises from the mandatory nature of the transaction, covered by the terms of this contract.
5.5. Data transfer may also occur if our company or parts of our company are taken over by a third party or if our company or parts of our company are merged with another company. Before personal data is transferred and subject to other data protection guidelines, we will inform those affected in good time.
5.6. Data processing activities may, at least in part, be carried out outside the EU/EEA. Assignment of an external IT service provider is necessarily subject only to the legal instruments of Chapter V of the DSGVO. The appropriate level of data protection is determined in each case by one or more of the following points:
a. an adequacy finding by the European Commission under Art 45 DSGVO,
b. an exception for the specific case under Art 49 (1) DSGVO,
c. binding internal data protection regulations in accordance with Art. 47 in conjunction with Art 46. para. 2 lit b DSGVO,
d. standard data protection clauses according to Art. 46 para. 2 lit. c and d DSGVO,
e. approved rules of conduct pursuant to Art. 46 para. 2 lit e in conjunction with Art. 40 DSGVO,
f. an approved certification mechanism in accordance with Art. 46 para. 2 lit f in conjunction with Art. 42 DSGVO,
g. contractual clauses approved by the data protection authority in accordance with Art. 46 para. 3 lit a DSGVO.
5.7. We currently use the following external IT service providers:
Google LLC, Google Data Protection Office, 1600 Amphitheatre Pkwy, Mountain View, California 94043. This service provider stores registration data, learning progress data, e-mails and document storage, as well as customer-related calendar data, if applicable. Google LLC is based in the USA. The transfer of data by us to Google LLC is carried out on the basis of standard data protection clauses in accordance with Art. 46 para. 2 lit c and d DSGVO as well as on the basis of contractual clauses in accordance with Art. 46 para. 3 lit a DSGVO approved by the relevant competent data protection authority, which can be accessed at https://firebase.google.com/terms/firebase-mcc, thus ensuring an appropriate level of data protection and permitting the flow of data to this company.
Horizon Alpha GmbH, Fraunhoferstraße 8, D-82152 Planegg, Germany. This subcontractor is responsible for processing customer data for reporting, code management, learning progress data and customer data management and is responsible for second level technical support.
SendinBlue, Rue D’Amsterdam, Paris, France. This service is used by us to send marketing and CRM emails and messages. For this purpose, a separate declaration of consent is obtained from our users and the relevant stored e-mail address is sent to SendInBlue.
Amplitude Inc, 631 Howard St. Floor 5, San Francisco, USA (“Amplitude”). This service enables us to analyse and measure user behaviour and the performance of various advertisments within the app. For this purpose, the user’s calling IP address (in anonymised form) is transmitted for evaluation.
Amplitude Inc. is based in the USA. The transfer of data by us to Amplitude is carried out on the basis of standard data protection clauses in accordance with Art. 46 para. 2 lit c and d DSGVO as well as on the basis of contractual clauses approved by the respective competent data protection authority in accordance with Art. 46 para. 3 lit a DSGVO, which are available at [https://learnmatch.net/wp-content/uploads/2020/11/Amplitude_Order_Form_and_DPA-neutral.pdf], whereby an appropriate level of data protection is guaranteed and the flow of data to this company is permitted. Further information on data protection at Amplitude can be found at https://amplitude.com/privacy].
Branch.io, 645 High Street Palo Alto, CA, 94301 United States. This service provider temporarily stores the IP addresses for the administration of the deep link and, if necessary, temporarily stores the telephone number, iOS identifier and Android ID. Branch.io is based in the USA. The transfer of data by us to Branch.io is carried out on the basis of standard data protection clauses in accordance with Art. 46 para. 2 lit c and d DSGVO and on the basis of contractual clauses approved by the relevant competent data protection authority in accordance with Art. 46 para. 3 lit a DSGVO, which can be accessed at https://www2.branch.io/rs/315-FTT-121/images/PDF-Branch-AppDPA.pdf, thus ensuring an appropriate level of data protection and permitting the flow of data to this company.
6. Duration of storage
6.1. We only process personal data for as long as necessary to achieve the above-mentioned purposes. Personal data that we process in accordance with point 2 above is stored for the duration of the contract initiation, contractual relationship and (potential) partnership with the contractual partner/partner.
6.2. We store personal data that we process in accordance with point 3 above for the duration of the contract initiation, contractual relationship and as long as the user has a user profile stored with us.
6.3. We store personal data that we process in accordance with 4.2 letter a for a period of 36 months. Personal data that we process in accordance with 4.2 letter b is stored for the duration of the contract initiation, contractual relationship and as long as the user has a user profile stored with us.
6.4. Longer storage is only carried out if the storage or processing of the data is longer necessary:
a. in order to fulfil a legal obligation (e.g. the obligation under tax law to retain data in accordance with Section 132 (1) of the Austrian Federal Fiscal Code (BAO) and the obligation under company law to retain data in accordance with Sections 190, 212 of the Austrian Commercial Code (UGB): 7 years), which requires processing in accordance with the law of the Union or the Member States to which we are subject, or in order to perform a task in the public interest or in the exercise of official authority which has been assigned to us, or
b. to assert, exercise or defend legal claims.
7. Rights and obligations of the data subject
7.1. If our processing of data is based exclusively on the consent of the person concerned, he/she is entitled to revoke his/her consent at any time. In addition, according to the applicable data protection law, the person concerned has the right:
a. to check whether and which personal data we have stored and to receive copies of this data,
b. to request the correction, completion or deletion of personal data which is incorrect or not processed in accordance with the law,
c. to require us to limit the processing of data,
d. to object, under certain circumstances, to the processing of personal data or to revoke the consent previously given for such processing,
e. to require data transferability,
f. to ascertain the identity of third parties to whom personal data is transmitted and
g. to lodge a complaint with the data protection authority responsible for the Operator (i.e. the Austrian Data Protection Authority Barichgasse 40-42, 1030 Vienna) or with a data protection supervisory authority in another EU member state, in particular at the place of residence or work of the user concerned.
7.2. The provision of data is mandatory for contractual rather than legal reasons in order to enter into a contractual relationship with us and to use our services. Refusal to provide the data in accordance with points 2, 3 or 4 above may render us unable to fulfil our obligations to the user.
7.3. The data collected are not processed by means of automated decision-making including profiling, in accordance with Art. 22 DSGVO.
8. Confidentiality and security
8.2. The Operator restricts access to personal data to those employees of its own company, affiliated companies and external service providers who, in the reasonable opinion of the Operator, need such data in order to deliver products or services or to perform their tasks.
8.3. The Operator has physical, electronic and procedural security devices that comply with the regulations for the protection of personal data. However, it is not possible to guarantee one hundred percent security for data transfers on the Internet. For this reason, the Operator cannot guarantee or warrant the security of data that the user transfers for the fulfilment of the contract. In particular, access to and use of the service is exclusively at the user’s own risk. It is also the user’s responsibility to restrict access to their terminal device and to ensure that it is free of malware of any kind, which may track data entered into the service, such as e-mail addresses and payment data.
8.4. The Operator is expressly not liable for loss or damage resulting from non-compliance with this section by the user.
8.5. Payment for paid services is handled by the Operator via secure payment providers or directly via the relevant AppStores to ensure the security of payments according to general industry standards.
9. Contact with the operator
9.1. If you have any questions or concerns regarding the processing of your personal data, please contact us:
VE Vision Education GmbH
c/o Impact Hub Vienna GmbH