of VE Vision Education GmbH
A. This document covers the procedures for the recording, usage and disclosure of data. This policy governs how personal and non-personal data collected from our contractual partners (“users”) is handled during the provision of our services.
Third-party licence holders, such as employers, advocacy groups, trainers or similar third parties can acquire licenses as part of their own licence agreement in their own name at their own cost in order to receive access codes which can be used by users to unlock app functions and other products/services of the operator. A separate claim or obligation shall not accrue to the user from the relationship between third-party licence holder and operator.
2. RECORDING AND USE OF INFORMATION
2.1 If the user registers a user account, the operator will enter the following personal data and information for the purposes of identifying the user:
2.2 User name, email address, date of birth, sex, languages spoken, other personal information entered by Customer Services, the settings made and, where applicable, a profile image. Transaction data (when making purchases) and interactive user data (e.g. lesson progress) are also recorded. The operator processes this personal data and information for the following general purposes:
- To provide the offered services;
- To respond to questions and comments;
- To contact the user;
- For marketing and market research purposes provided that the user has separately agreed to the processing of his data for such purposes.
- For statistical purposes
- For optimal targeted support from parents, teachers, companies and trainers
- And as described on the data input screen where applicable.
2.3 The operator receives and saves information about the end device and browser used, including IP address, cookie data, software and hardware properties and the pages and services called up by the user (“digital communication metadata”) The operator will use this information to customise content, improve his service, carry out research and create anonymised reports for internal purposes and for external customers, e.g. marketing clients. If the user consented to the processing of his data as per an extended consent in 2.4, the digital communication metadata will also be used to customise marketing methods.
2.4 Signing this contract entitles the operator to send the personal data sent by the user as part of the fulfilment of the contract, to save or process it – by the operator itself or by one of his employees and vicarious agents within the meaning of § 1313a Civil Code (ABGB). The user must give his separate consent (“extended consent”) to the processing and use of personal data (e.g. For marketing purposes) beyond the above.
3. RIGHTS OF USERS
3.1 Agreements submitted to the operator as part of extended consent (2.4) concerning the recording, processing and use of personal data can be revoked by the user in full or in part. The same also applies to any later consent which goes beyond the above given for the recording or processing of the user’s personal data.
3.2 In addition, the user can also ask for incorrect data to be corrected and data to be blocked or deleted if this data is not needed for performance of the contract between operator and user, if the operator has no overriding interests [in doing so], or when the operator is not prevented from saving data on account of a legal obligation. To do so, write to the operator enclosing a copy of one’s personal ID card or an legally acceptable photo ID.
VE Vision Education GmbH
4. SAVING PERSONAL DATA
The operator only saves personal data on secure servers operated at safe facilities within the European Union which have the very latest firewall protection. The data we collect can be sent to third parties who work either for us or one of our suppliers for the rendering of services. They can then save and process such data.
5. GOOGLE ANALYTICS
5.2 Given that the operator has opted for “IP anonymisation”, the IP address will be shortened by Google within the member states of the European Union and in other states who have signed up to the agreement in the EEA.
5.3 On behalf of the operator, Google will use the transmitted information to evaluate your use of our website to generate reports on website activities and to render other operator services relating to the use of the website and the Internet. The IP address sent as part of Google Analytics is not included with other Google data.
5.4 The user can reject the recording of data when creating user profiles by preventing the recording and transfer of Website-related data to Google generated by the cookie and also prevent this data from being processed by Google. In order to do so, download and install the following browser add-on to deactivate Google Analytics:
The operator uses the Firebase SDK to better understand and optimise user behaviour in the apps. Firebase also uses other functions to improve usability and to analyse the reasons for app crashes.
The operator uses Amplitude to better understand and optimise user behaviour on our website and in the web app. No personal data is processed. For further information, refer to Amplitude’s data protection policy: https://amplitude.com/privacy
8.1 The operator uses HockeyApp services in its mobile apps. The transfer and analysis of crash reports is used by HockeyApp during the development of the operator’s apps. A UUID is created to record user data and this is saved by HockeyApp. This UUID is not associated with any personal data since such data are generally not saved.
8.2 The following technical data are collected as a part of crash reports: Timestamp, country, operating system, app version, device type. No personal data is sent to HockeyApp. HockeyApp is a service from Microsoft. For legal information, see: https://azure.microsoft.com/de-de/support/legal/ The data protection policy can be viewed here: https://www.microsoft.com/de-de/privacystatement/OnlineServices/Default.aspx
9.1 In the apps, the operator uses the Software Development Kit (SDK) from Facebook. The Facebook SDK is released and managed by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA. This SDK allows the operator to understand which advertising campaigns on the Facebook social network to persuade users to download the apps.
9.2 To this end, the operator sends Facebook the app ID, version and information that the app was launched. Individual user activities (events) can be analysed within the app in order to more precisely define the target group for advertising campaigns. The operator does not send any other information to Facebook. The operator only receives an aggregated evaluation of app user behaviour from Facebook. The operator has no influence on how the information from the app events is processed by Facebook. More information about the Facebook SDK is available here:
10. SOCIAL BOOKSMARKS
10.1 On the website the operator uses social bookmarks (Facebook, Google). This allows the user to share articles from the site on his own social media profile.
10.2 To share the content, the user needs to have an existing Facebook or Google profile. The operator has integrated the social media bookmarks on the websites as a link to the services only. When the user clicks the graphic he is sent to the site of the provider where he can enter his information. The purpose and scope of data collection and further processing and use of data by providers and related rights and configuration options for protecting the user’s personal data can be found in the providers’ privacy policies.
Facebook privacy information: https://www.facebook.com/policy
Google privacy information: http://www.google.de/policies/privacy
11. DISCLOSING PERSONAL DATA
The operator will not send personal data to third parties except in cases where the user has given his extended consent (2.4) and under the following circumstances:
- To meet legal requirements on the submission of data, to fulfil a court order or legal process, to justify or assert legal rights or as a defence against legal claims;
- If the operator believes the forwarding of data is required in order to examine or prevent illegal activities, suspected fraud, situations with a potential threat to the physical security of persons or infringements of the operator’s terms and conditions of use, or to take measures against users, but only in cases where legally admissible.
- If the user takes up from the operator a service subject to a charge for third parties (such as employer, educational institutes, advocacy groups, trainers or other similar third parties) as a beneficiary (such as student, pupil or employee), we shall send upon request the following personal data:
- User first and surname
- Number of points/learning progress
- Game outcome
for tracking usage of the charged-for service;
Caution: All personal data published online can be recorded and used by other people. If users publish personal data online and this data is then publicly accessible, the user may receive spam from third parties which are not closely related to the operator.
12. ADVERTISING BY THIRD PARTIES
Based on 2.4, the operator shows adverts which are based directly on personal data. Marketing firms assume under certain circumstances that people who interact with targeted advertising, who view such adverts or who meet certain target group criteria.
13. CONFIDENTIALITY AND SECURITY
13.2 The operator limits access to personal data to employees of his own company, employees working for affiliated companies, and to external service providers who need to view such data based on the reasonable consideration of the operator in order to deliver products or service or to perform their work. The operator has physical, digital and process- technical safety devices which meet the privacy requirements. All that said, it is not possible to provide 100% protection of data sent online. The operator thus cannot assure or guarantee the safety of data sent by the user to the operator. In particular, access to the service and the use of the same is at his own risk alone. It is also part of the user’s responsibility to restrict access to the end device and to ensure that the same is free of any kind of malware which could track data such as email addresses and payment data entered in the service.
The operator processes the payment of charged-for services via a safe payment provider in order to assure the security of payments based on general industry standards.
14. WEBSITES OF THIRD PARTIES
15. CONTACTING THE OPERATOR
15.1 Email firstname.lastname@example.org to receive a copy of personal data sent by the website. Use the same email to request the operator update, change or remove your personal data.
Last updated: 23rd July 2017