of DAS SPRACHENSTUDIO Rosar e. U. (“Sprachenstudio”)
§ 1 Purpose and Legal Basis
In order to provide you with the services requested (language courses and exams for German and other languages, and other services agreed), we require to collect, store and process some of your personal data.
§ 2 Persons Responsible for Your Data
The person responsible for decisions on the processing of your data (“Data Controller”) is:
in the person of Mag. Petra Rosar, Director. The person performing the processing (“Data Processor”) is the same as the Data Controller, or an employee of Sprachenstudio authorized by the aforementioned Data Controller to perform such processing.
§ 3 Definition of Personal Data
Personal data means any information relating to an identified or identifiable natural person (“data subject”), for example your name, your address, your phone number, your birth date, nationality or email address.
Data that can no longer be attributed to a specific data subject without the use of additional information, i.e. after the process of anonymisation, are not personal data.
§ 4 The Data Collected
We collect your data on the following occasions.
a) Online Contact Forms
We collect your full name, email and telephone number in our online contact form (www.sprachen-studio.at/ueber-uns/kontakt). Similarly, we collect your phone number and name in our online call-back form.
At the time of sending your message via these forms, we additionally collect: IP-address of the computer used; date and time of access; name und URL of the file accessed; transmitted data volume; report whether the access was successful; recognition data of the accessing browser and operating system; web site from which the access is made.
You consent to the processing of these data by ticking the GDPR Consent Box (“Bestätigung laut DSGVO”) at the bottom of the respective Online Form.
This data processing is necessary in order to fulfil your contact request. The transmission of your data to third parties does not take place. These pieces of data are solely used for processing the conversation. The data is erased as soon as the purpose of its processing is fulfilled.
b) Purchase of Services
When booking a course in person at our offices, we collect your data with the help of a registration form and enter it into our data bank. Your data is not transmitted to any third parties, with the exception of the cases specified below.
The following pieces of data are recorded during the registration process:
- first and last name
- address of residence
- telephone number
- email address
- nationality & city of birth
When attending courses with continuous assessment, attendance and exam results are recorded.
Your data might be transmitted:
- in the case of certified exams, to the relevant examination body (ÖIF, ÖSD)
- in the case of courses or exams requiring proof, to the relevant authorities (AMS)
- when a company or another organisation pays the invoice for a customer.
Such transfers are limited to the extent necessary for the provision of the relevant service.
For processing your payment, we transmit your payment data to the bank commissioned for the payment. These companies may use your data only for fulfilling this commission and not for any other purposes.
Upon completion of your contract and complete settlement of your invoice, your data is blocked to prevent further processing and deleted upon expiry of the legally binding storage periods, unless you have consented to further use of your data.
c) Additional Data for AMS, ÖIF, ÖSD
For the clients requesting the services of preparation and organisation of official and certified language exams, as well as the clients receiving funding from the state agencies, the following additional data is collected: residential address registration (“Meldezettel”), passport copy, copy of the medical insurance card (“E-Card”).
This data is processed in order to comply with the requirements of the relevant state organisations (AMS, ÖIF, ÖSD) and the relevant laws.
On our websites, users may subscribe to our newsletter free of charge. The data entered in the input screen when subscribing to the newsletter is transmitted to us. When booking a service, you also may consent to the use of your email address for our newsletter service. The collection of the user’s data (email address) fulfils the purpose of delivering the newsletter.
We use a so-called “double-opt-in” procedure for our newsletter service, i.e. we will only send you our newsletter once you have confirmed your registration via a link emailed to you for this purpose.
When registering for our newsletter service, your email address will be used for marketing purposes by means of our newsletter, until you deregister from it. The data is erased as soon as it is not necessary any longer for fulfilling its purpose.
§ 5 Your Rights as Data Subject
The following rights arise from the GDPR for you as the subject of personal data processing:
- Right to access the data and be informed: pursuant to Article 15 GDPR, you have the right to obtain disclosure of the personal data processed by us, the purpose of the processing, the categories of personal data concerned, the data recipients (if any)
- Right to amend data: pursuant to Article 16 GDPR, you have the right to obtain without any undue delay the rectification of incorrect personal data or the completion of incomplete personal data saved by us.
- Right to erase data: pursuant to Article 17 GDPR, you have the right to demand erasure of the personal data saved by us, as long as the data processing is not necessary for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
- Right to restrict processing: pursuant to Article 18 GDPR, you have the right to request that we restrict the processing of your personal data This is applicable if you believe that the data regarding you is inaccurate, the processing unlawful, that we no longer require the data, but you do not wish us to delete the data because you require the processing to continue on certain legal grounds.
- Right to data portability: pursuant to Article 20 GDPR, you may request to receive your personal data that you provided to us.
- Right to revoke consent: pursuant to Article 7 (3) GDPR, you can revoke the consent you have given, at any time. As a result, we would no longer be allowed to continue the processing of your data based on such consent.
- Right to complain: according to Article 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the data protection supervisory authority of your usual place of residence, your workplace or our company location.
§ 6 Exercising Your Rights
In order to exercise your rights listed in Art. 5 above, please contact us at:
or at our offices in Mariahilfer Straße 93/1/15, 1060 Vienna, Austria.
If you wish to revoke your consent (provided by signing this document (or ticking the box in the Online Forms on our website) you can do so at any time. You can block the processing and use of your data for commercial purposes at any time. Revoking your consent would not lead to any adverse consequences, with the exception of inability, on our part, to provide certain services for which the processing of your personal data is essential.
§ 7 General Information on Data Processing
We collect and process personal data of our customers or website users only insofar as this is necessary for the provision of a functional company website or the provision of our services.
We use your personal data for the provision of the requested service (courses, exams, cultural events, excursions etc.), in order to answer your questions, and for the operation and improvement of our websites and applications.
For those clients who request the services related to the public agencies (AMS, ÖIF, ÖSD), we transmit the relevant data to the aforementioned agencies, in order to facilitate the services requested and to comply with the regulations of the said organisation. No further processing of your personal data takes place, unless explicitly requested by you or if we are legally bound to disclose your data.
b) Legal basis
The prevalent legal basis for the collection and processing of personal data of our website users or (prospective) customers is consent of the data subject, pursuant to Art. 6.1 a) GDPR. You provide such consent by ticking the appropriate box under the online contact forms – as regards the processing of your data in the online contact forms; or by signing the Consent Form when stipulating a contract with us. You may withdraw your consent at any time (see Section 6).
Further forms of legal basis may apply as follows.
Processing necessary for the performance of a contractto which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, personal data is processes pursuant to Art. 6, paragraph 1, lit. b) of the GDPR.
Processing of personal data performed in compliance with an obligation our company is subjectedis subject to, Art. 6, paragraph 1, lit. c) of the GDPR.
When vital interestsof the data subject or another natural person require the processing of personal data, Art. 6, paragraph 1, lit. d of the GDPR serves as the legal basis.
When processing is necessary for the purposes of the legitimate interestspursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, Art. 6, paragraph 1, lit. f) of the GDPR serves as the legal basis.
c) Storage and deletion of data
Personal data of the data subject are deleted and blocked as soon as the purpose for the data collection and storage is fulfilled and expired.
Data storage exceeding this period can take place in cases where this is provided for by European or national legislators in EU-regulations, laws or other provisions the controller is subject to.
Data is blocked or deleted when a storage period prescribed in the above-mentioned regulations is fulfilled, except in cases when further storage is necessary for the conclusion or the performance of a contract.
§ 8 Cookies, Plugins and Other External Services
We use so-called “session cookies” (also “temporary cookies”) and “persistent cookies”. Cookies are small text-files sent from our webserver to your browser when accessing our website and stored on your computer for a later visit. Temporary cookies which are only saved for the duration of your visit to our website. Persistent cookies remain on your computer and enable us to recognize your computer when you visit next. The generated cookies are deleted after several months.
Exerternal ressources currently used on our site: Google Fonts (fonts.googleapis.com), Google ReCaptcha (www.google.com/recaptcha), Google Analytics (ssl.google-analytics.com) with anonymized user-IP.
When sending our newsletter, we use UTM tracking cookies. With the help of these cookies, we can track which links in the newsletter users have clicked to reach our website. Further information: www.campaignmonitor.com/blog/email-marketing/2015/07/utm-codes-in-email/
This user data does not enable us to link it to any specific user. All of this anonymisedcollected data will not be linked to your personal data provided to us, and will be deleted after its use for statistical analysis. At the end of the session, as soon as you leave our website, most cookies are deleted.
Art.6 paragraph1 lit. f) of the GDPR serves as the legal basis for the processing of personal data when using cookies.
b) Hyperlinks to Third-Party Websites
On our website, we place so-called hyperlinks to websites of other service providers. When activating these hyperlinks, you are directly transferred from our website to this service provider’s website. You will be able to tell this because the URL changes. We cannot take on responsibility for the confidential treatment of your data on websites of third parties as we have no control as to whether these companies abide by data regulations. Please gather information on the treatment of your personal data by these companies directly on their websites.
c) Social Plugins
On our website, we incorporate social plugins of the social network “Facebook”. These are operated entirely by the relevant provider. These plug-ins are identified on our website by the button of the relevant service.
For information on scope and purpose of the data collection of the relevant service as well as their processing and use of your data, see the Privacy sections of the websites of the relevant service.
§ 9 Data Security
Your data security is our utmost concern. We take appropriate and reasonable measures to protect your privacy and to treat your personal data confidentially. To prevent loss or misuse of the data saved, we implement a series of technical and organisational measures that are re-examined regularly and adapted to technological progress.
However, we want to point out that due to the nature of the internet it is possible that other persons or institutions outside of our control do not abide by the rules of data protection or the above-mentioned security precautions. Particularly unencrypted data – i.e. via email – can be read by third parties. Technically, we have no influence on this. It is in the user’s responsibility to protect the data provided by him/her through encryption or other measures.