Privacy Policy

in accordance with Articles 13 and 14 of the GDPR – fulfillment of information obligations

Thank you for visiting our website! Protecting your data is our top priority. In this privacy policy, we provide detailed information about how we process your data.

This policy applies both to data processing within VERMAK GmbH and to the use of our website. The legal basis for this data processing is the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

All personal references are gender-neutral and are used solely for the sake of readability.

1. Data processing in general

1.1 Responsible party

The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

VERMAK GmbH
Albertgasse 35/1
1080 Vienna
Tel: +43 720 51 53 00
Fax : +43 720 51 53 01
Email: office@vermak.eu

The company has voluntarily appointed a data protection officer. He can be contacted at dsb@quickandproper.eu.

1.2 Data processing in accordance with Article 13 GDPR

We process data that is provided to us by various individuals through their own disclosures, such as when registering with the continuing education management system, subscribing to newsletters, applying for jobs, and concluding contracts.

1.3 Data processing pursuant to Article 14 GDPR

In addition, we also process data that is not provided directly by the data subject. This is the case, for example, when management bodies provide us with the names and contact details of their employees in the context of projects or business relationships.

1.4 Affected persons

We process the following data from interested parties: company, name of the contact person, and professional contact and address details.

We process the following data from customers: company, title and names of contact persons, professional address and contact details, bank details, and contract details.

We process the following data from suppliers and business partners (e.g., trainers or speakers): company, title and name of contact persons, professional address and contact details, bank details, contract data. In addition, based on consent, we also process image data for publication in print media and on our website.

We process the following data from event participants: company, title and name of the registered person, professional contact details and address details, possibly bank details for events subject to a fee.

We process the following data from training participants: company, title and name of the respective participant, gender, date of birth, professional address and contact details, training data (courses completed and certificates), log data, user data (email address, password – not in plain text), image data. Most of this data can be provided voluntarily.

The following data is processed from newsletter recipients: email address and name data.

1.5 Transmission of data from data

  • Transfer to processors: We work with processors to whom personal data is transferred in order to provide services efficiently. These include companies that perform tasks such as contract fulfillment, payment processing, account management, newsletter distribution, and IT services.
  • Other transfers: In certain cases, such as legal obligations or in the context of a legal dispute, personal data may be disclosed to authorities or lawyers.

1.6 Storage/deletion/anonymization of data

  • Contractual retention obligations: After termination of a contractual relationship or after the end of contractually agreed periods, your data will be deleted or anonymized as soon as there are no legal retention obligations to the contrary.
  • Revocation of consent: If consent to the processing of personal data is revoked, the data will be deleted or anonymized unless there is another legal basis for processing.
  • Statutory retention obligations: In order to comply with statutory retention obligations, personal data must be retained for a period prescribed by law even after the end of the contract or revocation of consent. After these periods have expired, the data will be deleted or anonymized.

1.7 Legal basis

The legal basis for data processing is:

  • Consent (e.g., when processing your email address for advertising purposes) pursuant to Art. 6(1)(a) GDPR
  • Contract initiation and fulfillment Art. 6(1)(b) GDPR
  • Legal obligations (e.g., legally prescribed storage and documentation obligations, publication obligations in accordance with copyright law) pursuant to Art. 6 (1) (c) GDPR
  • We will inform you separately about the legal basis and purpose of the processing for each data processing operation described below.

Legitimate interests of our company (e.g., use of software) pursuant to Art. 6 (1) (f) GDPR

2. Contacting us

When you contact us by email, telephone, or contact form, the data you provide will be stored in order to process your enquiries.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest)

3. Data processing when using our website

When using the website for informational purposes only, we only collect the personal data that your browser transmits to our server (server log files). When you visit our website, we collect the data that is technically necessary for us to display our website to you and to ensure stability and security:

  • IP address
  • Date and time of the request
  • Time zone difference to Coordinated Universal Time (UTC)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

This data is not merged with personal data sources. We reserve the right to subsequently check this data if we become aware of specific indications of illegal use and, in the event of a cyberattack, to pass the data on to the law enforcement authorities. No further disclosure to third parties takes place.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest)

3.1 Cookies

When you visit our website, cookies are stored on your device. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive. They enable us or third-party providers to collect certain information. Cookies cannot execute programs or transfer viruses to your computer.

The information contained in cookies is used, for example, to determine whether you are logged in, what data you have already entered, or to recognize you as a user when a connection is established between our web server and your browser.

We distinguish between technical cookies, which serve exclusively to ensure the operation of a website, and cookies requiring consent, which are set by us or third-party providers for the purposes of statistical analysis, tracking, or advertising/marketing.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest; for technical cookies), Art. 6 (1) (a) GDPR (consent; for all other cookies)

4. Data processing in the analysis of web access

We use the functions of the web analysis service Advanced Web Statistics on our website. Information about the provider AWStats can be found at www.awstats.org. The information generated by the AWStats cookie about the use of this website is transmitted to a server of Vermak GmbH and stored there anonymously. The stored data is retained for a period of six months (“log file rotation”).

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest)

5. Other external services

5.1 Brevo (formerly Sendinblue)

For our digital marketing, we use the Brevo Marketing Platform, a service provided by Sendinblue GmbH, based at Köpenicker Str. 126, 10179 Berlin.

The Brevo Marketing Platform includes various functions for carrying out and optimizing our marketing activities. These include, in particular, sending personalized campaigns via email, SMS, and WhatsApp, live chats to answer questions about our products, automated marketing campaigns, such as responding to user interactions on our website, customizable registration forms for newsletters, events, or info sessions, the use of artificial intelligence to optimize email content and sending times, the creation of landing pages for lead generation, the sending of web and mobile push messages for targeted user communication, and mobile wallet functions for digital payment processes.

As part of these services, Brevo processes personal data such as email addresses, IP addresses, usage behavior (e.g., open and click rates), phone numbers, or message content, depending on which specific function is used.

The purpose of the processing is to carry out targeted marketing measures, optimize our communication, and make our digital offerings user-friendly.

Further information can be found in Brevo’s privacy policy at: https://www.brevo.com/de/legal/privacypolicy/.

Legal basis: Art. 6(1)(a) GDPR (consent)

5.2 Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland, on our website.

Google Analytics enables us to analyze visitor behavior on our website in order to draw conclusions for improving our offering and user-friendliness. Information such as pages viewed, length of stay, user origin, device type, operating system, and interactions with specific content is collected and evaluated by Google on our behalf.

The data collected is processed with a shortened IP address, so that a direct personal reference is excluded. In addition, we only use Google Analytics with IP anonymization enabled.

The information collected in this process may also be processed on Google LLC servers in the USA. Google is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.

Further information on data processing by Google can be found at: https://policies.google.com/privacy.

Legal basis: Art. 6(1)(a) GDPR (consent)

5.3 Vimeo

We use video content embedded via the Vimeo service to provide learning content on our e-learning platform. The provider is Vimeo Inc., 330 West 34th Street, 10th Floor, New York, NY 10001, USA.

The videos are embedded using the open source software programs H5P and Moodle. When Vimeo videos are integrated into Moodle using H5P, no tracking is triggered by Vimeo. This means that no personal data is transferred to Vimeo as long as there is no active interaction with Vimeo outside the Moodle environment.

The videos are integrated for the purpose of implementing and supporting mandatory learning offerings.

Further information about Vimeo can be found at: https://vimeo.com/privacy.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest)

6. Your rights

You have the following rights with regard to your personal data:

  • Right to access, rectification, and erasure
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability

Please send your inquiries and concerns by email to datenschutz-vermak@meineberater.at or contact us using the contact details provided.

If you believe that we have violated Austrian or European data protection law in the processing of your data and thereby infringed your rights, we ask you to contact us so that we can clarify any questions you may have.

You also have the right to complain to the supervisory authority, which is the Austrian Data Protection Authority:

Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, telephone: +43 1 52 152-0

Email: dsb@dsb.gv.at

7. Changes to this privacy policy

We reserve the right to make changes to our privacy policy from time to time. All changes to the privacy policy will be published by us on this page. Please refer to the current version of our privacy policy for this information.