1. Responsible party and scope of application:
Fox Education Services GmbH
as the operator of www.foxeducation.com
FN 484341 t Vienna Commercial Court
DVR number: 4019475
Liechtensteinstraße 25/DG, 1090 Wien
Data protection officer within the meaning of the GDPR:
Ploil Boesch Rechtsanwälte GmbH
Dr. Mario Schnakl
3. Purposes and legal bases for processing:
We always process the personal data of our users in accordance with all relevant data protection regulations, and only insofar as is necessary to provide a functional website and our content and services.
Personal data is only processed when such processing is permitted by law. In the event that we request the consent of data subjects to process their personal data, Article 6 (1) (a) of the GDPR serves as the legal basis for this processing. If we are required to process personal data to complete an order, provide a service, or implement measures to ensure our contracts are fulfilled, then Article 6 (1) (b) of the GDPR serves as the legal basis for this processing. If we must process personal data to fulfill our legal obligations, then Article 6 (1) (c) of the GDPR is the legal basis for this processing. If we are required to process data to protect the vital interests of the data subject or another natural person, then Article 6 (1) (d) of the GDPR is the legal basis for this processing. Finally, in the event that we must process personal data to safeguard our legitimate interests or those of third parties, Article 6 (1) (f) of the GDPR is the legal basis for this processing.
4. Security and anonymity
At Fox Education Services GmbH, data security is of the utmost importance. We do everything in our power to prevent unauthorized access to the data that is entrusted to us by our users. State-of-the-art organizational, contractual, and technical security measures (such as firewalls and encryption technologies) are combined with a sophisticated access control system to ensure the highest possible level of data security is achieved.
5. Individual processing operations:
5.1 Availability of the website and the creation of log files
When a user visits our website, our system automatically collects the following data and information from the user’s computer: the IP address of the computer, the name and URL of the page the user visits, the date and time of the visit, the amount of data that is transferred, a message indicating whether or not the requested page was available, the type and version of the user’s browser and operating system, and the website the user was visiting just before accessing the page on our website (referring website).
Article 6 (1) (f) of the GDPR serves as the legal basis for the creation of log files and the storage of this access data, which are required to ensure the proper functioning of our website, its ongoing optimization, and the long-term security of our systems. Once the data is no longer needed for processing purposes, it is deleted. This occurs no later than 14 days after its collection. However, should the data be required for the purposes of evidence, then it may be stored until the resolution of the dispute.
5.2 Correspondence and Help Center
When users contact us (e.g., by email or the contact form), we process their personal data (email address, and if necessary their name and other information) to process their inquiry. We also offer a comprehensive help database with answers to the most frequently asked questions, as well as video tutorials.
Depending on the specific nature of the inquiry, Article 6 (1) (b), (c), or (f) of the GDPR serves as the legal basis for this processing. By submitting an inquiry, the user expects to receive a response. In this respect, Article 6 (1) (a) of the GDPR (regarding consent) may also serve as the legal basis for the processing.
We only send newsletters, emails, and other electronic messages containing promotional content if users have given us their consent to do so. We use “rapidmail” to send our newsletter, a certified German newsletter software provider that we selected for its strict compliance with the requirements of the GDPR and the German Data Protection Act (“Bundesdatenschutzgesetz,” or “BDSG”).
Users must complete a double-opt-in process to subscribe to our newsletter. In other words, once they sign up, they will receive an email asking them to confirm their registration. Their registration is only complete when they click on the activation link contained in the confirmation email. We only use the data users provide during the registration process for the purpose of sending them our newsletter, which may contain offers and information. User data is sent to rapidmail GmbH, but the company is prohibited from using the data for any other purpose than to send our newsletter. In particular, it is not authorized to pass on or sell user data. “rapidmail” generates comprehensive statistics on how newsletters are opened and used. These analyses are done on groups of users and cannot be used to evaluate the behavior of an individual user. For more information on rapidmail, please visit: https://www.rapidmail.at
In particular, the processing of this personal data is justified by Article 6 (1) (a) of the GDPR, while the use of statistical surveys & analyses and the logging of the registration process are based on our legitimate interests as per Article 6 (1) (f) of the GDPR.
The data that is necessary to send our newsletter is stored for the duration of the user’s subscription. Users may, at any time, revoke their consent to this storage and/or to the use of their data to send our newsletter. To do so, they can (for example) click on the “Unsubscribe” link in the newsletter.
5.4 Cookies & audience measurement:
We use “cookies,” or small text files that are sent from our web server to the user’s browser during their visit to our website, and stored on their computer for retrieval at a later time. Among other things, cookies contain information regarding the previous times that a user accessed our server, including the offers the user accessed on our website. Cookies are not used to run programs or to load viruses onto the computers of users. Instead, the main purpose of cookies is to create a custom offer and make the use of our website as convenient as possible for the user.
We use “session cookies” that are temporarily stored in the memory of the user’s computer, as well as “partner and affiliate cookies” when the user accesses the FoxEducation website from an ad on another website. These cookies are solely used for billing purposes and do not contain any personal data of the user.
5.5 Google Analytics and Google “remarketing” services:
Our use of Google Analytics, a web analysis service provided by Google Inc. (hereinafter “Google”), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, on the www.foxeducation.com website, as well as the marketing and “remarketing” services of the same company (hereinafter “Google Marketing Services”), is based on our legitimate interest as defined in Article 6 (1) (f) of the GDPR.
The standard contractual clauses agreed with Google ensure that these services comply with all European data protection regulations.
Google Marketing Services lets us display ads for and on our website in a more targeted manner, by only presenting those ads which may match the user’s interests. If users are shown ads for products that aroused their interest on other websites, then this is known as “remarketing.” For “remarketing” purposes, whenever a user visits our website or another website that uses Google Marketing Services, Google immediately executes a code and so-called marketing or remarketing tags are incorporated into the website. These tags allow for a cookie or some similar technology to be stored on the device of the user. The cookies can stem from a variety of different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. These cookies record information such as the web pages the user visited, the content that captured their interest, and the offers upon which they clicked, as well as technical data on the user’s browser and operating system, referring web pages, the amount of time the user spent on a web page, and other information regarding the use of our online offer. They also collect the user’s IP address, which, as part of Google Analytics, is shortened in the member states of the European Union or the countries of the Agreement on the European Economic Area, or, in some rare cases, sent in its entirely to a Google server in the USA and shortened there. The user’s IP address is not linked to their other data should they participate in further Google offers. Google may combine the above-mentioned information with similar information from other sources. When users visit other web pages, they can therefore be shown ads that match their own personal interests.
Google Marketing Services only works with pseudonymous user data. In other words, Google does not save or process the name or email address of the user, but only the relevant cookie-related data obtained from the pseudonymous user profile. This means that from Google’s point of view, ads are not run for an identifiable person but for the owner of the cookie, whoever that happens to be. The above does not apply if users have explicitly authorized Google to process their data in a non-pseudonymous fashion. The user information collected by Google Marketing Services is transferred to Google’s servers in Ireland, where it is stored.
We may also use the “Google Optimizer” service. Google Optimizer helps us understand how various changes (e.g., to the input fields, the design, etc.) affect a website, within the framework of so-called “A/B testing.” Cookies are stored on the devices of users for these testing purposes. Only pseudonymous data is processed during these tests.
In addition, we may use the “Google Tag Manager” to integrate and manage Google analysis and marketing services on our website.
Users may install a browser plug-in to prevent information collected by cookies (including the IP address) from being sent to and used by Google. This plug-in can be obtained via the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Alternatively, users can click on the link found at www.foxeducation.com/datenschutz to prevent Google Analytics or Google AdWords from collecting data on their use of this website. By clicking on this link, an “opt-out cookie” will be downloaded on the device of the user. The user’s browser must therefore be set to allow for cookies. If users delete their cookies regularly, they will be required to click on the link each time they visit this website.
More information on Google’s use of personal data can be found at: https://support.google.com/analytics/answer/6004245?hl=en
5.6 Facebook custom audiences and marketing services:
As per our legitimate interest in the analysis, optimization, and profitable operation of our website (and for these purposes), we use the “Facebook Pixel” in our online offer, a feature of the social networking site Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if the user is a resident of the European Union, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”).
The standard contractual clauses agreed with Facebook ensure that this service complies with all European data protection regulations.
The Facebook Pixel allows Facebook to identify visitors of our website as targets for its advertisements, or so-called “Facebook Ads.” We therefore use the Facebook Pixel to ensure our Facebook Ads only appear to those Facebook users who have also expressed an interest in our online offer, or who can be identified by certain characteristics (e.g., interests in topics or products determined on the basis of previously visited websites) that we communicate to Facebook (so-called “custom audiences”). We use the Facebook Pixel to make sure our Facebook Ads spark the interest of users and do not come across as annoying. The Facebook Pixel also allows us to gauge the effectiveness of our Facebook Ads for statistical and marketing purposes, by showing us if users were redirected to our website after clicking on a Facebook Ad (a so-called “conversion”).
When a user visits one of our web pages, the Facebook Pixel is immediately incorporated into the page by Facebook and a cookie may be stored on the device of the user. If the user subsequently logs in to Facebook or visits Facebook while already logged into their Facebook account, the visit to our website is recorded in the Facebook profile of the user. To us, any data collected by Facebook is anonymous, which means there is no way it can be traced back to the user. However, the data is stored and processed by Facebook so it can be associated with the respective user profile and used by Facebook (e.g., for its own market research and advertising purposes).
In the event that we transmit data to Facebook for matching purposes, this data is encrypted in the browser locally and only sent to Facebook via a secure HTTPS connection. This is done solely for the purpose of creating a match between the data that is encrypted in the same way by Facebook.
We also use the “advanced matching” feature of the Facebook Pixel, whereby data is sent to Facebook in encrypted form for the purpose of creating target groups (“custom audiences” or “lookalike audiences”).
We also use Facebook’s “Custom Audience from File” feature. In this case, the email addresses of our newsletter subscribers are uploaded to Facebook. The upload is encrypted and used solely to determine the recipients of our Facebook Ads. We want to make sure that such ads are only displayed to users who are interested in our information and services.
Facebook processes user data according to its own data usage guidelines. For more information and details on the Facebook Pixel (including how it works), please visit Facebook’s Help section.
Users can always object to the Facebook Pixel collecting their data or Facebook using their data to display Facebook Ads. A special Facebook page has been set up to allow users to define the types of ads they would like to see while on Facebook. Among other things, they can choose to receive ads based on their use of apps and websites. These settings are platform-independent, which means they will be applied to all the devices (e.g., a desktop computer or smartphone) of the user.
5.7 Pinterest Tag:
As per our legitimate interests as defined in Article 6 (1) (f) of the GDPR, we use the “Pinterest Tag,” a feature of the company Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, on the www.foxeducation.com website.
The standard contractual clauses agreed with Pinterest ensure that this service complies with all European data protection regulations.
The Pinterest Tag allows Pinterest to identify visitors of our website as targets for its advertisements, or so-called “Pinterest Ads.” We therefore use the Pinterest Tag to ensure our Pinterest Ads only appear to those Pinterest users who have also expressed an interest in our online offer, or who can be identified by certain characteristics (e.g., interests in topics or products determined on the basis of previously visited websites) that we communicate to Pinterest (so-called “actalike audiences”).
We use the Pinterest Tag to make sure our Pinterest Ads spark the interest of users and do not come across as annoying. The Pinterest Tag also allows us to gauge the effectiveness of our Pinterest Ads for statistical and marketing purposes, by showing us if users were redirected to our website after clicking on a Pinterest Ad (a so-called “conversion”).
When a user visits one of our web pages, the Pinterest Tag is immediately incorporated into the page by Pinterest, and a cookie (i.e., a small data file) may be stored on the device of the user. If the user subsequently logs in to Pinterest or visits Pinterest while already logged into their Pinterest account, the visit to our website is recorded in the Pinterest profile of the user. To us, any data collected by Pinterest is anonymous, which means there is no way it can be traced back to the user.
Users can always object to the Pinterest Tag collecting their data or Pinterest using their data to display Pinterest Ads. A special Pinterest page has been set up to allow users to define the types of ads they would like to see while on Pinterest. Please see the section on usage-based advertising in the Pinterest settings: https://www.pinterest.com/settings. These settings are platform-independent, which means they will be applied to all the devices (e.g., a desktop computer or smartphone) of the user.
5.8 LinkedIn Tag
When contacting us (via the contact form or e-mail), the information provided by the user is processed to carry out the contact request and its completion on the basis of Art 6 Para 1 lit a or lit b of GDPR. User information can be stored in our customer relationship management system (“CRM system”), the ERP system or a comparable inquiry organization (lead management). We use the CRM system “HubSpot” from the provider HubSpot, Inc. HubSpot is a US company with several offices in Europe (HubSpot Germany GmbH, Koppenstraße 93, 10243 Berlin, Germany). For this purpose, we have concluded an order processing contract with HubSpot with so-called standard contractual clauses, in which HubSpot undertakes to process user data only in accordance with our instructions and to comply with EU data protection standards.
We also use the integrated software solution HubSpot for marketing activities. In detail:
- Landing pages and forms
- Email Marketing and Marketing Automation
- Social media publishing and reporting
- Evaluations such as traffic sources etc.
HubSpot will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and internet usage. Pseudonymous user profiles can be created from the processed data. We only use HubSpot with activated IP anonymization. This means that HubSpot shortens the user’s IP address within the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a HubSpot server in the USA and shortened there. The IP address transmitted by the user’s browser is not merged with other data from HubSpot. Users can prevent the storage of cookies by setting their browser software accordingly. You can find more information on how HubSpot uses data, settings and objection options on the Hubspot website: https://legal.hubspot.com/privacy-policy
6. Rights of users:
Users have the right to request – free of charge – information regarding the personal data we have collected and stored about them. This request should be sent electronically to the following email address (with a copy of their ID): firstname.lastname@example.org
In addition to the right to access their personal data, users are entitled, among other things, to the right to rectify, delete, restrict the processing of, object to the processing of, and revoke their consent to the processing of their personal data, as well as the right to transmit their data to another controller (portability).
If users consider that our processing of their data violates data protection regulations, or that the data protection rights to which they are entitled have been violated in any other way, they may file a complaint with their local data protection authority.
FoxEducation shall not be held liable for any non-compliance with data protection regulations by the operators of external websites and third-party services, or by the operators of any sites linked to this website. Under no circumstances shall FoxEducation accept responsibility for the content of external websites or files linked by FoxEducation or its users.