Privacy Policy HELBLING e-zone

(revised: 5 th October 2020)

Pursuant to Article 13 of the EU General Data Protection Regulation (GDPR), this privacy policy informs you about the processing of personal data on HELBLING e-zone (hereinafter termed application).

Processor: Helbling Verlagsgesellschaft m.b.H., 6063 Rum bei Innsbruck, Kaplanstraße 9, Austria, [email protected]

All user data which is collected by the application is processed in compliance with data protection laws. HELBLING uses this data to grant users access to the services provided by the application.

1. Collection and processing of data of all users

1.1. Processing for statistical details

Details of application calls are protected and stored for safety and statistical purposes as is customary on web servers. This data is stored separately from the personal data of registered users. Any personal data that we have acquired and stored is made known to third parties only if and when we are legally entitled or required (e.g. for breach of contract or criminal prosecution purposes) to do so or when you have given us your express consent. In such cases we pay strict attention to the regulations of the data protection act. Size and volume of any data transfer is limited to the required minimum.

In the case of non-registered and registered users, the application uses country source recognition. This is necessary due to distribution restrictions in different countries for the various products offered.

The legal basis for the processing is point (f) of Article 6 (1) GDPR. The legitimate interests that we pursue are ensuring system security, prevention of misuse, provision of a user-friendly website and optimising our services.

1.2. Cookies

Cookies are small files that a website / application sends to your browser when you visit the website. Your browser / application stores the cookies on your computer/device. Cookies enable us to store information for a period of time and to identify a user’s device. If you use different computers/devices or different browsers to access this website, you will be prompted to agree to our usage of cookies on each computer/device and browser.

We use permanent cookies to improve user experience and the provision of our services. Permanent cookies will remain stored on the device even after the browser has been shut down. On your next visit the website can read its cookies and retrieve data such as the time of your last visit or your preferred language.

We also use so-called session cookies. We use cookies solely to improve your user experience on this site. In prompting you to agree to the usage of cookies on our website, we meet the requirements of European data protection laws.

Permanent cookies usually include a setting to determine how long the cookie may be stored by the browser. At the end of this time the cookie expires, and on your next visit to this website you will be prompted again to agree to our usage of cookies.

The legal basis for the processing is point (f) of Article 6 (1) GDPR. The legitimate interests that we pursue are ensuring system security, prevention of misuse, provision of a user-friendly website and optimising our services.

You can use the options in your browser to notify you each time a cookie is stored. Thus, the use of cookies will be transparent for you. You can prevent cookies from being stored using the appropriate option of your browser software. We advise you that in this case you may not be able to use the full functionality of this website. In addition to this, you can prevent Google receiving and processing data created by the cookie and relevant to your website use (including your IP address) by downloading and installing the browser plugin available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en). An opt-out- cookie will be installed that will prevent your data being recorded whenever you visit this website in future.

1.3. Improving service quality and protection against misuse

The legitimate interests that we pursue are providing a user-friendly website, optimising our services, analysing system performance and protecting the services against misuse. Therefore, services from Google (Google Inc.; e.g. Google Analytics, https://policies.google.com/privacy), Cloudflare (Cloudflare, Inc., https://www.cloudflare.com/terms/), Datadog (Datadog, Inc.; https://www.datadoghq.com/legal/terms/), WISTIA (Wistia, Inc.; https://wistia.com/privacy) and JWPlayer (Longtail Ad Solutions, Inc.,;https://www.jwplayer.com/privacy/) are being used.

The legal basis for the processing is point (f) of Article 6 (1) GDPR. The legitimate interests that we pursue are ensuring system security, prevention of misuse, provision of a user-friendly website and optimising our services.

2. Collection and processing of data of registered users

2.1. Registration

For initial registration, first name and surname, email address, country and time zone as well as a password of choice are obligatory requirements. Your first and surname, email address and password serve to identify you unambiguously as the contractual partner entitled to use the online service and to make further individual benefits available. The email address enables us to contact you quickly should there be any queries needing clarification and to reset your personal password in case of need. The legal basis for the processing is point (b) of Article 6 (1) GDPR.

2.2. Teacher authentication

For the authentication of teaching personnel, also p.r.n. a school identification number as well as a school name and address are required. This data serves to identify and verify the teaching personnel unambiguously for access to the protected area and to make individual benefits available to them. The information concerning the school serves to verify you as a bona fide teacher. The legal basis for the processing is point (b) of Article 6 (1) GDPR.

2.3. Setting up access for students by a teacher

When a teacher sets up access for a class and its students, access codes (user name and password) are created for the students. We strongly recommend using pseudonyms for this set up instead of real names as such data will apply only indirectly to individual persons. Consequently access and the data contained therein cannot be allocated by us to any particular person. Allocation can then only be made by the teacher involved. The legal basis for the processing is point (b) of Article 6 (1) GDPR.

In order to process personal data with the application in compliance with the EU General Data Protection Regulation (GDPR), we have to require the agreement of students and, if applicable, their legal representatives for the setup of the student accounts by the teacher. The legal basis for the processing is Article 8 (1) GDPR.

3. Processing data for statistical purposes

HELBLING utilises the data obtained from non-registered and registered users to maintain the services offered or to improve them. In addition to this, the results from exercise materials could be used completely anonymously for research projects. No personal details are ever disclosed to third parties during this process. In all other cases, too, no data is ever given to third parties, but data may be requested by the authorities in the case of an official investigation.

The legal basis for the processing is point (f) of Article 6 (1) GDPR. The legitimate interests that we pursue are ensuring system security, prevention of misuse, provision of a user-friendly website and optimising our services.

4. Closing a user’s account

Registered users can close their user accounts and completely delete all personal data related to their account at any time. When class accounts are closed, all the class related data is deleted as well.

5. Recipients of personal data

As a rule, data will be shared with third parties only if necessary for the performance of a contract. This may be the case when, for example, the customer’s address is transmitted to the distribution centre.

Apart from that data will be shared with third parties only if this is permitted by a statutory provision or the customer has given his/her consent.

6. Your rights

Under the GDPR you may have the following rights:

You may require access to personal data relating to you which is processed (Article 15 GDPR).

You may request the rectification, the erasure or the restriction of processing of personal data relating to you (Articles 16, 17 and 18 GDPR).

You have the right to data portability (Article 20 GDPR).

You may withdraw any consent you have given (Article 7(3) GDPR). The withdrawal of consent is to be addressed to: Helbling Verlagsgesellschaft mbH, Kaplanstraße 9, 6063 Rum bei Innsbruck, or to [email protected].

You may object, on grounds relating to your particular situation, at any time to processing of personal data concerning you (Article 21(1) GDPR).

You may object at any time to processing of personal data concerning you for direct marketing (Article 21(2) GDPR).

You may lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes data protection laws. The competent supervisory authority for us is: Österreichische Datenschutzbehörde, Wickenburggasse 8, 1080 Wien, Austria.