Privacy policy

As of: July 2021

Protection and careful handling of your personal data is very important to us. We therefore exclusively collect, process and utilise your personal data on the basis of legal regulations (GDPR, Telecommunications Act 2003, Data Privacy Act). This data privacy information outlines the data processing performed within the context of our online learning platform (in the following referred to as “online learning platform”).

 

  1. Data controller within the meaning of the GDPR:

KFV Sicherheit-Service GmbH, Schleiergasse 18, A-1100 Vienna (in the following referred to as “KFV”) is the data controller for personal data provided and deposited by you within the meaning of data privacy laws.

 

  1. We collect the following personal data:

We are required to process certain personal data in order to provide services via our online learning platform. The types of information we collect depend on how our online learning platform is utilised.

  • Information provided by users: We collect content, communication and other information provided by users while accessing our online learning platform; this includes information related to the registration of user accounts, the creation or sharing of content (e.g. photos, videos, etc.) as well as the exchange of messages or communications with others. It may encompass information about content provided by users (e.g. your name, your e-mail address, your date of birth, your postal address) or data contained within this information (such as metadata as e.g. the date on which the file was created). Our systems automatically process content provided by users as well as notifications based on technical necessities in order to log the context and the contained details for purposes described in the following.
  • Information about the usage of our online learning platform: We collect information about how the services of our online learning platform are used as e.g. in regard to used functions, performed actions (e.g. opening rate, click behaviour), persons or accounts with whom users interact as well as the time, frequency and duration of user activities.
  • Information from third parties: We may receive information (first name, last name, e-mail address, date of birth) about you and your activities from third parties when you link your account with external accounts (e.g. Facebook, Google, Apple).
  • Device information: We collect information from and about any Internet-enabled computer(s), phone(s) and other device(s) used by you. We receive the following information from these devices: visited sites and files, device signals, network and connection information (IP address, operating system and service provider, browser type) as well as cookie data.

You can access the “data privacy settings” via your account page and make decisions regarding the processing of certain personal data and view basic account and usage information.

The purpose of data processing is limited to personal data within the context of the GDPR; this includes your first and last name, your e-mail address, telephone number as well as your date of birth. The categories of affected persons consist of representatives and clients of driving schools, such as employees, contractual partners, examiners and customers.

For the usage of the online learning platform, end users (clients at the driving school) must provide certain correct and current personal data points directly or via the driving school (e.g. name, date of birth) as the driving school stores this information on your behalf on the online learning platform. Usage will then be enabled. The end user declares to have provided true, accurate, current and complete information regarding his or her person (so-called “registration data”). After registration or activation of the user via the driving school, the user is authorised to utilise the services of the online learning platform according to our terms of use. This usage license is granted once for a period of 18 months. The licensing fee is either paid directly via your driving school or our website/app.

 

  1. Processing purpose:

Data collected from you (depending on your selections) is used for the following purposes:

  • Provision of our services including updates, backup, troubleshooting and support
  • Development and improvement of our online learning platform
  • Protection, integrity and safety (in order to, e.g., prevent or uncover misuse, specifically fraud)
  • Enabling third parties to execute technical, logistical or other services on our behalf
  • Social features (e.g. chat forums, ranking lists, tournament events)
  • Statistical evaluations
  • Communication with our users
  • Compliance with current laws or, if necessary, defence or exercise of our legal rights

 

  1. Legal basis of data processing:

We collect, use and share data that is available to us in accordance with the following legal bases:

  • as required for the provision of our services requested by you,
  • as required for the fulfilment of our legal obligations,
  • as required for public interest,
  • as required for our legitimate interests (as well as for the interests of others) including our interest in offering innovative, personalised and safe services (i.e. within the context of business operation, record-keeping, statistical analyses, internal reporting as well as for research purposes, communication with users, analysis of user behaviour on our online learning platform, ensuring network and information safety and optimisation of user experiences),
  • in accordance with user consent.

 

  1. What are cookies and which cookies do we use:

Our online learning platform uses cookies. Cookies are small text files that your browser deposits on your consumer device. These cookies do not cause damage.

We use so-called “session cookies” on our online learning platform that are only stored temporarily until the user leaves the online learning platform again. The usage of session cookies is absolutely required to ensure the technical functionality of the online learning platform and the use of cookies is legally based on Section 96 (3) of the Telecommunications Act 2003. The cookie stores information as to which user is currently logged in. Based on this information, our online learning platform can identify the consumer device for the duration of the current session and make content available directly.

Subject to your consent – we store so-called “third-party cookies” in order to make it possible to analyse and optimise user behaviour on our online learning platform based on (non-)personal data:

 

  • The tool used for this purpose is called “Matomo”. The following Matomo cookies are used in the standard configuration and are stored for the following periods: 
    • MATOMO_SESSID: 14 days
    • _pk_id: 13 months
    • _pk_ref: 6 months
    • _pk_ses, _pk_cvar, _pk_hsr: 30 minutes
    • mtm_consent: 30 Jahre 30 years (Information regarding the acceptance or rejection of cookie settings is stored long-term.)

     

    The tool used for this purpose is the open-source web analysis service “Matomo” by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo uses cookies that allow for a statistical analysis of website use. Various usage information (e.g. your browser, your visit duration, your operating system) is collected whereas your IP address is anonymised prior to storage. Thus, personal data is not stored for statistical evaluations nor will this data be used to personally identify the user of the website or merge this information with other data. The storage of Matomo cookies and the use of this analysis tool is based on Section 6 (1) lit. f of the GDPR. We have a legitimate interest in the anonymised analysis of user behaviour in order to optimise both our web offer and our services.

     

  • Our online learning platform uses Google Analytics, a web analysis service by Google Inc. (“Google”). Google Analytics uses cookies, which make it possible to analyse the use of the website. Information generated by cookies about your use of our online learning platform is transferred to a Google server and stored there. IP anonymisation has been activated on this website in order to ensure the anonymous collection of IP addresses. Only the abbreviated form of your IP address is collected. Google uses this information to evaluate the usage of our online learning platform and compile reports about website activity. We exclusively use this information for our own market research and for the optimisation of the design of our online learning platform. You can prevent the installation of cookies by configuring the settings of your browser software accordingly. Moreover, you can prevent Google from collecting data generated by the cookie related to your use of the website and the processing of this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Specifically the following analytics cookies are used in the standard configuration, which are stored for the following periods:
    • _ga: 26 months
    • _gid: 26 months

     

  • We also use Imgix, a service provided by the company Zebrafish Labs, Inc., 423 Tehama St, CA 94103 San Francisco, USA. Imgix makes it possible to optimise images in real time. This service automatically adapts images and their resolutions from our online learning platform to your browser. For this purpose, your IP address is transferred to Imgix. The service is indispensable for the operation of the online learning platform. The previously stated data processing measures are legally based on Section 6 (1) f) of the GDPR in accordance with our legitimate interest to provide an error-free and safe online learning platform. The service is committed to observing European data protection regulations. Further information regarding the handling of transmitted data is available in the data privacy statement of the provider available at: https://www.imgix.com/privacy.
  • Our online learning platform also deploys Google Firebase technology by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Firebase”). Firebase offers various services for app developers; we are currently using the following Firebase services:

Firebase Cloud Messaging: Firebase Cloud Messaging is used in order to transmit so-called push notifications or so-called in-app messages (notifications that are only depicted in the respective app). For this purpose, the mobile device is associated with a pseudonymised push reference as the “target location” for the push notification or in-app message. You can deactivate or reactivate push notifications at any time via the settings of your mobile device. Firebase Cloud Messaging uses instance IDs in order to determine which devices receive messages. Firebase saves instance IDs until the Firebase client initiates the deletion of the ID by invoking the API. If possible, Google Firebase uses servers located in Europe for its services. However, it cannot be excluded that data is also transmitted to the USA. We have concluded an order processing contract with Google, which includes so-called standard contractual clauses in which Google commits to exclusively process user data according to our directives and abide by the EU data protection level. The usage of this cloud service is legally based on our legitimate interest according to Section 6 (1) f of the GDPR. More information regarding Google Firebase and data privacy is available under the following links:

You also have the option to register and sign into our online learning platform with an existing profile for one of the following social networks (Facebook, Google, Apple or A-Trust) and thereby authenticate yourself.

Our login site provides the respective symbols for these providers. Before establishing a connection with the provider, you must give your express consent to the process and data transmission as described in the following:

A new window opens up when you click on the respective symbol; you can use your login data to sign into the social network. After logging in successfully, the social network will inform you which data (name and e-mail address) is transmitted to us for authentication purposes within the context of the registration or login process. After you consent to this data transmission, the fields required for registration are filled in with the transmitted data. The information required by us for registration or login consists of your first and last name, your date of birth and your e-mail address.

We will exclusively store your data and use it for the described purposes after receiving your express consent for the use of this transmitted and required data. A link beyond the authentication process between the client account created with us and your account at the respective social network is not established.

Your IP address is transmitted to the respective provider of the social network in order to execute the authentication process for registration and login. We have no influence on the purpose and extent of data collection and the further processing of this data by the respective provider of the social network. For further information, please read the data privacy statements of the respective providers.

  • Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Data privacy statement (https://de-de.facebook.com/about/privacy/) and terms of use (https://www.facebook.com/legal/terms).
  • Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Data privacy statement (https://policies.google.com/privacy) and terms of use (https://policies.google.com/terms).
  • Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. Data privacy statement (https://support.apple.com/de-de/HT210318)
  • A-Trust GmbH, Landstraßer Hauptstraße 1b, 1030 Vienna, Austria. Data privacy statement (https://www.handy-sig (https://www.a-trust.at/de/sicherheit/datenschutz/?b) and terms of use (https://www.handy-signatur.at/hs2/#!infos/agb)

 

  1. Forwarding of received information:

We provide message boards, forums and chats on our online learning platform via which users can communicate with each other. Users are aware that any information they post is visible and accessible to other users, and the user posts information at his or her own risk. Users consent to not post messages and information under their actual first and last names but agree to use imaginary user names instead. Some of our services require that we forward information to third parties (e.g. service providers), other users and/or the general public; we may also have to forward information due to legal reasons or in case of a legal dispute. Data transmission to third parties is performed exclusively within the extent described in the following.

  • Service providers: We commission other companies who are in a direct relationship with the online learning platform with the fulfilment of tasks on our behalf. Examples of such entities include your driving school (see item 2 last in the last paragraph) or companies commissioned by us with the protection and maintenance of the operational readiness of the online learning platform and server. These service providers have access to your personal information as this information is required for the fulfilment of their tasks. However, they are not permitted to use this data for any other purposes. Moreover, they are committed to treat this information in accordance with our data privacy statement and pertinent data privacy laws.
  • Fulfilment of legal obligations: We forward your personal data when we are legally required to do so or if forwarding this information is required in order to assert our general terms and conditions or other agreements or to protect our rights.

 

  1. Corporate users (e.g. employees at a driving school):

The following applies if you use our online learning platform via an account provided by your employer as e.g. as an employee of a driving school or as a driving instructor:

Your employer controls and manages your user account including your data privacy settings and may access and process your data including interaction data as well as the content of your notifications and files associated with your user account.

Your employer is obligated to immediately block access to our online learning platform if your employment relationship ends. You will then no longer be able to access your account.

If your employer provides access to our online learning platform, the usage of the platform is subject to the company’s guidelines. You should submit your privacy queries as well as any other queries regarding data privacy rights to the administrator of your company. KFV is not responsible for the data privacy or safety practices of driving schools, which may deviate from this data privacy statement.

The processing of your personal data by KFV within the context of our online learning platform is regulated by an order processing contract concluded between KFV and your company according to Section 28 of the GDPR. KFV processes your personal data in order to offer you and your company our services as well as for legitimate business processes of KFV associated with our online learning platform. Please contact your employer if you have further question regarding the processing of your personal data by KFV while using our online learning platform.

 

  1. Storage period and locations of received information:

KFV exclusively saves your personal data for as long as needed in order to fulfil the abovementioned purposes and our contractual and legal obligations. We will delete any personal data that we no longer need from our systems and records or anonymise this information. Your learning progress, your messages, your first and last name as well as your date of birth are altered so that individual information can no longer be associated with you or only after investing extensive time, costs and efforts.

We only use servers and providers within the EU or the EEC for processing and storage of your data as well as for the provision of services.

 

  1. Children:

Our online learning platform is not intended for children under 14 years of age. KFV does not intentionally acquire personal data of children under 14 years of age. We ask you to refrain from using our services and not submit personal data to us if you do not meet this age requirement.

We will initiate suitable measures in order to promptly delete personal data if we discover that personal data of a child under 14 years of age has been collected, which may result in the deletion of the child’s user account.

 

  1. How we protect your data:

We do everything within our power to make our online learning platform as safe as possible for users. We abide by regulations stated in Sections 32 et seqq. of the GDPR in order to ensure the safety of your personal data as we implement suitable technological and organisational safety measures (e.g. principle of least privilege, encryption, access and storage guidelines) so as to prevent unauthorised access and unnecessary storage of personal data in our systems).

 

  1. Links to other websites and social media:

Advertisement and content of third parties as well as links to other websites may be displayed on our online learning platform. These sites are not under our control and therefore not covered by this data privacy statement. KFV can neither control the data privacy practices and content of third parties nor be made responsible for such content. Please read the data privacy guidelines of the third parties if you choose to use such a link in order to find out how these entities collect and process your personal data.

 

  1. Your rights:

Principally, the right to information, rectification, erasure, restriction, data portability, revocation and objection are available to you (insofar as not limited by currently applicable laws). For questions regarding data privacy, your rights or the exercise of these rights, please contact our data privacy coordinator (see item 13 in our contact data). You may submit a complaint to the supervisory authority if you believe that the processing of your data contravenes data privacy laws or your data privacy rights have been infringed in any other way. In Austria, this is the Data Protection Authority.

 

  1. Our contact data:

KFV Sicherheit-Service GmbH

Schleiergasse 18

1100 Wien

Phone: +43 (0)5 770 77 – 3000

Email: datenschutz@kfv.at 

 

  1. Final provisions:

We may offer new or additional services within the context of the ongoing further development of our online learning platform. We will adapt the data privacy statement accordingly or provide further information or additional terms insofar as the introduction of these new or additional services results in a substantial alteration of how your personal data is collected or processed. Changes to our online learning platform will be announced in good time.

 

Proprietary rights of KFV

KFV is the owner and/or license holder of all rights, titles and claims related to the online learning platform. This specifically also includes virtual content displayed on the platform, all data and notifications generated or sent via the platform, all accounts, all sounds and other sound effects from the platform as well as programming codes, work procedures, software, associated documentations and all other original created works that have been made available via the platform.

 

Exclusion of liability

This online learning platform and the contained contributions have been developed conscientiously and are merely intended for general information purposes. The provided information does not constitute legal advice. We do not assume liability for the correctness, currentness and accuracy of the provided information. Moreover, KFV also does not accept liability for possible links to external third party-operated websites.

 

We wish you fun and success with our online learning platform!

You can change your [borlabs-cookie type=”btn-cookie-preference” title=”Privacy settings” element=”link”/] anytime.