🇬🇧

Data Privacy Policy

courseticket GmbH
Mariahilfer Straße 126/20
1070 Vienna
Firmenbuchnummer: FN 358331 h

1. Processing Activities

Distribution of online information offers to registered and non-registered customers. Should terms in this privacy policy referring to natural persons only be given in the masculine form they refer to women and men in the same way. When referring to a certain natural person the gender-specific form must be used. Customers are understood as both consumers (users) and businesses.

2. Data Protection Officer

Should you have any questions in regards to the collection, processing or use of your personal data please write to the following contact address:

courseticket LTD
c/o Data Protection Officer
Email: dataprivacy@courseticket.com
courseticket GmbH
Mariahilfer Straße 126/20
1070 Vienna

3. Purpose of Data Processing

on the legal basis of contract preparation or fulfilment:

a) Distribution of online content & bookable services to registered customers, also in consideration of preferences in personalised form

b) Maintaining and increasing customer satisfaction and customer loyalty

c) Collection of user numbers to document the range

d) Provision of communication channels to service the contractual agreement

on the legal basis of (predominantly) legitimate interests:

a) Reclamation and acquisition of customers

b) Evaluation of user behaviour and the personal preferences of customers for targeted distribution of advertising (as far as permitted by law) with the goal of minimising scatter loss

4. Legal Basis of Data Processing

The use of the online services is based on a contract within the meaning of article 6 (1) a) b) of the General Data Protection Regulation (DSGVO). courseticket discloses that it includes content of third parties (such as links, pixel, plug-ins) in the fulfilment of its contractual obligations. Due to the technical circumstances when calling up the content, courseticket, already at the time of loading the webpage, automatically transmits electronic identification data in particular the IP address and the browser settings of the user to these third parties who process them under their own responsibility.

a) The processing of a registration takes place by means of electronic data processing. By registering, you agree to the collection, processing and use of data you provided during the registration as well as the data that becomes known during the upright business relationship. courseticket treats the stored data and information of the customer, irrespective of its kind, strictly confidential. The contract data will be stored for billing and ticketing and can be viewed by you at any time via your login.

By registering you agree that your data, provided by you during the registration, in particular your sex, first and last name, postal address, phone number, and email address, as well as individual identification number and the time of registration can be processed for the purpose of the contract conclusion, for communication via the Platform in connection to bookings or consumption of a service, for offers of courseticket and the transmission of electronic mail in accordance with § 107 (3) of the Telecommunication Law (TKG).

In the case of any remittance (e.g. cancellation or revocation of a service) of the service fee the required bank details will also be transmitted to courseticket.

You can withdraw your agreement at any time via a signed letter or per email sent to courseticket (see contact details in point 2).

b) The transfer of data is excluded, provided that the transfer does not serve the execution of this contract in particular the registration and/or the deregistration or the remittance of the service fee. If required your sex, first name and last name, postal address, individual identification number, the time of registration, phone number and email address, as well as any Participant data individually requested by the Service Provider (provider of the booked service) will be transferred to the Service Provider. courseticket discloses that personal data of customers can also be processed by the Service Provider for the purpose of direct marketing in accordance with § 107 (3) of the Telecommunication Law (TKG) as far as permitted by law.

c) Only customer data which courseticket has at its disposal due to the contractual agreement and for which the retention period applies will be processed. An increase of the retention period does not take place. It is understood that we are entitled to process the data, even after a revocation, if needed for further execution of the contract or for evidence purposes.

5. Obligation to Provide Data

The customer has no obligation to provide data.

6. Automated Decision-Making

The customer is not subject to any automated decision that has legal effects on him.

7. Processed Types of Data

User Data (provided by the user)
First name (mandatory) Invoicing
Last name (mandatory) Invoicing
Email (mandatory) Login, invoicing- & ticketing, communication (e.g. in case of postponement)
Birth (optional) Identification (e.g. minimum required age)
Password (optional) Login
Gender (optional) Identification (e.g. salutation)
Billing address (mandatory, in case of fee-based) Invoicing
Company, VAT ID (optional) Invoicing
additionally collected by courseticket
Data relevant to the account such as time of registration, time of consent to the T&Cs, time of last login, time of last account changes, newsletter permissions, account status (active, private, public, etc.)

 

Participant Data (provided by the user)
First name(s) (mandatory) Ticketing
Last name(s) (mandatory) Ticketing
Gender(s) (mandatory) Identification (e.g. salutation)
Email(s) (mandatory) Communication (e.g. in case of postponement)
Email(s) (mandatory) Communication (e.g. in case of postponement)
Phone(n) (mandatory) Communication (e.g. in case of postponement) via SMS
Individual participant data (optional, defined by service provider) Event- or service-based (e.g. academic degree, company positioning)
additionally collected by courseticket
Data relevant to the booking such as unique identification number (booking reference), continuous invoice number, status of the booking, time of booking, last change of the booking, newsletter permissions, referrer domain, assignment to booked service, payment method, purchase price, tax/VAT, redeemed discounts

8. Data Sources (if not provided by the user)

External receiver of data Transmission of data
Video Embedding: YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA IP address, website, browser data, information about website usage
Support, Helpdesk: Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estland IP address, website, browser data, information about website usage
Payment Service: SIX Payment Services (Europe) S.A., Marxergasse 1B, 1030 Wien, Zweigniederlassung Österreich IP-Addresse, Payment data
Analytics, Ads, APIs: Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA IP address, website, browser data, information about website usage
Payment Service: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, SCHWEDEN IP-Addresse, Payment data
Cloud Services: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98910, USA (Standort Irland) Data in/out, IT infrastructure

9. Third Country Transfer

The following data is transferred to countries outside the EU as part of data processing:

Country Application Type of Data
USA Google Google Analytics: anonymised IP address, website, browser data, information about website usage
USA Google Google Adwords: IP address, website, browser data, information about website usage
USA Amazon AWS (location: Ireland) communication, data handling, general server log files

10. Retention Period

a) Non-registered users: On the grounds of the legal basis mentioned above the data of registered users will be processed by courseticket for 40 months after the contract has ended (=36 months of possible contractual claims + maximum of 4 months delivery time of these claims) and is subsequently deleted (in any case the personal reference). In any case, the license agreement ends after a period of 40 months of being inactive and leads to an immediate deletion. Data related to your booking will remain saved in our systems until the statute of limitations for all claims arising from the contract passes. Data from payment transactions must be stored until the expiry of the statutory limitation period.

b) Registered users: Registered users can access their stored data any time via login. On the grounds of the legal basis mentioned above the data of registered users will be processed by courseticket for 40 months after the contract has ended (=36 months of possible contractual claims + maximum of 4 months delivery time of these claims) and is subsequently deleted (in any case the personal reference). In any case, the license agreement ends after a period of 40 months of being inactive and leads to an immediate deletion. Data related to your booking will remain saved in our systems until the statute of limitations for all claims arising from the contract passes. Data from payment transactions must be stored until the expiry of the statutory limitation period.

11. Data Security

All personal data transmitted via the internet is encrypted using SSL procedures. We secure our website and other systems by technical and organisational measures against loss, destruction, access, modification or distribution of your data via unauthorised persons.

12. Rights of the Person Concerned

Basis Content
Art 15 DSGVO “Insight”
The customer has the right to demand insight into whether personal of his is being processed.
Art 16 DSGVO “Correction” The customer has the right to demand the immediate correction of incorrect personal data or its completion.
Art 17 DSGVO „Deletion”
The customer has the right to demand the immediate deletion of his personal data as long as the reasons according to art. 17 (1) DSGVO are met.
Art 18 DSGVO „Restriction” The customer has the right to demand that the processing of his personal data is restricted as long as the reasons according to Art. 18 (1) DSGVO are met.
Art 20 DSGVO „Data Portability” The customer has the right to receive his personal data in a structured, common and machine-readable format.
Art 21 DSGVO „Opposition” Opposition direct marketing: The customer has the right at any time to oppose the processing of his personal data for the purpose of direct marketing.

13. Right to Appeal

Art. 77 DSGVO: Each customer has the right to appeal to the supervisory authority if he is of the opinion that the processing of his personal data violates this regulation.

14. Supervisory Authority

Österreichische Datenschutzbehörde E-Mail: dsb@dsb.gv.at
Hohenstaufengasse 3 Telefon: +43 1 531 15-202525
1010 Wien Telefax: +43 1 531 15-202690

15. Use of Cookies

Our website uses its own “Cookies” to improve user-friendliness (“Cookies” are records sent by the web server to the user’s browser that are saved there for later retrieval). Our personal “Cookies” do not store any personal data. The Cookies generated by courseticket have a an expiry time of maximum 1 year. You can edit your browser setting so that you are informed about the use of Cookies and can decide on a case by case basis to accept them or to generally deny acceptance of Cookies. In case Cookies are not accepted the functions of our website can be limited. Under “help” in your web browser you will find instructions on how to change the settings of the current browser accordingly and how to accept or decline Cookies.

Cookies processed by courseticket and its sub domains:

Essential Cookies

Name Funktion
PHPSESSID Session Cookie (Session).
Expiration: Session end
courseticketCookie[rememberapi2] Session Cookie (Session).
Expiration: 30 days
gdpr / courseticketCookie[ct-cookieaccepted] Cookie Hinweis (Popup).
Expiration: 1 year

 

Performance Cookies

Name Function
__zlcmid Activate support chat & helpdesk
Expiration: 1 year
__zlcprivacy Activate support chat & helpdesk
Expiration: 1 year
_gat Google-Analytics cookie, used to throttle request rate
Expiration: 10 minutes
_ga Google-Analytics Cookie, used to distinguish users Expiration: 2 years
_gid Google-Analytics Cookie, used to distinguish users
Expiration: 24 hours
__ar_v4 Google-Adwords Cookie, associated with the DoubleClick advertising service from Google. Helps with tracking conversion rates for ads
Expiration: no date set
__utma Google-Analytics Cookie, used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics
Expiration: no date set
__utmb Google-Analytics Cookie, used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics
Expiration: end of sessions
__utmc Google-Analytics Cookie, not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit
Expiration: 30 minutes
__utmk Google-Analytics Cookie, overall Google Analytics UTM-Cookies hash value.
Expiration: no date set
__utmz Google-Analytics Cookie, stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics
Expiration: 6 months

16. Google Services

By using additional Google Services such as Analytics, YouTube, AdWords, Maps and ReCaptcha within our sites, a direct connection between your browser and the Google server may already be established via the plug in as soon as a site is loaded. Through this connection, browser specific data may be transferred and Google third party cookies stored which can but are not limited to identifying the browser of the user. We point out that as the provider of the sites we do not receive knowledge of the complete content of the transmitted data and its use by Google. The integration of the plug ins is not always visible to the user.

courseticket uses Google Remarketing and “Similar Audiences” Features. This allows us to determine if users have visited our site previously and what they were interested in. This method is based on the use of Cookies with the help of which data to your usage behaviour is collected. To prevent this or to amend your preferred settings in regards to this please visit the following site: https://adssettings.google.com.

Version of 01.05.2023