Privacy Policy According to Art 13 of the GDPR

Last update: 15. May 2020

Thank you for your interest in the information on our website!

With the help of this privacy policy, we would like to inform the users of our website about the type, scope, and purpose of the personal data processed. Personal data in this context are all information with which you can be personally identified as a user of our website, including your IP address and information that is stored in cookies.

In a general section of this privacy policy, we provide you with information on data protection, which generally applies to our processing of data, including data collection on our website. In particular, you as a data subject will be informed about the rights to which you are entitled.

The terms used in our privacy policy and our data protection practice are based on the provisions of the EU General Data Protection Regulation (“GDPR”) and other relevant national legal provisions.

Controller According to the GDPR

Knowledge City GmbH Dr. Andreas Brandner
FN FN 472269 p
Gersthofer Straße 162
1180 Wien
Austria

e: office@knowledge.city
t: +43/1/4702909

There is no data protection officer appointed, as this is not required by law.

Data Collection On Our Website

On the one hand, personal data is collected from you when you expressly communicate it to us, on the other hand, data, especially technical data, is automatically collected when you visit our website. Some of this data is collected to ensure that our website functions without errors. Other data may be used for analysis. However, you can use our website without the need to provide personal information.

You can read more about this and about the technologies we use on our website here:

Technologies On Our Website

Cookies

We use cookies to make our website as user-friendly and functional as possible for you. Some of these cookies are stored on the device you use to access the site.

Cookies are small packages of data that are exchanged between your browser and our web server whenever you visit our website. They do not cause any damage and are used solely to recognize website visitors. The next time you access our website using the same device, the information stored in the cookies can then either be sent back to us (“first-party cookie”) or to a web application of the third party to whom the cookie belongs (“third-party cookie”).  The information that is stored and sent back allows each web application to recognize that you have already accessed and visited the website using the browser on your device. 

Cookies contain the following information:

  • Cookie name
  • Name of the server from which the cookie originates
  • Cookie-ID number
  • An expiry date, after which the cookie will be automatically deleted

We classify cookies in the following categories depending on their purpose and function:  

*Technically necessary cookies which are required for ensuring technical operations and the basic functionality of our website (e.g. to be able to access secured areas of the website). These are so-called session or connection cookies. 

  • Statistics cookies, which collect anonymous data that we analyze to gain an understanding of how visitors interact with our website. These are also used for measuring the reach and access of our website, and to analyze how often specific pages are accessed. 
  • Marketing cookies, for analyzing user behaviour, which is used as a basis for providing personalised, targeted advertising based on your interests.
  • Unclassified cookies are cookies that we are trying to classify together with individual cookie providers.

Depending on the storage period, we also divide cookies into session and persistent cookies. Session cookies store information that is used during your current browser session. These cookies are automatically deleted when the browser is closed. No information remains on your device. Persistent cookies store information between two visits to the website. Based on this information, you will be recognized as a returning visitor on your next visit and the website will react accordingly. The lifespan of a persistent cookie is determined by the provider of the cookie.

The legal basis for using technically necessary cookies is our legitimate interest in the technically fault-free operation and smooth functionality of our website as described in Art. 6 paragraph 1 lit. f of the GDPR. The use of statistics and marketing cookies is subject to your consent, in accordance with Art. 6 paragraph 1 lit. a of the GDPR. For more information about the cookies we actually use (specifically, their purpose and lifespan), refer to this privacy policy and to the information about the cookies we use.  You can withdraw your consent for the future use of cookies at any time, in accordance with Art. 7 paragraph 3 of the GDPR.  Your consent is voluntary. If consent is not given, no disadvantages arise.

You can also set your web browser so that it does not store any cookies in general on your device or so that you will be asked each time you visit the site whether you accept the use of cookies. Cookies that have already been stored can be deleted at any time. Refer to the Help section of your browser to learn how to do this.

Please note that a general deactivation of cookies may lead to functional restrictions on our website. 

Hosting

In the process of hosting our website, we store all data related to the operation of our website. This is necessary for enabling the operation of our website. Therefore, we process this data on the legal grounds of our legitimate interest in optimizing our website as described under Art. 6 paragraph 1 lit. f of the GDPR. To provide access to our website, we use the services of web hosting providers, to whom we supply the aforementioned data within the context of contractual processing in accordance with art. 28 of the GDPR.

Contact

Whenever you contact us, your information is used to process and handle your contact request in the course of fulfilling pre-contractual rights and obligations in accordance with Art. 6 paragraph 1 lit. b of the GDPR. To handle and answer your request it is necessary for us to process your data; otherwise, we are unable to answer your request or only able to partially answer it. Your information can be stored in a database of customers and leads on the grounds of our legitimate interest in direct marketing as described in Art. 6 paragraph 1 lit. f of the GDPR.

We delete your request and contact information when your request has been definitively answered and there is no legally required time limit for storing this data prior to deletion (e.g. pursuant to a subsequent contractual relationship). This is usually the case when there is no further contact with you for three years in a row.

Server Log Files

For technical reasons, particularly to ensure a functioning and secure website, we process the technically necessary data about accesses to our website in so-called server log files which your browser automatically sends to us. 

The access data we process includes:

  • The name of the website you are accessing  
  • The browser type (including version) you use
  • The operating system you use
  • The site you visited before  accessing our site (referrer URL)
  • The time of your server request
  • The amount of data transferred
  • The hostname of the computer (IP address) you are using to access the site

    This data cannot be traced back to any natural person and is used solely to perform statistical analyses and to operate and improve our website while also optimizing our site and keeping it secure. This data is sent exclusively to our website operator. The data is neither connected nor aggregated with other data sources. In case of suspicion of unlawful use of our website, we reserve the right to examine the data retroactively. This data processing takes place on the legal grounds of our legitimate interest in maintaining a technically fault-free and optimal website, as described under Art. 6 paragraph 1 lit. f of the GDPR.

The access data is deleted within a short period of time after serving its purpose (usually within a few days) unless further storage is required for evidence purposes. In such cases, the data is stored until the incident is definitively resolved.

SSL Encryption

Within your visit to our website, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. We use this encryption procedure on the basis of our justified interest in the use of suitable encryption techniques in accordance with Art. 6 paragraph 1 lit. f GDPR.

We also make use of suitable technical and organizational security measures in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments and kept state-of-the-art.

WebCare

In order to obtain consent for the use of cookies on our website in accordance with data protection regulations, we use the cookie banner of DataReporter WebCare. This is a service provided by DataReporter GmbH, Zeileisstraße 6, A-4600 Wels, Austria (“DataReporter”). More information about this company can be found at www.datareporter.eu. The cookie banner records and stores the consent to cookie use for the respective user of our website. Our cookie banner ensures that statistical and marketing cookies are only set when the user has given his express consent to their use.

We store information on the extent to which the user has confirmed the use of cookies. The user’s decision can be revoked at any time by calling up the setting for cookies and managing the declaration of consent. Existing cookies will be deleted after the revocation of the consent. A cookie is also set to store information on the status of the user’s consent, which is indicated in the cookie details. Furthermore, the IP address of the respective user is transmitted to DataReporter’s server for calling this service. The IP address is neither stored nor associated with any other data of the user, it is only used for the correct execution of the service. The use of the above data is therefore based on our legitimate interest in the legally compliant design of our website in accordance with Art. 6 paragraph 1 lit. f GDPR.

Further information can be found in the DataReporter data protection declaration at https://www.datareporter.eu/datenschutz. Please feel free to send your inquiries about this service to office@datareporter.eu.
We also make use of suitable technical and organizational security measures in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments and kept state-of-the-art.

Webshop with customer account

We process data of our customers, in particular, their master data, communication data, payment data, contract data in the context of the execution of order processes in our webshop. This is done for the purpose of selecting and ordering the selected products and/or services, as well as their payment and delivery or execution.

The purpose of the processing is the provision of contractual services within the framework of the operation of our webshop, the billing of deliveries and services, the delivery of products, and the performance of services.

The processing is carried out for the purpose of fulfilling the contract on the basis of Art. 6 paragraph 1 lit. b GDPR for the processing of orders and furthermore according to Art. 6 paragraph 1 lit. c GDPR for the fulfillment of legal storage obligations based on trade and tax regulations. The mandatory data for the fulfillment of the contract are specially marked as such when they are entered in our shop system or we will inform you of them personally. We transmit the data to third parties only for the provision of our services (e.g. to involved transport or other auxiliary services such as subcontractors or telecommunications services), for the processing of payment transactions (e.g. to banks, payment service providers, tax authorities or consultants) or within the scope of our legal rights and obligations, as well as within the scope of our legitimate interest in the appropriate legal prosecution in accordance with Art. 6 paragraph 1 lit. f GDPR vis-à-vis legal advisors, courts, and authorities in the event of an incident. The data will only be processed in third countries if this is absolutely necessary for the fulfillment of the contract (e.g. at the customer’s request on delivery or payment) and insofar as appropriate data protection guarantees are available. Any other transfer of data to third parties will only take place with your express consent in accordance with Art. 6 paragraph 1 lit a GDPR.

Users can create a user account, e.g. by viewing their orders. User accounts are not visible to the public. If users have terminated their user account, their data will be deleted with regard to the user account unless their retention is absolutely necessary for commercial or tax reasons in accordance with Art. 6 paragraph 1 lit. c GDPR or is necessary due to our legitimate interest in enforcing the law in accordance with Art. 6 paragraph 1 lit. f GDPR. It is the responsibility of the users to secure their data before the end of the contract in the event of termination.

Within the scope of registration and in the case of renewed registration and use of our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests pursuant to Art. 6 paragraph 1 lit. f GDPR, as well as in the legitimate interest of the users themselves for protection against misuse and against other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 paragraph 1 lit. c GDPR.

The data will be deleted after the expiry of statutory warranty and compensation obligations or other contractual or statutory obligations. The deletion of the data takes place after the expiry of legal warranty and compensation obligations or other contractual or legal obligations. Our customers and contractual partners are informed separately in this data protection declaration about the further processing of data within the scope of marketing activities.

General information on data protection

The following provisions in its principles apply not only to the data collection on our website but also in general to other processing of personal data.

Personal data

Personal data is information that can be assigned to you individually. Examples include your address, name, postal address, email address, or telephone number. Information such as the number of users who visit a website is not personal data because it is not assigned to a person.

Legal basis for the processing of personal data

Unless more specific information is provided in this privacy policy (e.g. in the case of the technologies used), we may process personal data from you on the basis of the following legal principles:

  • consent in accordance with Art. 6 paragraph 1 lit. a of the GDPR – The data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.
  • Fulfillment of a contract and pre-contractual measures pursuant to Art. 6 paragraph 1 lit. b of the GDPR – Processing is necessary for the fulfillment of a contract to which the data subject is a party or for the implementation of pre-contractual measures.
  • Legal obligation pursuant to Art. 6 paragraph 1 lit. c of the GDPR – Processing is necessary for the performance of a legal obligation.
  • Protection of vital interests pursuant to Art. 6 paragraph 1 lit. d of the GDPR – Processing is necessary to protect the vital interests of the data subject or of another natural person.
  • Reasonable interests are pursuant to Art. 6 paragraph 1 lit. f of the GDPR – The processing is necessary to protect the legitimate interests of the controller or of a third party unless the interests or fundamental rights and freedoms of the data subject prevail.

Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our home country.

Transfer of personal data

Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy.

We will only transfer your personal data to third parties if:

  • you have given your express consent in accordance with Art. 6 paragraph 1 lit. a of the GDPR,
  • the transfer pursuant to Art. 6 paragraph 1 lit. f of the GDPR is necessary to safeguard reasonable interests, as well as to assert, exercise or defend legal claims and there is no reason to assume that you have a prevailing interest worthy of protection by not disclosing your data,
  • there is a legal obligation to transfer the data in accordance with Art. 6 paragraph 1 lit. c of the GDPR, as well as this, is legally permissible and/or
  • it is required according to Art. 6 paragraph 1 lit. b of the GDPR for the processing of contractual relationships with you.

Cooperation with data processors

We carefully select our service providers who process personal data on our behalf. If we commission third parties to process personal data on the basis of a data processing agreement, this is done in accordance with Art. 28 of the GDPR.

Transfer to third countries

If we process data in a third country or if this is done in the context of using the services of third parties or disclosure or transfer of data to other persons or companies, this is only done for the reasons described above for the transfer of data.

Subject to express consent or contractual necessity, we process or allow data to be processed only in third countries with a recognized level of data protection, including the US processors certified under the “Privacy Shield” or on the basis of special guarantees, such as contractual obligations through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding corporate rules in accordance with Art. 44 – 49 of the GDPR.

Storage period

If no explicit storage period is specified during the collection of data (e.g. in the context of a declaration of consent), we are obliged to delete personal data in accordance with Art. 5 paragraph 1 lit. e of the GDPR as soon as the purpose for processing has been fulfilled. In this context, we would like to point out that legal storage obligations represent a legitimate purpose for the processing of personal data.

Data will be stored and retained by us in personal form in principle until the termination of a business relationship or until the expiry of any applicable guarantee, warranty or limitation periods; in addition, until the end of any legal disputes in which the data is required as evidence; or in any event until the expiry of the third year following the last contact with a business partner.

Rights of data subjects

Data subject have the right:

  • in accordance with Art. 15 of the GDPR, to request information about your personal data processed by us. In particular, you may request information on the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned duration of storage, the existence of a right of rectification, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, where applicable, meaningful information on the details thereof;
  • in accordance with Art. 16 of the GDPR, to demand without delay the correction of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 of the GDPR, to demand the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with Art. 18 of the GDPR, to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defense of legal claims or you have lodged an objection to the processing in accordance with Art. 21 of the GDPR;
  • in accordance with Art. 20 of the GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another responsible party;
  • in accordance with Art. 21 of the GDPR, if your personal data are processed on the basis of our legitimate interest, to object to the processing of your personal data for reasons arising from your specific situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without indicating a specific situation.
  • in accordance with Art. 7 paragraph 3 of the GDPR, you may at any time revoke your consent to us. As a result, we may no longer continue the data processing based on this consent in the future. Among other things, you have the option of revoking your consent to the use of cookies on our website with effect for the future by calling up our Cookie Settings.
  • in accordance with Art. 77 of the GDPR to complain to a data protection authority regarding the illegal processing of your data by us. As a rule, you can contact the data protection authority at your usual place of residence or workplace or at the headquarters of our company.

The responsible data protection authority for Knowledge City GmbH is:

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Österreich
Tel.: +43 1 52 152-0, dsb@dsb.gv.at

Assertion of rights of data subjects

You yourself decide on the use of your personal data. Should you, therefore, wish to exercise one of your above-mentioned rights towards us, you are welcome to contact us by email at office@knowledge.city or by post, as well as by telephone.

Together with your application, please send us a copy of an official photo ID for clear identification and support us in concretizing your request by answering questions from our responsible employees regarding the processing of your personal data. In your request, please state in which role (employee, applicant, visitor, supplier, customer, etc.) and in which period of time you have been in contact with us. This enables us to process your request promptly.
Data will be stored and retained by us in personal form in principle until the termination of a business relationship or until the expiry of any applicable guarantee, warranty or limitation periods; in addition, until the end of any legal disputes in which the data is required as evidence; or in any event until the expiry of the third year following the last contact with a business partner.

Security of personal data

The security of your personal data is of particular concern to us. Therefore, in accordance with Art. 32 of the GDPR and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

These measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, safeguarding of availability and segregation of data relating to them. Furthermore, we have established procedures to ensure that data subjects’ rights are exercised, data is deleted, and we respond to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware and software, in accordance with the principle of privacy by design and through data protection-friendly pre-settings in accordance with Art. 25 of the GDPR.

Our understanding of security is also applied to those contract processors we use.

Actuality of this privacy policy

Due to further developments or changes in legal requirements, it may become necessary to adapt this privacy policy from time to time. The current privacy policy can be found and printed out by you at any time here on this website.

For questions regarding data protection, you can reach us at office@knowledge.city or at the other contact details stated in this privacy policy.

Wien, on 15. May 2020

KM Certification Course

The next online KM Certification Course will take place in spring 2020 (English and German). We will provide detailed information timely.

Agenda Knowledge

Download the 3rd edition of the global Agenda Knowledge for Development.