Our aim is to provide you with services, for which you can be sure that the personal data you provide will be processed in strict confidence and for the intended purpose, and that it is always you who decides on disclosure and transfer to third parties. You entrust us with your personal data and we reliably protect it in compliance with legal requirements.
Here, we will provide you with detailed information about what data we collect and store on which occasion, why we do it and how this data is processed.
Your personal information and personal data are collected and stored in this application with the utmost care and integrity and used only for the intended purpose.
Data controller and contact details
Berufsförderungsinstitut OÖ (BFI OÖ)
A company of the BBRZ GROUP (Vocational Education and Rehabilitation Centre)
Muldenstrasse 5
4020 Linz
+43 (0)732 6922 7000, e-faxDW: 5724
BFI service line: 0810 004 005
www.bfi-ooe.at
auskunft@bfi-ooe.at
ZVR-Zl. (central register of associations number): 249875807
VAT number.: ATU 370 74 802
Data processor and contact details
mint digital education GmbH
Buchkremerstr. 6
52062 Aachen
E- mail: info@mint-de.com
Website: https://mint-de.com
Managing director: Kai U. Müller
Company register Aachen HRB 23925
Contact details of the Data protection officer:
The Data protection officer of our data processor's company will be happy to provide you with information or receive your suggestions on data protection:
Vladyslav Prykhodko
mint digital education GmbH
Harkortstrasse 5
04107 Leipzig
Phone: +49 341 217 17 94
E-mail: vp@mint-de.com
Purposes of data processing
The purpose of data processing is execution of the following tasks by the Controller: technical realization and support of the web application deutschportal.bfi-ooe.at, in order to enable interactive online teaching services including virtual classrooms, as well as the social media web application Community.
Legal basis for data processing
The legal basis for data processing, in case the user registers voluntarily on his/her own initiative, is provided by Art. 6 para. 1 lit. a GDPR as well as by Art. 9 para. 2 lit. a GDPR – explicit consent of the data subject to the processing of his/her personal data for one or more specific purposes.
Types of personal data
Only those data are collected that are necessary for the use of the services offered in a personal user account as well as for the issuance of certificates or attestations.
It is necessary to provide first name and last name (personal salutation incl. the form of address), an e-mail address (identifying feature, enabling support, e.g. in case of a forgotten password), information required for the form (street, house number, postal code, city, country) and a password (login to the user account).
These data will not be disclosed or transferred to third parties in any case. By registering, you agree that all data will be included in our database.
Categories of data subjects
Persons affected by data processing: website visitors, teachers, administrators, course participants.
Storage of IP address
The IP address transmitted by web browsers is stored strictly for the purpose of detecting, limiting and eliminating attacks on these web pages for a maximum period of seven days. After this period, the IP addresses will be deleted or anonymised. The legal basis for the storage of IP address is Art. 6 para. 1 p. 1 lit. f GDPR.
Usage data
Each time a file is requested from this website, access data is temporarily stored. Each data record consists of:
- the name of the file
- the date and time of the request
- the amount of data transferred
- the access status (file transferred, file not found, etc.)
- the description of the type of the browser used
- the IP address of the requesting computer
The stored data is analysed exclusively for statistical purposes. Their transfer to third parties, even in form of extracts, does not take place.
Cookies
For technical reasons, we use temporary cookies (i.e. identifiers that a web server can send to your computer, also session cookies) to control your connection to our websites during the session. These cookies are automatically deleted when you leave the website, so no data is stored on your computer. The processing is based on Art. 6 para. 1 p. 1 lit. f GDPR and is done to optimize or enable the user guidance and to customize our website. You can set your browser so that it informs you about the placement of cookies. This makes the use of cookies transparent for you. However, we would like to point out that the functionality of the service is impaired if you do not accept the session cookies.
Use of the collected data
We use the personal data collected for the purposes mentioned above in order to provide the particular services. We collect only the data necessary for the fulfillment of the purpose. You can be sure that the data is only used for the purpose for which it is meant to be used.
In case of data transmission for the purpose of registration for a seminar or expression of interest, the data will be processed by our partner company BFI Oberösterreich, which also carries out the booking and invoicing on behalf of mint GmbH. BFI Oberösterreich is obliged to comply with the data protection requirements described here to the fullest extent.
In case of taking part in a Starter Pack German course sponsored by the ÖIF, your participant data (first and last name, address, postal code, location) will be transferred to the ÖIF.
Duration of the personal data storage
Personal data will only be stored in a form that enables the identification of the data subjects if this is necessary for the purposes specified or agreed upon.
Data security
We use technical and organisational security measures to protect your data processed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.
We have no liability for the actual process of data transmission over the Internet. Also, no claims can be made against us for the loss of data for whatever reason.
Encryption
All personal data is fully encrypted on the AWS servers and only the responsible person has access to the key. The EBS (Elastic Block Storage) full encryption is applied using the KMS (Key Management Service) with CMK (Customer Master Keys). The encryption method is AES-256. The data protection standard thus ensures the same level of data protection as in the EU, despite the use of an American service provider (AWS).
Your rights
When processing your personal data, the GDPR grants you as a website user the following rights:
1. The right to information (Art. 15 GDPR):
You have the right to obtain confirmation as to whether your personal data is being processed; if this is the case, you have the right to access this personal data and the information specified in Art. 15 GDPR.
2. The right to rectification and erasure (Art. 16 and 17 GDPR):
You have the right to request the immediate rectification of your inaccurate personal data and, if necessary, the completion of the incomplete personal data.
You also have the right to request that your personal data be deleted immediately if one of the grounds listed in Art. 17 GDPR applies, e.g. if the data is no longer needed for the purposes for which it was collected.
3. The right to restriction of processing (Art. 18 GDPR):
You have the right to demand the restriction of processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you have lodged an objection to processing of your personal data in accordance with Art. 21 GDPR or for the duration of any examination as to whether our legitimate interests outweigh your interests as a data subject.
4. Right to data portability (Art. 20 GDPR):
In certain cases, which are listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request that this data be transmitted to a third party.
5. Right to object (Art. 21 GDPR):
If data is collected based on Art. 6 para. 1 p. 1 lit. f GDPR (for the performance of a task carried out in the public interest) or based on Art. 6 para. 1 p. 1 lit. e GDPR (in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are compelling reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
6. Right to lodge a complaint with a supervisory authority
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you is done in breach of data protection regulations. The right to lodge a complaint can be asserted before a supervisory authority in the EU member state of your place of residence, your place of work or the place of the suspected infringement.