I Privacy Policy for the Use of the QUCOXX Platform
Welcome to our platform at www.qucoxx.com ("Platform"). The protection of your data is our highest priority. We always process your data in accordance with the applicable data protection regulations, such as in particular the GDPR and the Data Protection Act (DSG). In the following, we provide you with all the relevant information and in particular which data we process and for what purposes.
1 Name and address of the responsible person
The provider of the platform and responsible for data processing within the meaning of the General Data Protection Regulation (EU)2016/679 (hereinafter “GDPR”) is
QUCOXX FlexCo
Hilfberg 13
5310 Tiefgraben
Austria
E-mail: office@qucoxx.com
Our data protection officer can be reached using the same contact details. If you have any questions or concerns about data protection or would like to exercise your rights in relation to your data, please contact us directly.
2 Personal data
Personal data is any information relating to an identified or identifiable natural person. Your personal data is processed exclusively in accordance with the legal requirements for data protection and data security, in particular in accordance with the GDPR, the Austrian Data Protection Act (DSG) and the Austrian Telecommunications Act (TKG 2021).
3 Purposes of processing
3.1 Platform visit
General & Purpose: When you visit our platform, your browser automatically sends data to our webservers and stores it in "log files". This processing is necessary to provide you with a secure and functional platform.
Data categories: Technical data (IP address, HTTP header fields, date and time of retrieval, browser type, operating system, referrer URL).
Legal basis: Providing a secure and functional platform is our legitimate business interest. The processing is therefore carried out in accordance with Article 6(1) (f) GDPR.
Storage period: The log files are automatically deleted after 3 months. However, if we need the log files longer (e.g. due to a specific security incident), this storage period may be extended.
Recipients / categories of recipients: Processors (IT service providers: hosting providers).
3.2 Creating a customer account
General & Purpose: In order to use the services of the QUCOXX platform, registration and the creation of a customer account are required. The processing is necessary to offer you access to the services of the Platform, to provide you with a protected user area, as well as the possibility to select and edit individual content and plans and to be able to link this selected content and plans to you.
Data categories: Identification data (names), contact details (e-mail address), company data (VAT number, company, etc.).
Legal basis: We process your data for the performance of the contract with you (Article 6 (1)(b) GDPR).
Storage period: In order to be able to restore your user account quickly and easily if you should change your mind, we store the data about your user account for a period of 12 months after you delete your user account. After this period, your data will be deleted, provided that there are no statutory retention periods to the contrary.
Recipient: Processor (IT service provider: hosting provider).
3.3 Signing and use of a subscription & booking of additional services
General & Purpose: After the expiry of the trial period of thirty days, it is necessary to takeout a subscription to continue using the services of the platform. In addition, it is possible to book additional services on the platform.
Data categories: Identification data (first and last name, date of birth), contact data (e-mail address, address), company data (VAT number, company etc.), payment data (account number, credit card number, bank code, payment methods), subscription data (date of conclusion, type of subscription), selected additional services, content data of the subscription (selected plans, implementation progress, content, etc.).
Legal basis: We process your data for the performance of the contract with you (Article 6 (1)(b) GDPR).
Storage period: We store your data during the period of the ongoing business relationship with us and beyond for a period of 12 months, provided that the deletion does not conflict with statutory retention obligations. Data on orders, payments, etc. are subject to the statutory retention period in accordance with point 7.
Recipients: Payment service providers (Stripe Payments Europe, Ltd (Ireland)), processors (IT service providers: hosting providers, CRM tools providers).
To process payments, we use a payment service provider (Stripe Payments). This payment service provider processes data on the basis of its own privacy policy, which can be accessed at stripe.com/at/privacy.
3.4 Contact request
General & Purpose: If you contact us via our contact form on our platform or by e-mail, the data you transmit will be stored for the purpose of processing and answering your enquiry as well as in the event of further follow-up questions and further communication with you.
Data categories: Identification data (name), contact data (e-mail, telephone number), content data (esp. text entries), any other voluntarily provided data.
Legal basis: We process your data on the basis of our legitimate interest in answering inquiries from customers/users of our platform or from interested parties (Art.6 para. 1 lit. f GDPR). If your request relates to the establishment or performance of a contract, we process your data on the basis of Article 6 (1)(b) GDPR.
Storage period: Your data will be stored for the duration of the processing of your request and in the event of follow-up questions and then deleted, but no later than 6 months. Please note that data on orders, payments, etc. are subject to the statutory retention period in accordance with point 7.
Recipient: Processor (IT service provider: hosting provider; CRM tools: Ibexa GmbH, Odoo SA).
3.5 Newsletter
General & Purpose: You have the option of registering on the platform to receive our newsletter, with which we want to inform you about improvements, innovations, offers, promotions, competitions, etc. and stay in touch with you. We only use the double opt-in procedure to register for the newsletter: Only after you have clicked on the confirmation link in the e-mail you receive is your registration for the newsletter saved.
Data categories: Identification data (name, email address).
Legal basis: We process your data for this purpose only on the basis of your consent (pursuant to Article 6 (1) (a) GDPR, Section 174 (3) TKG 2021).
Storage period: Your data processed for this purpose will be deleted as soon as you unsubscribe from the newsletter or withdraw your consent.
Recipient: Processor (IT service provider: hosting provider; E-mail: Mailchimp).
If you have registered for our services, we may send you electronic mail within the meaning of Section 174 (4) TKG 2021 for the purpose of informing you about our own similar products or services (direct marketing), unless you have objected to this. In this case, you can also unsubscribe from receiving it at any time by using the unsubscribe option at the end of each mailing. In addition, you can object to receipt at any time without giving reasons. To do so, please contact the address listed in point 1.
It is possible at any time to object to the receipt of direct marketing by sending an informal letter to support@qucoxx.com or to do so in the user account.
3.6 Analysis of the use of our services
General & Purpose: We process data about your use of our services and our platform in order to better understand the interests, wishes and needs of our customers, to create analysis and to adapt our services accordingly. For this purpose, we use our own system functionalities as well as external tools and processors (according to point ) for usage analysis.
Data categories: identification data (name, email address); Technical data (device type, browser information); Usage/booking behavior (views of pages and offers on the Platform (offer views)); Subscription data (date of conclusion, type of subscription); Booking reasons; Usage Data (such as referrer URL, pages/areas of the Platform viewed, duration of visit, clicks/touch events, scrolls, etc.);Company data (VAT number, company etc); Content data of subscriptions (selected plans, implementation progress, content, etc.).
Legal basis: We process only a few categories of data (subscription data, company data, content data of subscriptions) using our own system functionalities on the basis of our legitimate interest in obtaining an overview of the selected subscriptions and plans, as well as their implementation progress, etc. (pursuant to Article 6(1) (f) GDPR). All other evaluations (such as usage/booking behaviour, booking reasons; For this purpose, we only process usage data etc.) on the basis of your consent (in accordance with Article 6 (1) (a) GDPR).
Storage period: Own system functionalities: Your data processed for this purpose will be deleted or anonymized after a maximum of one year. External tools: Your data will only be made available to us anonymously. Details on the processing and storage of your data can be found under points 4 and 5.
Recipients: External tools: Processors (Analysis: Google Ireland Ltd (Europe) CRM tools: Ibexa GmbH, Odoo SA).
3.7 Using the AI-Companions
General & Purpose: You can use our AI Companion to make inquiries to them and have ideas, suggestions or other messages processed automatically. Please do not enter any personal data into the AI-Companion! Our AI companion is an essential part of our services and has been carefully trained and configured by us. We have configured the AI-Companion in such a way that the entered data (even non-personal data) cannot be used to train the artificial intelligence by the manufacturer of the AI tool and the entered content is not transmitted to the manufacturer. However, your enquiries and the answers generated will be used by us for training purposes of the AI-Companion. The AI companion is used to provide quick answers and support, and to provide ideas and implementation plans. Your IP address is collected to record the frequency of your requests in order to prevent misuse of the AI companion by computer-generated or too numerous requests. Your entries and the answers generated will be stored in order to be able to provide information in the event of concerns or requested information.
Data categories: Technical data (IP address), content entered, number of requests, date and timeof use of the AI companion, generated responses.
Legal basis: The processing of your personal data by the AI-Companion is carried out for the performance of a contract (in accordance with Article 6 (1) (b) GDPR) so that we can offer you a functional and secure AI-Companion for quick answers and support, as well as on the basis of our legitimate interest (Article 6 (1) (f)GDPR) in being able to respond to your requests.
Storage period: Your IP address and the number of requests are automatically deleted after selection. The requests entered and the responses generated will be deleted or anonymized after 7, 14 or 30 days, depending on the setting you choose.
Recipient: Processor (IT service provider: hosting provider; Provider of the basic model of the AI companion: Open AI Ireland Ltd)
3.8 Applicant data
General & Purpose: As part of the application process, you can send us your application, including the personal data contained therein, electronically (in particular by e-mail). We will then process your data for the purpose of carrying out (pre-) contractual measures to carry out the application process and, if necessary, to establish the employment relationship.
Data categories: Identification data (name), contact details (e-mail, telephone number, address), content data of the application (in particular information about school and vocational qualifications and qualifications, knowledge and skills), any other voluntarily provided data in your application.
Legal basis: The processing of your personal data is carried out for the purpose of carrying out(pre-)contractual measures (in accordance with Article 6 (1) (b) GDPR) so that we can carry out the application process and for the establishment of the employment relationship. Insofar as special categories of personal data are processed, this is done on the basis of Article 9 (2) (a) and (b) GDPR (in particular in the case of voluntary disclosure of religious affiliation or disability).
Storage period: Your data will be deleted after a maximum of seven months, unless you wish to be included in our applicant pool. In this case, your data will be stored in our pool for a period of no more than one year so that you can be contacted in the future if necessary.
Recipient: Processor (IT service provider: hosting provider).
4 Use of Cookies
When using our Platform, we use specific usage analysis tools and similar technologies that are necessary to ensure its functionality and to be able to present our users' interaction with our Service. Cookies are small files that are stored on users' computers. Different information may be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his visit within an online offer.
We can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. If cookies are deactivated, the functionality of our website cannot be used to its full extent.
The following tools enable the analysis of the platform's usage behavior:
4.1 Google Analytics
Our platform uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CsA 94043, USA ("Google"). The information collected by cookies about your use of our service is transmitted to and stored by Google on servers in the USA. However, your IP address will be shortened by Google beforehand within the EU/EEA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On our behalf, Google will use the information to evaluate your use of the Services, to compile reports on service activity, and to provide other services related to the use of the Service to the Operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.
For more information on terms of use and data protection, please visit
https://marketingplatform.google.com/about/analytics/terms/de/ or
https://policies.google.com/technologies/partner-sites?hl=de.
Google Analytics uses the following Cookies:
5 Use of tools
5.1 Google Ads, AdSense and Conversion-Measurement
Our platform uses Google AdSense, a service that enables the integration of advertising on our platform. Google AdSense enables an interest-based target group approach of Internet users, which is implemented by creating individual user profiles. Our platform uses Google Ads, which in turn uses cookies that enable an analysis of your use of the platform. Google Ads creates so-called "conversion statistics". These include, for example, the number of users who clicked on an ad. In addition, it counts how many users have reached a landing page that has a "conversion tag". The information collected by Google Ads about your use of this platform will be transmitted to and stored on a Google server in the United States.
Google Remarketing allows a company to display advertisements to internet users who have previously been on the company's platform. The integration of Google Remarketing therefore enables a company to create user-based advertising and thus display relevant ads to interested Internet users. Google Remarketing allows us to display ads on the Google network or other websites based on individual needs and in line with the interests of Internet users.
Google AdSense is further explained under the following link: https://www.google.com/intl/en/adsense/start/. To learn more about how Google uses conversion data, see https://support.google.com/google-ads/answer/93148?ctx=tltp. For more information about Google AdsRemarketing, please visit the following link: https://support.google.com/tagmanager/answer/6106960?hl=en.
6 Data disclosure
6.1 International data transfers
Our processors may also process your personal data in countries that are not members of the EEA and for which there is no adequacy decision from the EU Commission. The data controller and the processors take appropriate safeguards in accordance with Article 46 of the GDPR to ensure the protection of your personal data in these countries. All processors used who transfer data to the USA are certified in accordance with the Data Privacy Framework. This agreement between the EU and the USA obliges participating companies to comply with European data protection standards in the USA as well. We contractually oblige our processors to ensure the comprehensive protection of personal data. If you would like to know more about the protection of your data in these countries, please contact the I in point 1 above.
6.2 Change of ownership
If our business (or parts of it) are transferred to a new owner, your personal data may be transferred to the new owner. In addition, if the company (or parts of it) are sold, your data may be disclosed to potential buyers and their advisors (e.g. lawyers) – if necessary – as part of a company due diligence in order to safeguard our legitimate interest in identifying a suitable buyer (Art. 6 para.1 lit.f GDPR).
6.3 Disclosure of data to supervisory authorities, courts and other third parties
We are subject to a variety of different legal provisions. We may therefore have to disclose personal data of our customers to authorities or courts at their request. This can occur, for example, in connection with possible criminal offences. However, we only comply with such requests if we are obliged to do so. In each individual case, we always make sure that the requirements of the legal basis are strictly adhered to and that the protection of your data is maintained.
6.4 Disclosure of data to other third parties
In individual cases, it may be necessary for data to be passed on to external third parties (e.g. contractors or agencies). However, your data will only be passed on if there is a legal basis within the meaning of the GDPR and the processing is carried out exclusively for one of the above-mentioned purposes. We also ensure that the relevant third party contractually agrees to comply with all applicable data protection regulations and handles your data responsibly. In accordance with the principle of data minimization, data transfer is strictly limited to those categories of data that are absolutely necessary for the fulfilment of the order.
7 Storage period
Contact details, booking details and payment details are subject to a statutory retention period of seven years. Pursuant to § 132 para. 1 BAO, this applies in particular to Accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenses, etc.
8 Your rights
You have the right to request information about your personal data processed by us. If your datais incorrect or incomplete, you have the right to have the data stored by us corrected or completed. You also havethe right to erasure of unlawfullyprocessed data or to restriction ofprocessing. You also have the right to release data (data portability). Please note that your rights may be limited dueto legal obligations.
If the processing of your personal data is based onyour consent, you can withdraw this consent at any time. This does not affectthe lawfulness of the processing before the withdrawal. If your personal datais processed to safeguard legitimate interests, you can object to thisprocessing in special exceptional cases that must be justified. You can alsoobject without justification if the processing is carried out for the purposeof direct marketing.
For all your concerns, please contact the contact listed in point 1.
While we will do our best to protect the privacy and integrity of your information, disagreements about the way we use your information cannot be ruled out. If you believe that we are not using your data in a lawful manner, you have the right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna.
9 Language reservation
If this Privacy Policy is prepared in different language versions and ambiguities or contradictions arise from these versions, the German version shall take precedence over all other versions and shall be relied upon solely for interpretation.
Items Changes and approval
January 2025
.png){kind=small}