Last update: October 2023
Provision of information pursuant to Art 13 of the General Data Protection Regulation 2016/679/EU ("GDPR") regarding the processing of personal data in the context of visiting and using the website https://www.moneycare.at/ ("Website") as well as in the context of interacting with our social media and third-party platform presences outlined under point 9.
Thank you for your interest in our website. The protection of your privacy is of high priority to us. Consequently, we only process your personal data on the basis of legal requirements set by the GDPR in conjunction with the Austrian Data Protection Act (Datenschutzgesetz) as well as other relevant legal provisions.
In general, you are not obligated to provide data due to statutory or contractual requirements. Data processed automatically when accessing the Website are either not personal data or are stored only for short periods (cf. point 6.1). However, if you decide to contact us via the contact options presented on the Website respectively in the course of this Data Protection Declaration, you have to provide us certain of your data being necessary for the processing of your respective request (cf. point 6.2). Furthermore, in cases where you wish to make use of further services offered via our Website (i.e., booking training courses within our "Impact Academy"), you have to provide us any data deemed necessary for contract conclusion and execution in the respective case. Should you refuse disclosure of your relevant data for the respective purpose, we may not be able to process your request or render our services to you. The individual processing activities in the context of accessing and using our Website are highlighted in detail under point 6.
Data protection laws are generally relevant in case any processing of personal data is concerned. The terms used within the scope of this Data Protection Declaration are defined in and by the GDPR. As such, the broad definition of processing (Art 4 item 2 GDPR) of personal data means any operation or set of operations performed on personal data. Any information allowing us or third parties to potentially identify you in person can be considered your personal data, which makes you a data subject (Art 4 item 1 GDPR) within this context.
The following terms are particularly relevant for a better understanding of this Data Protection Declaration:
Term | Definition | Regulation |
---|---|---|
Controller | Natural or legal person or other body which has decisive influence on the processing of personal and is therefore subject to data protection obligations. | Art 4 item 7 GDPR Art 24 GDPR |
Joint Controllers | Controllers, which process personal data in common interest and have each at least partly a decisive influence on decisions made in this regard. | Art 26 GDPR |
Processor | External service provider which processes personal data on behalf of the controller and is contractually bound to its instructions. The processor thereby acts as a kind of extended arm of the controller. | Art 4 item 8 GDPR Art 28 GDPR |
Recipient | Generally, every natural or legal person or other body outside of the organisation of the controller to which data being subject to the controller's responsibility are disclosed. | Art 4 item 9 GDPR |
Legal basis | Condition determined by law that constitutes an authorisation to lawfully process personal data. | Art 6 para 1 GDPR |
Transfer to third countries | Transfer of personal data to countries outside of the EU respectively EEA through which they are detracted from the sole control of the GDPR due to stronger ties to the legal system of such third country. This might take place where data are disclosed to a recipient that (i) has its seat/residency in such third country or (ii) maintains a server there on which personal data are processed. | Chapter V GDPR |
Adequacy decision | A resolution of the European Commission through which the adequacy of the data protection level in a third country is acknowledged, and consequently a transfer of data is possible without further restrictions. | Art 45 GDPR |
Appropriate safeguards | Various instruments which allow the transfer of personal data into a third country for which an adequacy decision does not exist. As far as third-country transfers by us are based on appropriate safeguards, you may request a copy thereof by contacting us under the contact options as outlined subsequently. | Art 46 GDPR |
Controller in the sense of Art 4 item 7 GDPR:
money:care GmbH ("we")
Seilerstätte 24 (4th floor)
1010 Vienna
Austria
Contact Details:
Email: office@moneycare.at
On our Website and in this Data Protection Declaration, we use links to websites of third parties, i.e., links to our presences in social networks or to companies' presences depicted in the course of our "Impact Check". If you click on one of these links, you will be forwarded to the respective website. For the operators of these websites, it is only evident that you have accessed our Website beforehand. However, please be aware that accessing third-party sites results in additional processing of your data in the sphere of the respective third party! Accordingly, we refer you, in general, to the separate data protection declarations of these websites. For further information on our processing of your data in connection with our social media or third-party platform presences, please review point 9.
You may decide to exercise any of the following rights concerning our processing of your personal data at any time free of charge by means of a notification being sent to one of the contact options outlined under point 2; we shall then answer your request as soon as possible and within one (1) month at the latest (in exceptional cases, restrictions on these rights are possible, for instance, if otherwise the rights of third parties would be affected):
For the purposes executing the data processing activities as indicated in the course of this Data Protection Declaration, we may transfer your personal data to the following recipients or make them available to them:
Within our organisation, your data will only be provided to those entities or employees who need them to fulfil their respectively our respective obligations. Furthermore, (external) processors engaged by us receive your data if they need these data to provide their respective services (whereby the mere possibility to access personal data is sufficient).
Within the context of our Website, the following processors may have access to your personal data:
Additionally, we may transfer your data to independent controllers, as far as this is deemed necessary, we are legally obliged to do so or you have provided your respective consent. This includes, in particular, the recipients outlined under point 10 as well as, potentially, our tax consultant, Simplify Tax Steuerberatung GmbH, Mommsengasse 33 Top 2+5, 1040 Vienna, Austria.
Lastly, we are joint controllers in the sense of Art 26 GDPR with the service providers described under point 9 when accessing and interacting with our respective social media or platform presences.
In the subsequent section, data processing operations that may occur when accessing or using our Website are described in detail. Within this context, we provide you with information on the essential elements of each data processing operation, namely (a) type and extent ( when and how), (b) purpose (why) as well as (c) the storage period of your data (how long).
Moreover, we inform you about the legal basis which we use to justify the respective data processing operation as required by the GDPR. The following chart provides you with a first overview of possible legal bases, which we use in this regard:
Legal basis | Definition | Regulation |
---|---|---|
Consent | You have given us your consent prior to the beginning of the data processing operation and for the specific occasion, which therefore authorises us to process your data. (For the right to withdraw your previously given consent at any time, see point 4.) | Art 6 para 1 lit a GDPR |
Performance of a contract | The processing of your data is necessary for the performance of a contract concluded with you or to take steps prior to entering into a contract with you at your request. | Art 6 para 1 lit b GDPR |
Legal obligation | The processing of your data is necessary to comply with a legal obligation we are subject to. | Art 6 para 1 lit c GDPR |
Legitimate interests | The processing of your data is (i) necessary for the purposes of legitimate interests pursued by us or a third party and (ii) we have considered your conflicting interests and fundamental rights and freedoms accordingly. (For the right to object to interest-based processing due to your particular situation, see point 4.) | Art 6 para 1 lit f GDPR |
a) Type and extent of data processing: You can visit our Website without providing any personal information. However, out of technical necessity, so-called "traffic data" are processed automatically when a website is accessed. Within this context, in particular, the following categories of traffic data can be transferred to the server that is requested to provide a respective website or file:
(b) Legal basis and purpose: The purpose of this data processing operation is to establish and maintain technical security with regards to our Website. The processing is based on our legitimate interest (Art 6 para 1 lit f GDPR; for the "right to object", see point 4) in achieving the mentioned purpose.
(c) Storage period: Server log files are stored for a period of thirty (30) days and subsequently automatically erased.
(a) Type and extent of data processing: When contacting us via the contact form provided on our Website, we will use your data as indicated in order to process your contact request and deal with it. Certain additional information may be provided voluntarily. The data processing involved is necessary to issue a response in respect of your request. Moreover, the respective elucidations of this point apply accordingly to the processing of data being entailed by direct contact requests executed via contact details provided on our Website, without making use of the contact form.
(b) Legal basis and purpose: Purpose of the data processing is to enable us an exchange with users of the Website. We answer your request on the basis of our legitimate interest (Art 6 para 1 lit f GDPR; for the "right to object" see point 4) in maintaining a properly functioning contact system, which is a prerequisite for the provision of any services. As far as your request is based on an existing contractual relationship with us or you are interested in establishing said contractual relationship, the processing is based on the performance of the corresponding contract, or on taking steps prior to entering into a contract with you at your request (Art 6 para 1 lit b GDPR).
(c) Storage period: We delete your requests as well as your contact data if the request has been answered conclusively. Your data are, in general, stored for a period of sixty (60) days and subsequently erased if we do not receive follow-up requests and if the data must not be further processed for different purposes (e.g., for the fulfilment of our legal documentation obligations – cf. point 6.6).
(a) Type and extent of data processing: Via the Website, you may have different options to subscribe to one-time or recurring promotional emails. This may, for instance, relate to requests for the appointment of a demonstration of our enterprise solution AI tool, for a notification regarding the addition of certain companies in respect of our "Impact Check" or, if available, a subscription for our newsletter. For this purpose, you have to provide us the data as indicated in the relevant form (in particular, your email address); certain additional information (e.g., for personalisation) may be provided voluntarily. Promotional communication will solely be sent to email addresses having been indicated by interested users themselves. If you no longer wish to receive previously requested emails, you can of course unsubscribe at any time (withdraw your consent) by notifying us via the contact address specified under point 2 or by clicking on a respective link potentially provided in the course of each email. In order to increase performance and reach of our advertising measures, we also use email deliveries for statistical evaluations. By doing so, we are able to analyse opening and click behaviour as well as information on the technical deliverability of emails. Furthermore, we are able to detect if certain predefined actions are carried out after opening/clicking on an email (conversion rate). For delivery of the newsletter and statistical evaluations, we use the newsletter service "MailerLite", which is operated by MailerLite Limited (cf. point 5). Hence, your voluntarily provided data will be saved on servers of the respective service provider; in order to provide our newsletter service to the extent described above.
(b) Legal basis and purpose: The data mentioned above are processed in the form of the requested subscription for the purposes of direct marketing and are necessary to send the respective emails. Email communication or other electronic advertisements will in no case be sent without your prior consent (Art 6 para 1 lit a GDPR, for the "right to withdraw" see point 4) which we obtain from you directly on our Website. Subsequent to receiving your consent, we send an email to the email address provided, in order to confirm your subscription. All statistical evaluations are based on our legitimate interest (Art 6 para 1 lit f GDPR; for the "right to object" see point 4) in creating a cost efficient statistic, that is easy to handle and useful for marketing purposes.
(c) Storage period: All data having been collected for the delivery of the newsletter are stored for the duration of the respective consent declaration. Statistical data generated from email delivery will solely be used to create an overall performance statistic and will not be stored in a personal form that would allow attribution to a specific data subject.
(a) Type and extent of data processing: Several functions on our Website can be (partially) used free of cost. However, it may be necessary to register a user account with us in order to utilise additional/extended services. This applies to the following cases:
(b) Legal basis and purpose: Processing of your data in the context of registering a user account serves the purpose that we can pursue our business activity and provide our services accordingly; it is necessary for the performance of the respective contract concluded with us respectively to take steps at your request prior to entering into a contract (Art 6 para 1 lit b GDPR). This includes – on the one hand – the contract regarding the extended use of our free-of-charge "Impact Check" in exchange for the information provided in the course of creating a user account (which allows us to better understand the use of our services); on the other hand, making use of our services relating to the "Impact Academy" (cf. point 6.5).
(c) Storage period: In principle, user accounts will be kept by us until the respective user requests for deletion.
(a) Type and extent of data processing: In case you wish to make use of our fee-based service offers in regards to the "Impact Academy", you have to create a user account first (cf. point 6.4). Afterwards, you may book the respective training offer directly within your user account under consideration of the information provided by us in this regard and subsequently use the service. Processing of your payment in this regard is executed automatically via the portal of our payment service provider Stripe Payments Europe Limited (cf. point 5), acting as our processor. Stripe Payments Europe Limited may utilise further processors (sub processors) to render its services; in particular, US based group company Stripe, Inc. (California, USA). Any such potential transfer of your data in the legal sphere of the US is usually based on the adequacy decision of the EU Commission in the sense of Art 45 GDPR concerning the "EU-US Data Privacy Framework" – you may check the respective certification of Stripe, Inc. under https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TQOUAA4&status=Active . In principle, we process your data within you within your user account – however, please be aware that certain offers/functions in respect of the "Impact Academy" can be outsourced by us, wherefore you may also have to access third-party services in order to make full use of our offer (cf. point 3). This particularly concerns the platform "Discord" (cf. point 9.4).
(b) Legal basis and purpose: Processing of your data in the course of our fee-based services serves the purpose that we can pursue our business activity and provide our services accordingly; it is necessary for the performance of the respective contract concluded with us respectively to take steps at your request prior to entering into a contract (Art 6 para 1 lit b GDPR).
(c) Storage period: Your contract- and use-related data are stored by us for a period of two (2) years and erased afterwards as long as there are no follow-up requests. Longer storage periods for certain data may be required in the context of our legal documentation obligations (cf. point 6.6) as well as due to the probable execution of legal claims. Regarding our general retention of user accounts, please review point 6.4.
(a) Type and extent of data processing: In general, we do not store your data for longer than absolutely necessary. However, in some cases, we are subject to legal obligations that do not allow us to erase your data immediately. This concerns, for instance, your accounting data, which have to be stored by us, among other things, because of retention and documentation periods set by relevant fiscal and commercial law.
(b) Legal basis and purpose: We process your data in this context on the basis of Art 6 para 1 lit c GDPR (legal obligation). This processing of your data is conducted for the purpose of complying with our own statutory duties.
(c) Storage period: Due to legal retention and documentation obligations, which are arising under fiscal and commercial law, your data are generally stored for a period of seven (7) years. In case the data in question are relevant for a pending (tax) proceeding, they might be stored for longer. As a result of other legal requirements, storage periods may deviate for certain data.
(a) Type and extent of data processing: Due to third-party software which is embedded into our Website, additional data processing activities may be initiated for different purposes. The specific services and their functionality are briefly described under point 8.2; further information can be found in detailed descriptions under point 8.3.
(b) Legal basis and purpose: Within the framework of the respective service, we use collected data in order to expand our services or make them more attractive/effective. The relevant legal basis is stated in the description of the respective service.
(c) Storage period: We store generated data in accordance with the requirements and possibilities stipulated by the relevant service for as long as it is necessary to fulfil the respective processing purpose.
On our Website we us the following technologies for different purposes. If information is stored on your end device by doing so, they are called storage technologies , and are subject to particular data protection regulations. If they are not technically necessary for the functioning of our Website, we need to collect your consent prior to their use. Additionally, we use other technology for similar purposes and further process data collected in that regard by using storage technologies. Storage technologies are also used in the in the scope of third-party services described under point 8.
If you give us your consent (Art 6 para 1 lit a GDPR; for the "right to withdraw", see point 4 as well as point 7.3), so-called "cookies" are used on our Website; in case you decline to provide us with your consent, we shall limit our use of cookies to those cookies being technically necessary and essential for the proper functioning of our Website (see below) and process your data on the basis of our accompanying legitimate interest (Art 6 para 1 lit f GDPR), as far as personal data are involved (for the "right to object", see point 4). Cookies are small data sets that are stored on your end device by your respective browser. They are placed by a web server and sent back to it as soon as a new connection is established in order to recognise the user and his settings. In this sense a cookie assigns a specific identity consisting of numbers and letters to your end device. Cookies can fulfil different purposes, e.g., helping to maintain the functionality of websites with regard to state of the art functions and user experience. The actual content of a specific cookie is always determined by the website that created it. Cookies always contain the following information:
Cookies can be differentiated according to type and purpose as follows:
With regard to the storage period cookies can be further differentiated as follows:
Furthermore, cookies may be differentiated by their subject of attribution:
Most browsers automatically accept cookies. With respect to providing or withdrawing your consent through our consent tool, see point 7.3. Moreover, you have the option to customise your browser settings so that cookies are either generally declined or only allowed in certain ways (e.g., limiting refusal to third-party cookies). However, if you change your browser's cookie settings, our Website may no longer be fully usable. Via the browser settings, you also have the option to delete the entirety of cookies already stored on your end device. This corresponds to a withdrawal of your consent (for the "right to withdraw" see point 4) as well.
Specifically, we use the following cookies:
Name | Type | Duration | Purpose |
---|---|---|---|
COMPANY_DASHBOARDS_VISITED | Technically necessary cookie | 30 days | Limitation of observable data without registration |
agreed-terms-of-service | Technically necessary cookie | 365 days | Agree to terms of service |
mnc-language | Technically necessary cookie | 30 days | Storage of the configured language |
cookieconsent_status | Technically necessary cookie | 365 days | Storage of user consent for cookies |
_ga, ga | Google Analytics cookie | 2 years | Used to distinguish users. |
_gid | Google Analytics cookie | 1 day | Used to store session ID and to group the session for analytics tracking (not officially stated). |
_gcl_au | Google Analytics cookie | 90 days | Used for conversion tracking in Google Ads. |
_hjFirstSeen | Hotjar cookie | 30 minutes | Identifies a new user’s first session. Used by Recording filters to identify new user sessions. |
hjSessionUser{site_id}, hjSession{site_id} | Hotjar cookie | 365 days, 30 minutes | Ensures data from subsequent visits to the same site are attributed to the same user ID. |
hjIncludedInSessionSample{site_id} | Hotjar cookie | 2 minutes | Set to determine if a user is included in the data sampling defined by your site's session limit. |
KEYCLOAK_IDENTITY, KEYCLOAK_SESSION, KC_RESTART, AUTH_SESSION_ID, KEYCLOAK_IDENTITY_LEGACY, KEYCLOAK_SESSION_LEGACY, AUTH_SESSION_ID_LEGACY | Technically necessary cookie | Session | Necessary to use identity provider Keycloak |
If you have given us your explicit consent (Art 6 para 1 lit a GDPR; for the "right to withdraw", see point 4), we use storage capacity of your browser software in order e.g., to enhance the usability of our Website, its user-friendliness and our service in general (for example to save your language settings). Therefore, we use the so-called local storage or session storage to store certain data on your end device, whereby your browser software maintains a separate local storage or session storage for each domain. Besides yourself, only we are able to access the data we are processing in this context. If technically necessary for the functioning of our Website, certain information may be stored in the local storage or session storage without your consent. Under no circumstances, third parties/websites will be able to access/read any of such data; however, the data may be stored on your end device by our partners (third-party service providers). In contrast to "cookies", this method is safer and faster because data are not transferred automatically to the respective server with every HTTP request, but stored by your browser software. Additionally, a greater volume of data (at least 5 megabytes) can be stored, whereas cookies have a maximum storage capacity of 4096 Bytes.
Since their functionality is similar to that of cookies, point 7.1 applies correspondingly. Please be aware that information in the local storage does not have a predefined expiration date (similar with persistent cookies). In contrast, information in the session storage is stored only for the duration of respective browser session (similar to session cookies).
With respect to providing or withdrawing your consent through our consent tool , see point 7.3. The manual erasure of data from the local or session storage can be achieved similarly to the manual erasure of cookies through the browser settings of most browsers since common browsers combine settings for cookies, local storage and session storage, collectively referring to website data (e.g., "cookies and other website data"); therefore please review point 7.1 for the full picture. If cookies and other website data are combined accordingly by your browser software, disabling cookies also disables access to the local storage or session storage (which therefore can lead to usability limitations). Disabling JavaScript can also prevent websites from accessing the local or session storage. However, this may result in severe usability limitations.
Specifically, we do not use any local/session storage objects at the moment.
Where necessary, and in order to ensure that you have given us your prior consent regarding the use of storage technologies, a consent tool appears automatically when accessing our Website. Through the options provided therein, you can select your preferences. To save your preferences, a technically necessary cookie is placed on your end device. If you do not provide us with your consent, certain parts of our Website may be unusable.
Apart from cookies, we also use so-called tracking pixels (also: pixel tags or web beacons) to collect certain data via our Website. Tracking pixels are transparent images which are practically invisible as they consist of a single pixel. The tracking pixel is placed on a server and loaded therefrom as soon as a respective subpage of our Website is accessed. They allow us to track that a subpage is accessed as well as any subsequent user activity on this page, in order to place targeted marketing. By means of the tracking pixel , in particular, the following information can be collected: (i) operating system used; (ii) browser type/version used; (iii) time of access; (iv) user behaviour on the visited page; (v) IP address and approximate location of the user.
Tracking pixels are used on our Website on the basis of our legitimate interests (Art 6 para 1 lit f GDPR; for the "right to object" see point 4) in analysing user accesses in a state of the art manner; in certain cases, we may also obtain your prior consent (Art 6 para 1 lit a GDPR; for the "right of withdrawal" see point 4). As a tracking pixel is merely an image loaded from a server, its lifetime is limited to your current browser session. However, information collected via a tracking pixel may be subsequently stored in cookies (see point 7.1).
Purpose of processing: In order to optimise our Website for its intended purposes, provide necessary or useful functions in regards to an economically viable pursuit of our business activity as well as to make available services to users that are usually expected in our line of business, we utilise a variety of services on our Website which are rendered by third-party service providers and subsequently described below.
Processing roles: Unless stated otherwise, the respective third-party service provider acts as our processor and subsequently provides its services in our name and on the basis of a corresponding agreement. However, some of the engaged third-party service providers may (also) receive data as independent controllers for their own purposes, in particular for the optimisation of their services. Regardless of their specific processing role, they are in any case considered recipients of some of your data, since the use of the respective service on our Website requires the processing of your data by the corresponding service provider.
Necessary processing: From a purely technical perspective, certain traffic data are transferred when visiting any website, and may be transferred to implemented services as well (cf. point 6.1). Any such transmission of traffic data that is technically necessary is based on our legitimate interest (Art 6 para 1 lit f GDPR) in integrating the respective services with adequate effort into our Website (for the "right to object", see point 4). Any further use of traffic data within this context is grounded on a separate legal basis pursuant to the specific information provided below.
Subsequently, you can find a brief summary of services used as well as accompanying basic legal information.
If you press on the name of one of the services, you will be transferred to the data protection declaration of the respective service provider. Please be aware that accessing third-party sites results in additional processing of your data in the sphere of the respective third party (cf. point 3).
Service | Processing operation | Purpose | Legal basis |
---|---|---|---|
Google Analytics | Processing of traffic data, processing of user behaviour | Web analysis (tracking) | Consent (Art 6 para 1 lit a GDPR) |
YouTube | Processing of traffic data and use of storage technologies to implement video content via inline frames | Realisation of a state of the art service as well as appealing presentation of our content | Consent (Art 6 para 1 lit a GDPR) |
Hotjar | Tracking mouse movements, scrolling actions, and clicks. | Analyzing user behavior, generating heatmaps | Consent (Art 6 para 1 lit a GDPR) |
The following services are provided by Google Ireland Limited, Barrow Street, Dublin 4, Ireland ("Google Ireland").
Google Ireland intends to process data of users of the EEA region, where possible, in data centres situated in Europe; however, an outsourcing of processing activities to third parties such as group companies may take place, wherefore a processing of your data in the US, in particular by Google LLC (California, USA), is possible; any such potential transfer is usually based on the adequacy decision of the EU Commission in the sense of Art 45 GDPR concerning the "EU-US Data Privacy Framework". You may check the respective certification of Google LLC under: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active. An overview of Google's data centres can be viewed at: https://www.google.com/about/datacenters/inside/locations/?hl=en.
For further information on data usage by Google Ireland and affiliated companies as well as your options in terms of settings and objection, please review the data protection declaration of Google under https://policies.google.com/privacy?hl=en.
We use a web analysis and online marketing tool "Google Analytics", which enables us to analyse how you use this Website. The tool tracks, for example, the time users spend on a subpage of our Website or which links are being clicked by them. Also Google Analytics enables us to track when website users meet certain predefined criteria (so-called conversions) through their actions. The tracking takes place via JavaScript libraries provided by Google Ireland. Google Analytics uses cookies (respectively similar storage technologies; see point 7). In the context of the application of Google Analytics your traffic data (see point 6.1) are transferred to and stored on Google servers (however, your IP address will only be stored in a shortened form).
Based on our instructions, Google Ireland will use the information collected to analyse the use of our Website, draft reports on website activities and provide us with further services connected to the use of our Website and the Internet.
The use Google Analytics is based on your prior consent (Art 6 para 1 lit a GDPR; for the "right to withdraw" see point 4). The data concerning the use of our Website are deleted automatically after a storage period of twenty-four (24) months set by us in the Google Analytics settings.
On our Website, videos of the platform https://www.youtube.com, a service of Google Ireland, are embedded as an inline frame.
Google Ireland uses storage technologies (cf. point 7) for the collection and statistical evaluation of data within the framework of such integration. Google Ireland uses the information collected via storage technologies under its own responsibility to compile accurate video statistics, prevent fraud and improve user-friendliness. Information generated by the use of said storage technologies as well as traffic data (inter alia, your IP address) are subsequently transferred to a Google server and stored there. However, the IP address will be shortened beforehand. An immediate allocation to your person is only possible if you are logged into your Google account when accessing a respective video, or when accessing a subpage with such integrated video after you have already given your previous consent. Therefore, if necessary, please log out of your account before you allow us to display the video or access the respective page.
We base our processing of your data within that context on your prior consent (Art 6 para 1 lit a GDPR; for the "right to withdraw" see point 4). We receive statistical evaluations from Google Ireland in regards to the retrieval of individual videos embedded in the Website without reference to the respective user.
Since the videos are only embedded in our Website but played directly via https://www.youtube.com, the terms of use and data protection declaration of YouTube/Google apply in that context.
Our website uses Google Tag Manager. The Google Tag Manager allows us to manage website tags through a single interface. The Google Tag Manager tool itself (which triggers the tags) is a domain without cookies and does not collect any personally identifiable information. The tool triggers other tags, which may in turn collect data. Google Tag Manager does not access this data. If a deactivation was carried out at the domain or cookie level, it remains in effect for all tracking tags that were implemented with the Google Tag Manager.
For analyzing user behavior on our website, we use the tool Hotjar. Hotjar allows us to track mouse movements, scrolling actions, and clicks. With this information, we can create so-called heatmaps, which show which areas of our website are preferably viewed by visitors.
Hotjar uses technologies to recognize the user for analyzing their behavior (e.g., cookies). The processing of this data by Hotjar is based on your consent according to Art 6 para 1 lit a DSGVO (GDPR). You can revoke this consent at any time. To deactivate Hotjar's data collection, please visit: https://www.hotjar.com/opt-out. Note that you have to deactivate Hotjar for every browser and device used. For more information about Hotjar and the data collected, please refer to: https://www.hotjar.com/privacy.
For the purpose of promoting our business activity and our service offer, we maintain presences in various social networks and similar platforms. The processing of your data in this context is based on our legitimate interest (Art 6 para 1 lit f GDPR; for the "right to object", see point 4) in expanding our reach as well as providing additional information and means of communication to users of social networks and similar platforms. In order to reach said purposes at the best possible rate, we may utilise functions provided by the respective service provider to measure our reach in detail (access statistics, identification of returning users, etc.).
In the course of accessing any of the online presences outlined subsequently, we process the general information being evident due to your profile in the respective network/platform as well as additional continuance, contact or content data, as far as you provide us with such data by interacting with our online presence and its contents. We do not store those data separately outside of the respective social network.
Since we jointly decide with the relevant service provider (respectively entity expressly outlined as controller) upon purposes and means of data processing in the course of a respective online presence, we are to be considered joint controllers in the sense of Art 26 GDPR. The provider of each social network respectively platform mentioned shall act as the primary point of contact with regard to all general and technical questions in respect of our online presences; this also applies to fulfilling rights of the data subjects in the sense of point 4. However, in case of requests concerning the specific operation of our online presences, your interactions with them or information published/collected via such channels, we shall be the primary point of contact; point 4 as well as other stipulations in this Data Protection Declaration apply correspondingly.
Some of the subsequent service providers are respectively their server landscape is located outside of the EU/EEA or they use processors to render their services to which this applies. Please be aware that we have no influence if or to which extent such transfers take place when using the respective network. You can find the relevant information on how each service provider handles third-country transfers (which might include data of you provided in the course of interacting with our social media presences) in the relevant data protection information of such service provider (cf. the respective links under each subsequent subsection). Mostly, those service providers utilise a certification according to the "EU-US Data Privacy Framework" pursuant to the respective adequacy decision of the EU Commission in the sense of Art 45 GDPR or standard data protection clauses in the sense of Art 46 para 2 lit c GDPR adopted by the European Commission in order to justify their transfers.
You can review the most relevant certifications relating to group companies of the subsequently displayed providers under the following links:
The social network "Instagram" is operated by Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA, which is part of the Facebook group. Controller from a data protection point of view with regard to the EEA region is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta Ireland"). In respect of the operation of our Instagram account "moneycare.at" (https://www.instagram.com/moneycare.at/), we are joint controllers in the sense of Art 26 GDPR with Meta Ireland.
Please note that we have no influence on the programming and design of the social network; thus, we can only use the options provided by Instagram in order to personalise and maintain our Instagram account. Hence, please carefully review the terms which the service provider prescribes for the use of the social network (https://help.instagram.com/581066165581870?cms_id=581066165581870) as well as the separate data protection declaration (https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect) and consider the settings options in your Instagram account. In regards to any information provided by us via mechanisms made available by Instagram (postings, stories, etc.), we are naturally fully responsible.
Controller of the video platform "YouTube" for the EEA region is Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Ireland ("Google Ireland"). In respect of the operation of our YouTube channel "money:care" (https://www.youtube.com/channel/UC3s3NhUwSDbdHTUuRMC2cKA), we are joint controllers in the sense of Art 26 GDPR with Google Ireland.
Please note that we have no influence on the programming and design of YouTube; thus, we can only use the options provided by YouTube in order to personalise and maintain our YouTube channel. Hence, please carefully review the terms which the service provider prescribes for the use of the video platform (https://www.youtube.com/t/terms) as well as the separate data protection declaration (https://policies.google.com/privacy?hl=en-GB&gl=uk) and consider the settings options in your YouTube account. In regards to videos and content provided by us, we are naturally fully responsible.
The social network "LinkedIn" is operated by LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA. Controller from a data protection point of view with regard to the EEA region is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn Ireland"). In respect of the operation of our LinkedIn account "money:care" (we are joint controllers in the sense of Art 26 GDPR with LinkedIn Ireland.
Please note that we have no influence on the programming and design of the social network; thus, we can only use the options provided by LinkedIn in order to personalise and maintain our LinkedIn account. Hence, please carefully review the terms which the service provider prescribes for the use of the social network (https://www.linkedin.com/legal/user-agreement?_l=en_EN) as well as the separate data protection declaration (https://www.linkedin.com/legal/privacy-policy\) and consider the settings options in your LinkedIn account. In regards to any information provided by us via mechanisms made available by LinkedIn (postings, chats, etc.), we are naturally fully responsible.
The online communication platform "Discord" is operated by Discord, Inc., 444 De Haro Street, Suite 200, San Francisco, CA 94107, USA. Controller from a data protection point of view with regard to the EEA region is Discord Netherlands BV, Schiphol Boulevard 195 1118BG, Schiphol, Amsterdam, Netherlands ("Discord Netherlands"). In respect of the operation of our Discord server "money:care", we are joint controllers in the sense of Art 26 GDPR with Discord Netherlands.
Please note that we have no influence on the programming and design of the platform; thus, we can only use the options provided by Discord in order to personalise and maintain our Discord presence. Hence, please carefully review the terms which the service provider prescribes for the use of the social network (https://discord.com/terms) as well as the separate data protection declaration (https://discord.com/privacy) and consider the settings options in your Discord account. In regards to any information provided by us via mechanisms made available by Discord, we are naturally fully responsible.
On our Website, you have the option to use your registration data held by certain third-parties to register for/log in to our service offer as well without having to pass through a time-consuming standard registration process. This shall facilitate making use of our services.
Using such registration option requires that you are already registered with one of the subsequent providers/services:
In case you press the respectively named button in the course of creating a user account, you will be requested to indicate your login data held by the respective provider. The same applies where you have already used this option to register and subsequently want to log in again into your account.
After a successful login attempt, we receive a user ID, which solely contains the information that you have logged in via the respective provider using the single sign on procedure. Which data we receive after in the course of this process depends upon the provider utilised as well as upon your settings at the respective third-party account.
Usually, we receive at least your user name and profile picture, potentially your email address as well. We do not get access to your password. If applicable, you may have to expressly consent to a the data release and/or you may be able to make certain settings within your respective third-party account. In order to realise the data exchange, the respective provider will necessarily receive your traffic data in the sense of point 6.1.
For execution of the login/registration, a connection with servers of the respective provider as well as with your respective third-party account will be established. A continuous automatic alignment with your identity data stored by us is possible; however, as it cannot be guaranteed in each case, we ask you to alter your data manually if changing in case of doubt. You may usually terminate the link established by the single sign on procedure via the settings in your respective third-party account. If you wish to achieve erasure of your data stored by us, please contact us using the contact options indicated under point 2.
The service providers outlined above may transfer your data potentially to group companies () or other recipients especially in the US. Such transfer of your data is usually based on the adequacy decision of the EU Commission in the sense of Art 45 GDPR concerning the "EU-US Data Privacy Framework" or on standard data protection clauses in the sense of Art 46 para 2 lit c GDPR adopted by the EU Commission as adequate safeguards. ". You may check certifications according to the "EU-US Data Privacy Framework" of the relevant entities under: https://www.dataprivacyframework.gov/s/participant-search.
Please also review the data protection information provided by the respective provider:
Privacy policy of money:care GmbH for the domain "www.moneycare.at" and various social media and platform presences.
You can view our privacy policy here as a PDF file.