Last updated: December 06, 2022
Interpretation and Definitions
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
- Account means a unique account created for You to access our Service or parts of our Service.
- Affiliate means an entity that controls, is controlled by or is under common control with a party, where „control“ means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
- Application means the software program provided by the Company downloaded by You on any electronic device, named lazy learn
- Company (referred to as either „the Company“, „We“, „Us“ or „Our“ in this Agreement) refers to ALBATROSS Consulting e.U, Wehrstraße, 15.
- Country refers to: Austria
- Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
- Personal Data is any information that relates to an identified or identifiable individual.
- Service refers to the Application.
- Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
- Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Collecting and Using Your Personal Data
Types of Data Collected
While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:
- Email address
- Usage Data
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
Use of Your Personal Data
The Company may use Personal Data for the following purposes:
- To provide and maintain our Service, including to monitor the usage of our Service.
- To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
- For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
- To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
- To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
- To manage Your requests: To attend and manage Your requests to Us.
- For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
- For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.
We may share Your personal information in the following situations:
- With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
- For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
- With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
- With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
- With Your consent: We may disclose Your personal information for any other purpose with Your consent.
Retention of Your Personal Data
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Delete Your Personal Data
You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.
Our Service may give You the ability to delete certain information about You from within the Service.
You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.
Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.
Disclosure of Your Personal Data
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of the Company
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of Users of the Service or the public
- Protect against legal liability
Security of Your Personal Data
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.
If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent’s consent before We collect and use that information.
Links to Other Websites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
By email: firstname.lastname@example.org
By visiting this page on our website: https://www.lazy-learn.com/legal-notifications-impressum/
Order Processing Agreement
According to Art. 28 (3) sentence 1 GDPR – referred to below as AV contract
Albatross Consulting e.U.
– hereinafter referred to as client –
– hereinafter referred to as contractor –
– Contractor and client are hereinafter also referred to as contracting partiesdesignated. –
– Annex 1 „Security concept“
– Appendix 2 „Subcontracting“
- Object of the order, data categories, data subjects, type, scope and purpose of the processing (Art. 28 (3), 30 (2) GDPR)
- The object of the AV contract, the personal data processed within the scope of the order (Art. 4 1 GDPR; hereinafter referred to as “data”), the persons affected by the processing (hereinafter referred to as “data subject”) as well as the type, scope and purposes of the processing are determined by the following legal relationship(s) between the contracting parties (hereinafter referred to as the main contract): The contracting parties work together on the basis of individual orders that the client places with the contractor or within the framework of individual contracts that the client concludes with the contractor. The provisions of this AV contract take precedence over the main contract.
- Type of data:Inventory data (eg, names, addresses).Contact information (e.g., email, phone numbers).Content Data (e.g., text input, photographs, videos).
Contract data (e.g. subject matter of contract, term).
Payment data (e.g. bank details, payment history).
Usage data (e.g., interests, websites visited, purchasing behavior, access times, log data).
Meta/communication data (e.g. device IDs, IP addresses, location data).
Employee master data (e.g. names, addresses, wage groups, tax characteristics).
Applicant data (e.g. names, contact details, qualifications, application documents).
Content data (audio/voice recordings, text input and text- to-speech and speech-to-text conversion)
- Processing of special categories of data (Article 9 (1) GDPR):
- Categories of data subjects
- Purpose of processing:
- Responsibility and authority to issue instructions
- As the person responsible in accordance with 4 No. 7 GDPR, the client is responsible for compliance with data protection regulations, in particular for the selection of the contractor, the data transmitted to them and the instructions issued (Art. 28 (3) lit. a, 29 and 32 paragraph 4 GDPR).
- The contractor may only process data within the framework of the main contract and the instructions of the client (which also applies in particular to their correction, deletion or restriction of processing) and only insofar as the processing is necessary for this, unless the contractor is obliged to process by Union or Member State law to which the contractor is subject; in such a case, the contractor shall notify the client of these legal requirements prior to processing, unless the relevant law prohibits such notification due to an important public interest (Article 28 (3) sentence 2 a GDPR).
- The customer has the right to issue additional instructions with regard to the processing of the data and the security measures at any time.
- If the contractor is of the opinion that an instruction of the client violates applicable data protection law, he will immediately point this out to the In this case, the contractor is entitled to suspend the execution of the instruction until the instruction has been confirmed by the client and in the case of obvious reject unlawful instructions.
- If additional instructions from the client go beyond the contractor’s obligation to perform under the main contract and are not based on misconduct on the part of the contractor, then the client has the contractor to remunerate the resulting additional expenses separately.
- The contracting parties can designate persons who are authorized to issue and receive instructions (in particular if these do not already result from the main contract) and are obligated to notify them of any changes without delay.
- Security concept and related obligations
- The contractor will design the internal organization in his area of responsibility in accordance with the legal requirements and will in particular take technical and organizational measures (hereinafter referred to as „TOMs“) to adequately secure, in particular the confidentiality, integrity and availability of the client’s data , taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of the data subjects and ensure their maintenance (Art. 28 (3) and 32 – 39 in conjunction with Art 5 GDPR). The TOMs include, in particular, access control, access control, access control, separation control and the safeguarding of data subjects rights.
- The TOMs on which this AV contract is based can be found in Appendix 1 „Security concept“. They may be further developed in accordance with technical progress and replaced by adequate protective measures, provided they do not fall below the security level of the specified measures and the client is informed of any significant changes.
- The contractor shall ensure that the persons authorized to process the client’s data are bound to confidentiality and secrecy (Art. 28 (3) Sentence 2 lit. b and 29, 32 Para. 4 GDPR) and comply with the protective provisions of the GDPR have been instructed or are subject to an appropriate statutory duty of confidentiality.
- The data as well as data carriers and all copies made thereof remain the property of the client, are to be kept safe by the contractor, protected against access by unauthorized third parties and may only be destroyed with consent of the client, and then only in accordance with data protection regulations. Copies of data may only be made if they are necessary for the fulfilment of the Contractor’s main and ancillary performance obligations towards the Contractor (e.g. backups).
- If required by the GDPR or supplementary, in particular national regulations, the Contractor shall appoint a data protection officer in accordance with the statutory requirements and inform the Client accordingly (Art. 37 to 39 GDPR). Data protection officer of the contractor: Ralph Ohler
- Information obligations and cooperation obligations
- The rights of those affected are to be exercised vis-à-vis the client, whereby the contractor hereby indemnifies the client in accordance with Article 28 Paragraph 3 Sentence 2 GDPR and, in particular, informs him about the inquiries he receives from those affected.
- The client must inform the contractor immediately and in full if he discovers errors or irregularities with regard to the processing of the data with regard to compliance with the provisions of this AV contract or relevant data protection.
- In the event that the contractor discovers facts which justify the assumption that the protection of the data processed for the client has been violated, the contractor must inform the client immediately and in full, immediately take the necessary protective measures, and to support the fulfillment of the obligations incumbent on the client in accordance with Articles 33 and 34 GDPR.
- Should the security of the customer’s data be endangered by measures taken by third parties (e.g. creditors, authorities, courts, etc.) (seizure, confiscation, insolvency proceedings, etc.), the contractor will inform the third party immediately inform that the sovereignty and ownership of the data lies exclusively with the customer and, after consultation with the customer, if necessary, take appropriate protective measures (e.g. objections, applications, etc.).
- The contractor will inform the client immediately if a supervisory authority becomes active in relation to the contractor and their activities may affect the data processed for the The contractor supports the client in fulfilling his obligations (in particular to provide information and to tolerate controls) towards supervisory authorities (Article 31 GDPR).
- The contractor shall provide the client with information regarding the processing of data within the scope of this AV contract, which is necessary for the fulfillment of legal obligations (including, in particular, inquiries from those affected or authorities and compliance with his accountability obligations in accordance with 5 (2) GDPR, as well as the implementation of a data protection impact assessment pursuant to Art. 35 GDPR) are available if the client cannot obtain this information himself. The information must be available to the contractor and does not have to be obtained from third parties, whereby employees, agents and subcontractors of the client are not considered third parties.
- If the provision of the necessary information and the cooperation go beyond the contractors obligation to perform under the main contract and is not due to misconduct on the part of the contractor, the customer must compensate the contractor separately for the additional expenses incurred as a result.
- Control Powers
- The client has the right to monitor compliance with the legal requirements and the provisions of this AV contract, in particular the TOMs, at the contractor at any time to the required extent (Article 28 (3) (h) GDPR).
- On-site inspections are carried out within normal business hours, are to be reported by the client within a reasonable period of time (at least 14 days, except in emergencies) and are to be supported by the contractor (e.g. by providing personnel).
- The controls are limited to the necessary framework and must be based on the contractor’s trade and business secrets and the protection of personal data of third parties (e.g. other customers or employees of the contractor) into consideration. Only competent persons who can identify themselves and who are sworn to secrecy with regard to the company and business secrets and processes of the contractor and personal data of third parties are permitted to carry out the inspection.
- Instead of the inspections and on-site controls, the contractor may ask the client for an equivalent control by independent third parties (e.g. neutral data protection auditors), compliance with approved rules of conduct (Article 40 GDPR) or suitable data protection or IT security certifications according to Art. 42 GDPR. This applies in particular if trade and business secrets of the contractor or personal data of third parties would be endangered by the controls.
- If the toleration and participation in the controls or adequate alternative measures by the client go beyond the contractor’s obligation to perform under the main contract and are not based on misconduct on the part of the contractor, then the client has the contractor to remunerate the resulting additional expenses separately.
- If the processor uses the services of a sub-processor (i.e. subcontractor or subcontractor) to carry out certain processing activities on behalf of the client, then it must impose the same data protection obligations on the sub-processor by means of a contract or other legal instrument permitted under the GDPR to which the contractor has committed himself in this AV contract (in particular with regard to following instructions, complying with the TOMs, providing information and tolerating controls). Furthermore, the contractor must carefully select the sub- processor, check its reliability and monitor it as well as its compliance with contractual and legal requirements (Art. 28 Par. 2 and 4 GDPR).Irrespective of any restrictions imposed by the main contract, the client expressly agrees that the contractor may use sub-processors within the scope of order processing.
- The subcontracting relationships that already exist at the time of the conclusion of this AV contract are specified by the contractor in Appendix 2 „Subcontracting relationships“ and are deemed to have been approved by the contractor.
- The contractor informs the client about changes in the sub-processors that are relevant for the order processing. The client will only exercise its right to object to the changes or new sub- processors in accordance with the principles of good faith, reasonableness and equity.
- Contractual relationships in which the contractor uses the services of third parties as a purely ancillary service in order to carry out his business activities (e.g. cleaning, security or transport services) do not constitute subcontracted processing within the meaning of the above provisions of this AV- Nevertheless, the processor must ensure, for example through contractual agreements or notices and instructions, that the security of the data is not endangered and that the specifications of this AV contract and the data protection regulations are observed.
- Processing in third countries
- The provision of the contractually agreed data processing takes place exclusively in a member state of the European Union or in another state party to the Agreement on the European Economic Area (EEA).
- Order processing in a third country, also by subcontractors, requires the prior consent of the client and may only take place if the special requirements of Art. 44 et seq Union or the Member States to which the contractor is subject; in such a case, the contractor shall notify the client of these legal requirements prior to processing, unless the relevant law prohibits such notification due to an important public interest (Article 28 (3) sentence 2 lit. a GDPR).
- The client’s consent to processing in a third country applies with regard to the provisions in Annex 2 „Subcontracting“ mentioned processing as granted.
- Duration of the contract, contract termination and data deletion
- This AV contract becomes valid upon its conclusion, is concluded for an indefinite period and ends at the latest with the term of the main contract.
- The contracting parties reserve the right to extraordinary termination, particularly in the event of a serious violation of the provisions of this AV contract and applicable data protection law. Of the extraordinary termination must in principle be preceded by a warning of the violations with a reasonable period of time, although this is not necessary if it is not to be expected that the violations complained about will be remedied or if they are so serious that adherence to the AV contract of the terminating contracting party is not reasonable.
- After completion of the provision of the processing services within the framework of this AV contract, the contractor will all personal data and their copies (as well as all documents in connection with the contractual relationship, created processing and utilization results and databases), either delete or return them at the discretion of the client, unless there is an obligation to store the personal data under Union law or the law of the Member States (Article 28 (1) sentence 2 lit. g GDPR ). The objection of a right of retention is excluded with regard to the processed data and the associated data carriers. With regard to the deletion or return, the customer’s rights to information, proof and control apply in accordance with this AV contract.
- Otherwise, the obligations from this AV contract with regard to the data processed in the order remain in force even after the AV contract has ended.
- If the deletion or the return of the data goes beyond the contractor’s obligation to perform under the main contract and is not based on misconduct on the part of the contractor, then the client must separately charge the contractor for the additional costs incurred as a result reward.
- The remuneration agreed under this AV contract also includes an expense allowance for the working hours of the personnel used by the contractor as well as necessary expenses (e.g. travel or material costs). If possible, foreseeable and reasonable, the contractor shall notify the customer of the amount of the remuneration by way of a proper estimate.
- The amount of the remuneration is determined by the main contract. If the main contract does not contain any relevant remuneration regulations for the AV contract or correspondingly applicable rates for services, the usual rates of the contractor apply or, if these cannot be determined, the rates customary in the industry.
- For compensation for damage suffered by a data subject due to data processing or use that is inadmissible or incorrect under data protection laws in the context of in the internal relationship with the contractor, the customer alone is responsible to the person concerned.
- The contracting parties release themselves from liability if one of the contracting parties proves that they are in no way responsible for the circumstance that caused the damage to a person concerned.
- Final Provisions, Ranking, Amendments, Form of Communication, Choice of Law, Place of Jurisdiction
- Changes, ancillary agreements and supplements to this AV contract and its appendices require a written agreement and the express reference to the fact that it is a matter of an amendment or supplement to this AV contract. This also applies to the waiver of this form requirement.
- This AV contract only obliges the contractor to the extent that this is necessary to fulfill the legal obligations, in particular according to Art. 28 et seq contractor has no further obligations beyond this.
- Subject to an obligation to the written form in this AV contract and in the main contract, the communication between the contractor and the client within the framework of this AV contract (especially with regard to instructions and the provision of information) takes place at least in text form (e.g. e-mail). A lesser form (e.g. verbal) may be permissible under the circumstances instead of the text form (e.g. in an emergency situation), but must be confirmed immediately, at least in text If the written form is required, the written form within the meaning of the GDPR is meant.
- The law of the Federal Republic of Germany The exclusive place of jurisdiction for all disputes arising from or in connection with this AV contract is the registered office of the contractor, provided that the customer is a merchant, a legal entity under public law or a special fund under public law or the customer is not in the Federal Republic of Germany place of jurisdiction. The contractor reserves the right to assert his claims at the legal place of jurisdiction.
Place, date, signature of client
Place, date, signature contractor
Order to process personal data
Appendix 1 – Security Concept
Technical and organizational measures in accordance with Art. 32 GDPR
Basic measures that serve to protect the rights of those affected, immediate response in emergencies, the specifications of the technology design and data protection at employee level:
- There is an internal data protection management system, compliance with which is constantly monitored and evaluated as required and at least every six months.
- There is a concept that guarantees the protection of the rights of those affected (information, correction, deletion or restriction of processing, data transfer, revocation and objections) within the statutory periods. It includes forms, instructions and implemented implementation procedures as well as the designation of the persons responsible for implementation.
- There is a concept that guarantees an immediate reaction to violations of the protection of personal data (testing, documentation, reporting) in accordance with the legal requirements. It includes forms, instructions and implemented implementation procedures as well as the designation of the people responsible for implementation.
- The protection of personal data is carried out taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risks associated with the processing for the rights and freedoms of natural persons already taken into account during the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection- friendly default settings (Article 25 GDPR).
- The software used is always kept up to date, as are virus scanners and firewalls.
- With regard to data protection, employees are sworn to secrecy, taught and instructed, and are made aware of possible liability If employees work outside of the company’s internal premises or use private devices for operational activities, there are special regulations to protect the data in these constellations and to secure the rights of clients for order processing.
- The keys, access cards or codes issued to employees, as well as authorizations granted with regard to the processing of personal data, will be confiscated or revoked after they leave the company or change responsibilities.
- The cleaning staff, security guards and other service providers who are used to fulfill sideline tasks are carefully selected and it is ensured that they observe the protection of personal data.
- access control
- Access regulations for non-employees
- Access Control / Access Control
- Firewalls (hardware/software). Always
- up-to-date virus protection. Always up-
- to-date software versions.
- Authorization/authentication concepts with access regulations limited to the bare minimum.
- Minimum password lengths and password managers.
- Proper destruction of media.
- disclosure control
- Encryption of data carriers and connections. Dedicated
- sharing permissions.
- input control
- Logging of data entry, changes and deletions.
- Storage of forms from which data has been transferred to automated processing. Assignment of rights to enter, change
- and delete data based on an authorization concept.
- order control
- Selection of contractors based on due diligence aspects.
- Availability Control/ Integrity
- Constantly controlled backup and recovery concept.
- Guarantee of earmarking/separation requirement
- Logical client separation (on the software side).
Order to process personal data
Appendix 2 – Subcontracting
– No –