UnterweisungsPortal Logo
Privacy Policy

1. Controller

Entnerprises e.U.
Dr. Thomas Entner
Georgistraße 141
1210 Wien
Austria
E-Mail: info@unterweisungsportal.com

2. Data Collection on the Website

2.1 Server Logs

When you visit and access our website, your IP address, as well as the start and end of the session, is recorded for the duration of that session (timestamp). This is technically necessary and represents a legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR. Unless otherwise specified below, we do not process this data further.

Data processed:

  • IP address
  • Browser type and version
  • Operating system
  • Referrer URL (previously visited page)
  • Date and time of access

Storage duration: 7 days

2.2 Cookies

Our website uses technically necessary cookies to enable the functionality of the application. These cookies do not collect personal data and are automatically deleted when you close your browser (session cookies) or after a maximum of one year.

Cookies used:

  • Theme preference (light/dark mode)
  • Language selection
  • Session management

Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest)

3. Data Collection When Using the Application

3.1 User Data (Admin/HR/Auditor)

When you register for UnterweisungsPortal or are invited by a SuperAdmin, we collect the following data:

  • Name
  • Email address
  • Password (encrypted)
  • Role (Admin, HR, Auditor)
  • Tenant assignment

Purpose: Provision of the application, user authentication, role-based access control
Legal basis: Art. 6 Para. 1 lit. b GDPR (contract fulfillment)
Storage duration: Duration of the business relationship + statutory retention periods

3.2 Employee Data

For training management, the following employee data is processed:

  • Name
  • Email address
  • Department
  • Language
  • Group assignments

Purpose: Training management, assignment of courses, generation of certificates, fulfillment of training obligations
Legal basis: Art. 6 Para. 1 lit. b GDPR (contract fulfillment), Art. 6 Para. 1 lit. c GDPR (legal obligation)
Storage duration: Configurable (default: 5 years after soft-delete)

3.3 Training Data

During course participation, the following data is processed:

  • Course progress (PDF pages viewed)
  • Quiz answers
  • Quiz attempts and results
  • Completion date and time
  • Generated certificates

Purpose: Evidence of training, legal documentation, compliance audits
Legal basis: Art. 6 Para. 1 lit. c GDPR (legal obligation), Art. 6 Para. 1 lit. b GDPR (contract fulfillment)
Storage duration: Statutory retention periods (typically 5-7 years depending on industry)

3.4 Email Logs

For the purpose of sending training invitations and reminders, we log:

  • Recipient email address
  • Email type (invitation, reminder, certificate)
  • Sending date and time
  • Delivery status

Purpose: Documentation of email communications, error analysis, compliance
Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest)
Storage duration: Duration of the business relationship + 1 year

3.5 SMTP Credentials

Tenant-specific SMTP credentials (for email sending) are stored encrypted in the database.

Legal basis: Art. 6 Para. 1 lit. b GDPR (contract fulfillment)
Storage duration: Duration of the business relationship

4. Recipients of Data

Your data may be passed on to the following recipients:

  • Hosting provider: For providing the application infrastructure
  • Email service provider: For sending training invitations and reminders (if external SMTP is used)
  • Payment service providers: For processing subscription payments

All service providers are carefully selected and contractually obligated to comply with data protection regulations (data processing agreements pursuant to Art. 28 GDPR).

5. Third Country Transfers

Data is processed exclusively within the EU/EEA. Third country transfers only occur if explicitly agreed upon (e.g., for on-premise installations) and are secured by appropriate safeguards (standard contractual clauses, adequacy decisions).

6. Your Rights

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): Information about the data stored about you
  • Right to rectification (Art. 16 GDPR): Correction of incorrect data
  • Right to erasure (Art. 17 GDPR): Deletion of your data (if no legal retention obligations exist)
  • Right to restriction (Art. 18 GDPR): Restriction of data processing
  • Right to data portability (Art. 20 GDPR): Receipt of your data in a machine-readable format
  • Right to object (Art. 21 GDPR): Objection to data processing based on legitimate interest

To exercise your rights, please contact: info@unterweisungsportal.com

7. Right to Lodge a Complaint

If you believe that the processing of your data violates data protection law, you have the right to lodge a complaint with the competent supervisory authority:

Austrian Data Protection Authority:
Barichgasse 40-42
1030 Wien
Austria
Website: www.dsb.gv.at

8. Automated Decision-Making

UnterweisungsPortal does not use automated decision-making or profiling pursuant to Art. 22 GDPR.

9. Data Security

We use state-of-the-art technical and organizational measures to protect your data from unauthorized access, loss, or misuse:

  • SSL/TLS encryption for data transmission
  • Encrypted storage of passwords (bcrypt)
  • Regular security updates and backups
  • Access controls and audit logs
  • Tenant isolation (multi-tenancy)

10. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in our data processing practices or legal requirements. The current version is always available on our website. Significant changes will be communicated to you.

Last updated: 1/3/2026

Privacy Policy | UnterweisungsPortal