Privacy policy

This English translation is provided for convenience only. The German version of this document is the legally binding version.

Version: June 2026

Protecting your personal data is important to us. We process your data exclusively on the basis of the statutory provisions, in particular the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and the Austrian Telecommunications Act 2021 (TKG 2021).

This privacy policy informs you about the nature, scope and purpose of the processing of personal data in connection with the use of our platform “Healthcare Channel”.

1. Controller

The controller responsible for data processing is: Knowledge enables – Gemeinschaft für interdisziplinäre Forschung zur Förderung von zeitgemäßer Gesundheitskompetenz, Mariahilferstraße 1, 8020 Graz, Austria. ZVR number: 1662620293. Email: info@healthcare-channel.eu

2. Purposes of data processing

We process personal data in particular for the following purposes: providing and operating the platform · managing user accounts · providing e-learning offerings · handling course bookings and contract fulfilment · payment processing · communicating with users · sending transactional emails and newsletters · providing the therapist finder · IT security and abuse prevention · analysing and improving our offering.

3. Legal bases

We process personal data on the following legal bases: Art. 6(1)(a) GDPR (consent); Art. 6(1)(b) GDPR (contract performance and pre-contractual measures); Art. 6(1)(c) GDPR (legal obligations); Art. 6(1)(f) GDPR (legitimate interests).

Our legitimate interests include in particular: ensuring IT security · preventing abuse and fraud · the technical stability of the platform · error analysis · further development of our offering.

4. Hosting and technical infrastructure

Our platform is operated on servers of Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany. As part of the hosting, personal data required for the technical operation of the website is processed. This includes in particular: IP address, date and time of access, browser information, operating system, pages accessed, technical error messages. The legal basis is Art. 6(1)(f) GDPR.

5. Server log files

When you visit our website, information is automatically stored in server log files. This includes in particular: IP address, date and time of access, browser type, browser version, operating system, referrer URL, pages accessed. The processing serves to ensure system security, analyse errors and prevent abuse. Log data is generally stored for a maximum of 7 days and then deleted, unless longer retention is required to investigate security incidents. The legal basis is Art. 6(1)(f) GDPR.

6. User account and registration

Creating a user account is required to use certain functions. In doing so, we process in particular: name, email address, password hash, account status, security information (e.g. two-factor authentication). The processing is carried out for pre-contractual measures and contract performance pursuant to Art. 6(1)(b) GDPR.

7. E-learning and course management

When you use our e-learning offerings, we process data required to provide and manage the courses. This includes in particular: booked courses, course progress, completed lessons, participation history, issued certificates or confirmations of participation. The processing is carried out for contract performance pursuant to Art. 6(1)(b) GDPR.

8. Therapist finder

The therapist finder serves to publish profiles of therapists. Only data provided or released by the respective therapists is processed. This may include in particular: name, professional title, practice address, contact details, profile photo, description of the practice, services offered. Only data whose publication has been expressly approved is published. The profiles are publicly accessible. The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(a) GDPR respectively.

9. Contact

If you contact us, for example by email or via the contact form, we process the data you provide in order to handle your enquiry. This includes in particular: name, email address, telephone number (if provided), message text. The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR respectively.

10. Newsletter

If you subscribe to our newsletter, we use your email address to send you information about our offerings and activities. Registration uses a double-opt-in procedure. The legal basis is your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future.

11. Email service provider Brevo

We use Brevo (Sendinblue GmbH), Köpenicker Straße 126, 10179 Berlin, Germany, to send newsletters and transactional emails. A data processing agreement pursuant to Art. 28 GDPR has been concluded with Brevo. Further information: https://www.brevo.com/de/legal/privacypolicy/

12. Payment processing via Stripe

We use Stripe Payments Europe Ltd., Ireland, and affiliated companies of the Stripe group for payment processing. During payment processing, the following data in particular is processed: name, email address, billing data, payment information, transaction data. Payment data is entered exclusively on the payment pages provided by Stripe. We do not store complete credit card information. The legal basis is Art. 6(1)(b) GDPR. Further information: https://stripe.com/privacy

13. Cookies

Our website uses technically necessary cookies. These include in particular: “__Host-authjs.* / __Secure-authjs.*” — login, session, security; “hcc_cookie_consent” — storage of your cookie consent. These cookies are required for the operation of the platform. The legal basis is § 165(3) TKG 2021 and Art. 6(1)(f) GDPR.

14. Google Analytics 4

We use Google Analytics 4 exclusively after your express consent. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics is only activated if you expressly agree in the cookie banner. Without consent, no analysis takes place and no analytics cookies are set.

The following data in particular is processed: page views, device information, browser information, approximate location data, usage behaviour. IP anonymisation is enabled. No health data, course content or payment information is transmitted to Google Analytics. The legal basis is Art. 6(1)(a) GDPR. You can withdraw your consent at any time via the cookie settings.

15. Data transfers to third countries

Some of the service providers we use may process personal data outside the European Economic Area (EEA). This applies in particular to Google Analytics and Stripe. Where data is transferred to the USA, this is done on the basis of the EU-US Data Privacy Framework and — where required — additional Standard Contractual Clauses of the European Commission.

16. MapTiler

We use MapTiler AG, Höschgasse 110, 8008 Zurich, Switzerland, for geo and map functions in the therapist finder. The processing takes place server-side. Switzerland has an adequate level of data protection recognised by the European Commission.

17. Retention periods

We store personal data only for as long as is necessary for the respective purposes or as long as statutory retention obligations exist. In particular: tax- and accounting-relevant records for 7 years; contract-relevant data in accordance with statutory limitation periods; server log files generally for a maximum of 7 days; newsletter data until consent is withdrawn.

18. Your rights (rights of data subjects)

You have the right at any time to: access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), objection (Art. 21 GDPR) and withdrawal of consent you have given (Art. 7(3) GDPR). To exercise your rights, you can contact us at any time at info@healthcare-channel.eu. We generally process such requests within the statutory deadlines.

19. Right to lodge a complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with the competent supervisory authority: Austrian Data Protection Authority (Datenschutzbehörde, DSB), Barichgasse 40–42, 1030 Vienna, Austria. Website: https://www.dsb.gv.at

20. Children and minors

Our offerings are directed exclusively at adults. We do not knowingly collect personal data from persons under 18 years of age. If we become aware that personal data of minors has been processed, it will be deleted immediately.

21. Changes to this privacy policy

We reserve the right to amend this privacy policy where this becomes necessary due to technical, legal or organisational changes. The current version published on our website applies in each case.