Privacy statement

The operators of these sites take the protection of your personal data very seriously. We treat your personal data confidential and according to the legal data protection rules as well as this privacy statement.

Scope of application

This privacy statement informs you about the nature, extent and scope of the collection and use of personal data by the website provider CL:CasaLinguae e.U. – Strohberggasse 15/1/5, 1120 Vienna or Mozartgasse 4/2, 1040 Vienna – – +43 699 11 959 333 and the linked websites, functions and contents as well as our social media profile.

Responsible person

CL: CasaLinguae e.U.
Mozartgasse 4/2
1040 Vienna
Phone: +43 699 11 959 333

Access data/server logfiles

CL: CasaLinguae e.U. (or rather the webspace provider) collects data on every access to the offer (so called server logfiles).

These access data include:

* Name of the requested website, file, date and time of access
* Data volume transferred
* Notification on successful access
* Type of browser besides version, operating system of the user
* Referrer URL (the website visited before)
* IP-address and the requesting provider

CL: uses the log data only for statistical evaluations for the purpose of the operation, security and optimization of the offer. CL: however, reserves itself the right to verify the log data subsequently if due to concrete evidence a justified suspicion referring to an illegal use may arise.

Types of processed data: 

  • Inventory data (title, first name and surname, profession, social security number, office and/or home address), eventually billing address
  • Contact data (phone number, fax, e-mail address)
    • In case of corporate courses: name of company, contact persons including contact data, eventually title, first name and surname of employees registered by the company

Purpose of data processing

The above-mentioned types of data are processed for the purposes listed below:

  • Preparation of offers
  • Organisation (registration confirmation, information on courses/training sessions, settlement of course fees, inclusion in a list of participants)
  • Fulfilment of legal documentation and reporting duties vis-á-vis third parties (tax and duties)

Safety measures

Ferner berücksichtigen wir den Schutz personenbezogener Daten bereits bei der Entwicklung, bzw. Auswahl von Hardware, Software sowie Verfahren, entsprechend dem Prinzip des Datenschutzes durch Technikgestaltung und durch datenschutzfreundliche Voreinstellungen berücksichtigt (Art. 25 DSGVO). (dt. Satz prüfen) Subject to art. 32 of the GDPR we take adequate technical and organizational measures under consideration of the state of the art, implementation costs and type, scope, circumstances and purpose of data processing as well as different probabilities of occurrence and the gravity of risks relating to the rights and freedoms of private individuals to ensure an adequate level of protection against the respective risk. The measures include in particular the protection of confidentiality, integrity and availability of data through the control of physical access to these data as well as the input, forwarding, protection of availability and their separation. Furthermore, we implemented procedures which ensure the perception of rights of persons concerned, the cancellation of data and the reaction on data endangerment. Furthermore, we take the protection of personal data into account already at the development, the acquisition of hardware, software as well as the procedures according to the principle of data protection via the choice of technical solutions and through data protection-friendly default settings (art. 25 of the GDPR).

Handling of personal data

Personal data contain information with which a person can be identified, i.e. data which help you to track a person. These data include name, email address or phone number. But also data concerning preferences, hobbies, memberships or any information about websites visited by a certain person, are part of these personal information.

Personal data are collected, used and forwarded by CL: only if this is permitted by law or the user gave his/her authorization to process these data.

Cooperation with processors and third parties

If in the framework of our processing procedure personal data are disclosed vis-á-vis other persons and companies (processors or third parties), transferred to these or if access to these information is given in any other way, this will take place only on the basis of a legal permission (for example if the transmission of the data to third parties such as payment providers is necessary for the fulfilment of the contract according to art. 4 clause 1 lit. b of the GDPR), if you agreed, if a legal obligation allows for it or on the basis of our legitimate interests (for example in case of the assignment of authorized persons, web host etc. )

If we assign the data processing to third parties on the basis of a so-called “order processing contract” this will take place based on art. 28 of the GDPR.

Transmission to third countries

If we process any personal data in a third country (that means outside of the European Union or rather the European Economic Area or if this takes place in the framework of the use of services from third parties or the disclosure or transmission of personal data to third parties, this will happen only if carried out for the fulfilment of our pre-contractual obligation, on the basis of your permission, because of any legal obligations or on the basis of our legitimate interests. Subject to legal or contractual permissions we process or give the permission to process personal data in third countries only in case of the presence of the specific terms of art. 44 seqq. of the GDPR. That means the processing is carried out for example on the basis of particular guarantees such as the officially recognized definition of a data protection level equal to the one of the EU (for example for the US through the “Privacy Shield”) or the observance of officially recognized specific contractual obligations (so called standard contractual clauses).

Establishment of contact

When establishing the contact with CL: (for example via contact form, email or social media channels) the data of the user will be processed in order to process the request as well as for of further questions. The data provided by the user can be saved in a Customer Relation Management System (CRM).

Newsletter shipping provider

With the newsletter we want to inform you about us and our offer.

If you wish to receive the newsletter, we need a valid email address as well as an information that enables us to verify that you are the owner of the provided email address or rather the possibility to verify that the owner agrees to receive the newsletter. Further data will not be collected. These data will be used only for sending the newsletter and will not be forwarded to any third party.

After registration you will receive an email in which you will be asked to confirm your subscription. This confirmation is necessary so that no one can register with another email address. The subscription to the newsletter will be logged in order to proof the subscription process according to legal requirements. This includes the storage of the subscription and confirmation time as well as the IP address. Likewise, any amendments to the data stored with your shipping provider are logged.

Double-Opt-In and logging: the subscription to our newsletter takes place via a so-called double-opt-in procedure.

Your consent related to storing your data, your e-mail address as well as the use of such data for sending our newsletter may be revoked at any time. The revocation can be carried out via a link in the newsletter, in your profile area or via a notification, send to the above provided contact address.

The transmission of the newsletter takes place via the shipping provider “MailChimp” a newsletter transmission platform of the US provider Rocket Science Group LLC 675 Ponce De Leon Ave NE # 5000, Atlanta GA 30308, USA: The data protection regulations of the shipping provider are available here : The Rocket Science Group LLC d/b/a Mail Chimp is certified below the Privacy-Shield agreement and thereby offers a guarantee to respect the European data protection level. (

Newsletter – performance measurement

The newsletters contain a so-called “web-beacon”, that means a pixel-sized file which is retrieved from our server or rather in case we use a shipping provider, from his server when opening the newsletter. In the framework of this request first technical data such as any information about the browser and your system as well as your IP-address and the access time will be collected.

This information is used to technically improve our services by means of technical data or improve the service for our target groups and their reading behaviour by receiving information on their places of access (which can be determined by means of the IP address) or by determining their access times. The statistical data include also the verification whether the newsletter was opened or not, when it was opened, and which links were opened. This information can be assigned to the single newsletter recipients. However, it is not our goal nor the goal of the shipping provider, if there is any, to control single users. The evaluation is used primarily to identify the reading behaviour of our users and to adapt our contents to it or send different contents according to the interests of our users.

Integration of services and contents from third parties

It may be the case that in these online offers contents of third parties such as for example YouTube videos, map data from google maps, RSS-feeds or graphics from other websites will be included. This always assumes that the providers of these contents (hereinafter referred to as “third party provider”) will be aware of the IP address of the user. Because without the IP address they would not be able to send the contents to the browser of the corresponding user. The IP address is hence necessary to display these contents. We aim at using only those contents whose corresponding provider uses the IP address only to deliver the contents. However, we have no influence over whether the third-party providers save the IP address for example for statistical purposes. As far as we know, we inform our users about it.


Cookies are small files which render it possible to save specific information referred to the device on the access device of the User (PC, smartphone or similar). On one hand the improve the user-friendliness of websites and thus offer a benefit for the users (for example the storage of login data). On the other hand, they are used to collect statistical data of the website usage and analyse them in order to improve the offer. The users can influence the use of cookies. Most browsers dispose of an option with which the storage of cookies can be restricted or completely prevented. However, we point out that the use and in particular the user comfort is restricted without cookies.

You can administer many corporate online ads cookies via the US American website / or the EU website


The data registered in the course of registration (language courses, training and assessments tests) are used for the purpose of using the offer. Users can be informed by e-mail about information relevant to offers or registration, such as changes to the scope of offers or technical circumstances. The data collected can be seen in the input mask during registration. This includes first and last name, postal address, email address and their purpose.

Order processing in the online shop and client account

We process the data of our clients in the framework of the order procedure in our online shop to allow them the selection and ordering of the selected products and services as well as their payment and shipment or execution.

The processed data include inventory data, communication data, contractual data, payment data and the persons concerned are our clients, interested persons and other business partners. The processing takes place for the purpose of the fulfilment of the contractual services within the operation of an online shop, the settlement, delivery and customer service. For this purpose, we place session cookies for the storage of the content of the shopping cart and permanent cookies for the storage of the login status.

The processing takes place on the basis of art. 6 clause 1 lit. b (realization of ordering processes) and c (legally required storage) of the GDPR. In doing so the details marked as necessary for the justification and fulfilment of the contract are required.  We disclose the information vis-á-vis third parties only in the framework of the delivery, payment or in the framework of legal permissions and obligations vis-á-vis legal consultants and authorities. The data will be processed in third countries only if this is necessary for the fulfilment of the contract (for example following a customer request upon delivery or payment).

Users can create a user account where they can display all their orders. In the framework of the registration the necessary compulsory details are communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users cancelled their user account, their data concerning the user account will be cancelled unless their storage is required for commercial and fiscal reasons according to art. 6 clause 1 lit c of the GDPR. Details in the clients account remain there up to their cancellation with the subsequent storage in case of a legal obligation. It is up to the users to store their data upon cancellation before the end of the contractual relationship.

In the framework of the subscription and new registration as well as use of our online services, we save the IP address and the time of the respective user intervention. The storage takes place on the basis of our legitimate interests as well as the user protection against misuse and other unauthorized usages. The transfer of data to third parties does normally not take place, except if required to track our claims or if there is any legal obligation according to art. 6 clause 1 lit c of the GDPR.

The cancellation takes place at the end of legal and comparable guarantees. The necessity of data storage will be verified every three years. In the event of legal storage obligations, the cancellation takes place after their expiry.

Retrieval of profile pictures from Gravatar

We use the service Gravatar of Automattic Inc. 60 29th Street #343, San Francisco, CA 94110, USA in the framework of our online offer and in particular in our blog.

Gravatar is a service where users register and store their profile pictures and their email addresses. If users leave comments or articles on their online presences with their respective email addresses (especially in blogs), their profile pictures can thus be displayed next to the articles or comments. For this reason, the email address communicated by the users is transmitted in an encrypted form to Gravatar in order to verify if there is a stored email address for this profile. This is the only reason to transmit the email address and it is not used for other reasons but cancelled immediately afterwards.

The use of Gravatar takes place on the basis of our legitimate interests in line with art. 6 clause 1 lit. f) of the GDPR since with Gravatar we offer users the possibility to personalize their articles and comments with a profile picture.

By showing the picture Gravatar detects the IP address of the users since this is necessary for the communication between the browser and an online service. More information concerning the collection and use of data by Gravatar can be found in the privacy statement of Automattic:

If users do not want that their picture linked to their email address at Gravatar will be displayed in the comments, they should use an email address to write comments which is not saved at Gravatar. We also point out that it is possible to use an anonymous or no email address at all, if the users do not want that their personal email address is transmitted to Gravatar. Users can completely prevent the transmission of data by not using our comment function.

Data protection information in the application procedure

We process application data only for the purpose and in the framework of application procedures in line with the legal requirements. The processing of application data takes place for the fulfilment of our (pre)contractual obligations in the framework of the application procedure in line with art. 6 clause 1 lit. b. of the GDPR if the data processing is necessary for us for example in the framework of legal procedures.

The application procedure implies that applicants communicate the application details to us. The necessary details of applicants are normally marked in the online form and alternatively result from the description of the position and basically comprise all personal details such as person, post and contact addresses and the documents which form part of the application such as cover letter, CV and certificates. Beside that the applicants can also communicate us additional information if they want.

With the transmission of the application the applicants agree to the processing of their data for the purposes of the application procedure according to the type and extent indicated in this data protection declaration.

If in the framework of the application procedure voluntarily specific categories of personal data are communicated in line with art. 9 clause 1 of the GDPR, its processing takes place additionally according to art.9 clause 2 lit. b of the GDPR (for example health data, such as severe disability or ethnical origin). If in the framework of the application procedure specific categories of personal data are requested from applicants in line with art. 9 clause 1 of the GDPR, their processing takes place additionally according to art. 9 clause 2 lit a of the GDPR (for example health data if these are necessary for the execution of the profession).

Applicants may send us their applications via email. When doing so, however, we ask you to consider that emails will basically not be sent in an encoded form and the applicants must ensure the encryption personally. Hence, we cannot assume any responsibility for the transfer of the application from the sender to the reception on our server and thus advice you to use the postal delivery. Because instead of sending the application via email, the applicants still have the possibility to send the applications via post.

The data made available by applicants, can be further processed by us in case of a successful application for the purpose of the employment relationship. Otherwise, if the application referring to a determined position is not successful the data of the applicant will be deleted. The data of the applicant will also be deleted if an application is withdrawn by the applicant as the person is entitled to at any point in time.

The cancellation takes place, subject to a legitimate revocation by the applicant at the end of the period of six months so to be able to answer to possible further questions regarding the application and to satisfy our burden of proof from the General Equal Treatment Act. Invoices on possible travel cost compensations will be stored according to the fiscal requirements.

Comments and articles

If users write comments or other articles, their IP-address can be saved for 7 days on the basis of our legitimate interests in line with art. 6 clause 1 lit. f. of the GDPR. This is done to protect ourselves if someone writes illegal contents in comments or articles (offenses, forbidden political propaganda etc.). In this case we can be prosecuted personally for such comments or articles and are hence interested in the identity of the writer.

Furthermore, we reserve the right to process the details of the users for spam detection on the basis of our legitimate interests according to art. 6 clause 1 lit f. of the GDPR

The data indicated within the scope of comments and articles will be saved by us permanently until the objection by the user.

Google Analytics

CL: uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “Cookies”, text files which will be saved on the computer of the users and which offer an analysis of the use of the respective website. The information generated via the cookie regarding the use of this website by the users are usually transmitted to a server of Google in the US and saved there.

In case of activation of the IP anonymization on this website, the IP-address of the user will be first shortened by Google within the Member states of the European Union or in other contracting parties to the agreement on the European Economic Area.  Only in exceptional cases will the IP address be transmitted to a server of Google in the US and shortened there. The IP anonymization is active on this website. On behalf of the provider of this website, Google will use this information to assess the usage of the website by its users, to create reports on website activities and to provide further services connected to the website and internet usage.

Die Nutzer können darüber hinaus die Erfassung der durch das Cookie erzeugten und auf ihre Nutzung der Website bezogenen Daten (inkl. Ihrer IP-Adresse) an Google sowie die Verarbeitung dieser Daten durch Google verhindern, indem sie das unter dem folgenden Link verfügbare Browser-Plugin herunterladen und installieren (dt. Satz prüfen): The IP address transmitted from your browser in the framework of Google Analytics will not be joined with other data from Google. The users can prevent the storage of cookies via a respective setting of their browser software; this offer, however, informs the users that in this case they will eventually not be able to use all functions of this website to their full extent. The users can furthermore prevent the collection of data generated through cookies and relating to their use of the website (including the IP address) as well as the processing of this data by Google via the download and installation of the browser plugin available below the following link

Further information on the use of information for marketing purposes via Google, setting and possibilities to object are available on the Google websites: („How Google uses information from sites or apps which use our services“ “), („How Google uses information for advertising“), („Administer information used by Google to display ads“) and (“Define which ads should be displayed by Google“).

Alternatively, to the Browser-Add-On or in case of browsers on mobile devices, please click on this link to prevent the future data collection by Google Analytics via this website. By doing so an Opt-Out Cookie is saved on your device. If you delete your cookies, you must click on the link again.

Use of Facebook Social Plugins

CL: uses Social Plugins (“Plugins”) of the social network which is operated by the Facebook Ireland Ltd., 4 Grand Canal Square, grand Canal harbor, Dublin 2, Irland (“Facebook”). The plugins can be identified via the facebook logos (white “f” on a blue background, the terms “Like” or the thumbs-up signs) or are marked with the addition “Facebook Social Plugins”. The list and the look of the Facebook Social Plugins is represented here

If a user of a website views this offer which contains such a plugin his browser creates a direct connection to the Facebook server. The content of the Plugin will be directly transferred to your browser by Facebook and from there embedded into the website. Thus, the provider has no influence on the extent of the data which Facebook collects with the help of these plugins and thus informs the user according to the personal state of knowledge:

Through the embedment of Plugins, Facebook receives the information that a user viewed the respective page of a particular offer. If the user is logged in on Facebook, Facebook can assign this visit to the respective Facebook account. If a user interacts with the Plugins, for example by clicking the “Like”- Button or entering a comment, the respective information is directly transmitted from your browser to Facebook and saved there. If a user is not a member of Facebook, however, Facebook has the possibility to find out the IP address and to save it. According to Facebook in Germany only anonymized IP addresses are saved.

The purpose and extent of data collection and the further processing and use of the data by Facebook as well as respective rights and possible settings to protect the privacy of the user, can be found in the privacy statement provided by Facebook:

If a user is a member of Facebook and this person does not want Facebook to collect any data on him via this offer and connect them with the membership data saved on Facebook, he must log out from his Facebook account before visiting the internet site. Further settings and objections concerning the use of data for marketing purposes can be made via the Facebook profile settings:

+1 button of Google+

CL: uses the “+1”-button of the social network Google Plus operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). The button carries the sign “+1” and can be identified by its white or coloured background.

If a user views a website of this offer which contains such a button, the browser establishes a direct connection with the server of Google. The content of the “+1” button will be transmitted directly to its browser by Google and from there embedded into the website. The website provider hence, does not have any influence on the extent of the data which are collected by Google through this button. According to Google no personal data are collected as long as you do not click on this button. Only in case of logged-in members such data, amongst others the IP address, will be collected and processed.

The purpose and extent of the data collection and the further processing and use of data by Google as well as the respective rights and possible settings to protect privacy can be found in the Google privacy information referring to the “+1”- button below: and in the FAQ:


CL: uses website elements ( such as for example buttons or integrated contents of the service Twitter, offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, Ca 94107, USA. With the aid of website elements, it is possible for example to share an article or page of this offer on Twitter or to follow the provider on Twitter. Further contents which can be integrated into the website, are in particular single Tweets.

If a user views a website of this online presence which contains such a website element, his browser establishes a direct connection to the server of Twitter. The content of the website element will be transmitted directly to the browser of the user. The provider, hence, does not have any influence on the extent of data which are collected by Twitter with the help of the website elements and informs the users on the basis of his personal state of knowledge. According to this knowledge only the IP address of the user or rather the URL of the respective website is transferred when using the button, but it is not used for other purposes than the display of the website element.
Further information to this are available in the privacy policy of Twitter at


It is possible to integrate functions and contents of the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA to our online offer. These may comprise for example contents such as pictures, videos or texts and buttons with which users can express that they like the contents or they can follow the author of the contents or subscribe to our posts.  If the users are members of the platform Instagram, Instagram can assign the access to the above-mentioned contents and functions to the profiles of the users there. Privacy statement of Instagram:


Website functions and contents of the service Xing, offered by the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany can be integrated into our website offer. These may comprise for example contents such as pictures, videos or texts and buttons with which users can show if they like the contents, they can follow the authors of the contents or subscribe to our posts. If the users are members of the Xing platform, Xing can assign the access to the above-mentioned contents and functions to the profiles of the users there. Privacy statement of Xing:


Functions and contents of the service LinkedIn, offered by the LinkedIn AG, Dammtorstraße 29-32, 20354 Hamburg, Germany can be integrated into our online offer. These may comprise for example contents such as pictures, videos or texts and buttons with which users can express that they like the contents, follow the author of the contents or subscribe to our posts. If the users are members of the LinkedIn platform, LinkedIn can assign the access to the above-mentioned contents and functions to the profile of the user there. Privacy statement of LinkedIn: is certified under the Privacy-Shield-agreement and thereby offers a guarantee for the compliance with the European privacy law (

Privacy statement:, Opt-Out:


We integrate videos of the “YouTube” platform offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement:, Opt-Out:

Revocations, amendments, rectifications and updates

Upon request the user has the right to receive information free of charge as regards the personal data which were saved. Additionally, the user has the right to rectification of incorrect data, blocking and cancellation of his personal data, unless no legal retention requirement exists.

The legal retention period in Austria amounts to 7 years according to § 132 clause 1 BAO (accounting documents, receipts/invoices, accounts, business documents, lists of revenues and expenditures, etc.), 22 years in case of properties and 10 years in case of documents relating to electronically provided services, telecommunication, radio and TV services which were provided to private individuals in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.

Created with the of RA Dr. Thomas