Login Software App

Privacy Policy Software

Training Software Lizenz kaufen oder verlängern »

Privacy Policy Software

Technical Notes and Data Protection Information

As of April 2, 2026

The ComplexCore+ Software Application is web-based. Usage is generally possible on any internet-enabled device using individual login credentials. However, due to the extensive exercise library and corresponding screen layout, smartphones and small tablets are less suitable for using the application.

Login

Access to the application is granted via an individual email address and a password chosen by the user.

Database and Shared Use of the Database by Multiple Users

As a contractual partner, you gain access to our complete exercise database. Client data, exercise collections, exercise descriptions, text-based comments, etc., are stored specifically for your use and are accessible only to you and the users you define.

If multiple users, each with their own login credentials, access your database, they all hold the same rights. All users you define will have shared access to all data stored in your customer-specific database, including names, email addresses, stored phone numbers, exercise plans, custom exercises, descriptions, and notes.

Sending Exercise Plans

As a user of the ComplexCore+ Software Application, you have the option to send exercise plans to patients / customers / clients:

  • as a PDF document
  • to the mobile ComplexCore+ application

In both cases, your patient / customer / client will receive a notification via email sent to the email address stored in their client profile. As a software user, you can send an unlimited number of exercise programs and corresponding email notifications directly from the software application.

The automated and secure delivery of a large number of emails is technically only possible through the integration of highly specialized international service providers.

Emails are sent from the sender address training@complexcore.at, with the name stored in your user profile appearing as the sender for your patients / customers / clients.

If the recipient replies using standard email functions (such as “reply” or “reply all”), the response will be sent directly to the email address stored in your profile. The data processor is not involved in this correspondence.

Data Protection Information – Excerpt

Due to the purpose of the software application, the processing of personal data is possible. Only the datasets provided by you as the customer and data controller are processed. These include:

  • Name and email address (if used / entered)
  • Exercise collections and descriptions, exercise definitions and additional texts entered by you.
  • Note: A phone number is not required for any technical process and is therefore only stored and made available within the client data you enter; it is not otherwise processed.

The ComplexCore GmbH is acting as a data processor.

Data Confidentiality

The data processor ensures that individuals authorized to process personal data are bound by confidentiality and secrecy obligations. This obligation remains in effect even after the end of a contractual relationship and is only lifted by legal requirements or court orders.

Security, Technical and Organizational Measures (TOM)

The data processor implements all technical and organizational measures required under Article 32 of the GDPR. The data processor guarantees compliance with the obligations defined in data protection laws and also ensures support for the data controller in fulfilling these legal requirements.

Sub-Processors

The data processor is authorized to engage subcontractors to fulfill contractual obligations to users / customers within the scope of the ComplexCore+ Software Application. Specifically, these include:

  • IoT Internet of Things GmbH, Münchner Bundesstraße 8/2, 5020 Salzburg, Austria
  • Mandrill (Mailchimp Transactional), ein Dienst von Rocket Science Group LLC, Atlanta, USA

Tracking

Server

Log data is stored on the server for diagnostic purposes. These general diagnostic data are essential for troubleshooting and resolving potential errors. Beyond this, no user-specific data is stored. There are no user statistics or profiling activities.

Automated Email Tracking

Tracking is applied to emails sent via the ComplexCore+ Software Application. The following data are recorded:

  • Recipient’s email address, date and time of sending, delivery status (delivered, soft bounce, or hard bounce)

For email distribution, ComplexCore GmbH uses a specialized third-party provider to ensure the technical and legal reliability of this service, even for large volumes. The provider is Mandrill, an email transaction service from Mailchimp.

Due to the use of the Mandrill service, data is transferred by The Rocket Science Group LLC to a recipient in the USA. This transfer is based on an adequacy decision and the recipient’s registration under the EU-US Data Privacy Framework (see: Data Privacy Framework Certification (EU-US, Swiss-US) | Intuit, https://www.intuit.com/privacy/statement/data-privacy-certification/).

Tracking is conducted to fulfill the contractual obligations of the data processor toward software users / customers (e.g. proof of email delivery, troubleshooting in case of complaints) and based on the legitimate interest of the data processor (e.g., detection and management of potential misuse, system functionality monitoring).

The data processor guarantees that these data will neither be read nor used beyond their specified purpose. In particular, the data processor will never contact the patients / customers / clients of software users (data controllers), except in cases mandated by legal regulations or court orders.

There is no profiling.

Data is stored for 30 days, after which it is automatically deleted. Recovery of the deleted data is not possible for the data processor. After this period, inquiries or complaints related to sent emails can no longer be processed.

Further Information, Questions, and Complaints

For further information, questions or complaints, please contact:

Competent Authority for Complaints:

Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Barichgasse 40-42, 1030 Wien, Österreich
dsb@dsb.gv.at