top of page

Privacy Policy


The Carbon Black Academy, hereafter referred to as "CBA", “we” or “us”, is run and represented by Silvia Wipfler. Our office is located in Austria: Anton-Kleinoscheg-Straße 64C, 8051 Graz. We are the data controller of your data. This policy affects your legal rights and obligations, so please read it carefully. If you have any questions, please contact us at


For purposes of this Agreement, “Site” or “Website” refers to our website, which can be accessed at 


“Service” refers to all services we offer, including specifically, but not exclusively, events, activities, memberships, challenges, promotions, communications, interactive services and content like blog posts. 


“Event Ticket Shop” refers to the section of our Website that allows you to purchase tickets for our events, as well as our event ticket store on


“You” refers to you, as a user of our Site, Event Ticket Shop and/or our Services. 


“Member” refers to a person who creates an account on our website and/or signs up for one of our membership programs. 


“Interactive Services” refer to the services on our website that allow you to create a public profile in the membership area, communicate with other members and share user contributions. 


“User contributions” refer to data you provide that is publicly displayed on our website. Such data may include specifically, but not exclusively images, photos, text, files, comments, feedback, forum and group posts, portfolios, any type of content you create, communications using the chat box and any other interactions with other members, instructors or us using our interactive services. 


“Account”. Unless specified otherwise, “account” refers to a Carbon Black Academy account/membership, which you can create on our website. 


This Privacy Policy applies to data we collect when you access and use our website and services, when you participate in surveys and communicate with us via email, phone, text messages, the chat box on our website and other electronic messages. It also applies to data you share with us when you access and use our website and services; create user contributions; use our interactive services; create an account; subscribe to one of our membership programs, newsletters and marketing communications; purchase tickets; register for events and activities; participate in surveys and challenges and when you communicate with us. 


We collect, process, store and use data when you use our services; access and use our website; create an account; register for events, activities and membership programs; when you contact us; participate in surveys and challenges or provide us with data in any other way. 


We try our best to keep your data secure and we would never sell your personal data. In order to provide you with our services, it is necessary to collect and use certain information. We work with third parties who collect, store and process data on our behalf. We only work with third parties that have high security standards. In the following sections you learn which data we collect, which data you provide us with, who has access to your data, how we store and process it and which 3rd parties we work with to be of service to you and to run our business.



By accessing and using our website and services and by communicating with us you accept this Privacy Policy and our Terms and Conditions, hereby referred to as “T&C”. Furthermore you consent to our collection, storage, usage and disclosure of your personal and non-personal information as described in this Privacy Policy. Your continuous use of this website and our services means that you agree to this policy, even when it is updated. Therefore we suggest reading it periodically, as we may update it from time to time. If you disagree with this Privacy Policy, you are free to refrain from accessing this website, from using our services and from interacting and communicating with us. 



Data is either collected by us, by third parties on our behalf or provided by you. Some data is collected automatically, other information is collected manually. There are various types of data we collect when you access, use and interact with our website, services and when you communicate with us: 


  • “Personal information”

Data by which you can be identified, hereby called “personal information” or “personal data”. Such data may include your name, address, email address, phone number, payment information, age, photos, descriptions, your social media presence, job title, the name of your business etc. In short, any information that can be used to identify you as an individual and that may be used to contact you. 

  • Non-personal information”

Data by which you cannot be identified, hereby called “non-personal information” or “non-personal data”. Such data may include information about the hard- and software you use to access and use this website, our services and to communicate with us; your internet connection; browser and browser settings; referrals; date and time when you access and use this website, our services and when you communicate with us; error messages; traffic data; language; location; logs and how you interact with our website and services. 



You provide us with data when you: 

  • access, use and interact with our website 

  • use our services

  • communicate with us

  • participate in events, activities, challenges and promotions

  • register for events and activities

  • purchase tickets

  • submit survey responses, reviews and testimonials

  • fill in forms 

  • report errors

  • subscribe to newsletters and marketing communications

  • create an account on our website

  • subscribe to/purchase our membership programs

  • use the interactive services on our website

  • create and submit user contributions




5.1 Data we automatically collect when you access our website

You do not need to provide us with any personal information to access our website. However, when you visit our website, we, or third parties on our behalf, automatically collect and store information about your device and your activities. This information could include (a) your device's unique ID number; (b) technical information about your device such as type of device, web browser or operating system; (c) your preferences and settings such as time zone and language; and (d) statistical data about your browsing actions and patterns. Data collected this way cannot be used to identify you. We collect this information using cookies in accordance with the Cookie section of this policy. We use the information we collect on an anonymous basis to improve the services we provide, and for analytical and research purposes. 


In addition to that, we may collect personal information (data by which you may be identified), such as your name and email address. This data is collected to allow autofill features and thus provide you with a better user experience when you access and use our website and services. Such data may be collected by our website provider Wix once you fill in and submit any data on our website, for example by using our contact forms or when you purchase tickets. Allowing our website to use the autofill feature is not mandatory and you can adjust your preferences any time in your browser settings and/or your account settings. Please visit for more information about how they collect, process and store your information on our behalf.

5.2 Cookies

A cookie is a small text file containing a unique identification number that is transferred (through your browser) from a website to the hard drive of your computer. The cookie identifies your browser, but will not let a website know any personal data about you, such as your name and/or address. These files are then used by websites to identify when users revisit that website.

We only place cookies on your computer with your consent. You may refuse to accept cookies, however, you then may not be able access certain parts of our website and the experience of using our website may be different. 

Our website and event ticket shop uses cookies so that we can recognise you when you return and personalise your settings and preferences. Most browsers are initially set up to accept cookies. You can change your browser settings either to notify you when you have received a cookie, or to refuse to accept cookies. Please note that our website and event ticket shop may not operate efficiently if you refuse to accept cookies.

We also use Google Analytics and other analytics like those from our website provider Wix to monitor how the website and our website event ticket shop are used. Google Analytics and Wix collect information anonymously and generate reports detailing information such as the number of visits to the website or event ticket shop, where visitors generally came from, how long they stayed on the website or event ticket shop, and which pages they visited. Google Analytics places several persistent cookies on your computer's hard drive. These do not collect any personal data. If you do not agree to this, you can disable persistent cookies in your browser. This will prevent Google Analytics from logging your visits. 


5.3 Events, activities & tickets

When you register and/or purchase a ticket for an event or activity, we collect personal data including your name, address, email address, phone number and payment information. We use this data to identify you so that nobody else can claim a ticket in your name and to verify payment. We may also collect additional data that is not required for registration, such as your occupation or the name of your company. This information might be printed onto name tags to make it easier for you to network with other attendees during on-site events. Providing us with such additional data is optional and not necessary for purchasing tickets or participating in events or activities.


All personal information you provide to us when you purchase tickets must be true, complete and accurate. If you provide us with inaccurate or false data, or if we suspect or identify fraud, we will record it and may contact authorities and/or exclude you from any present or future events and activities.


In order to collect, store and process your information, we use the services of our website provider Wix. Wix collects, processes and stores said data on our behalf, thus enabling us to provide you with our services. Only administrators have access to that data. 

Please visit to learn more about how they store, process and collect data.  

Some tickets are sold through our online presence on TicketTailor. TicketTailor collets, processes and stores your data on our behalf, thus enabling us to provide you with our services. Only administrators have access to that data. Please visit to learn more about how they store, process and collect data.  


In addition, the payment provider you use for purchasing tickets will also collect, store and process your data. We only have limited access to data concerning your payment information such as your name, payment provider, account/card number and the status of your payment. We never have access to your passwords or your account balance. 

Please visit the websites of your payment provider to learn more about how they store, process and collect data or contact your local bank. 


5.4 Accounts & memberships

5.4.1 Data only we can access 

Data we collect when you create an account and/or subscribe to our membership programs includes your name, email address and your payment information. You may also enter additional information like your address and phone number if you choose to, but it is not necessary for creating an account or signing up to our membership programs. 

The data you submit is collected, processed and stored by our website provider Wix on our behalf. Only our admins have access to that data, it is not made public and cannot be accessed by other members. Please visit to learn more about how they store, process and collect data. 


When you create an account or sign up to one of our membership programs on our website, you can either create a new Carbon Black Academy account using your email address or connect one of your existing 3rd party accounts. 

By creating a Carbon Black Academy account using your email address, you submit your name, email address and a password of your choice. You can then use this account to log in to the membership section on our website. We use a 2-step verification process to ensure that accounts cannot be created accidentally. You will receive a confirmation email asking you to verify the creation of your account. The account will only be created after you have verified it. 


When you connect one of your 3rd party accounts (for example your Facebook or Google account), you can use it to create a Carbon Black Academy account quickly and easily by using credentials you already have. By connecting such a 3rd party account, you agree that this 3rd party account is connected to your Carbon Black Academy account and that the data you submit might be collected, stored and processed by that 3rd party account provider. Before you agree, you will be informed about the data that is collected and the permissions you grant the respective 3rd party. Please note that we have no control over the information this 3rd party collects, how they store and use your data. By connecting a 3rd party account you understand that you do so at your own risk and that you are responsible for your rights and responsibilities regarding the data collected, stored and processed by this 3rd party. 


5.4.2 Data that is publicly visible

By creating an account and subscribing to one of our membership programs (“becoming a member”), you are required to choose a display name (a.k.a. nickname). This display name is publicly visible. You may change it any time in the account settings. Sharing more information than that is not a requirement for being a member and having an account. However, you may upload additional data such as photos, images and a description of yourself to your profile at your own discretion and risk. Such data can be viewed publicly, so be mindful of the data you share. You can edit and delete your membership profile and portfolio in your account settings any time. You may also cancel your membership and delete your account at any given time. 


5.5 User contributions and interactive services

By using the interactive services on our website and by creating, publishing and sharing user contributions, you agree to publicly display data at your own risk. Our interactive services include:  

  • Forums and groups

  • Chat box

  • Membership profiles

  • Portfolios 

  • Streams and other live sessions


Some of these interactive services are only accessible to other members, but please keep in mind that we cannot control the actions of our members and that the data you share with other members or display on our website might be accessed by other parties. By sharing and displaying data and using our interactive services, you agree that all data is published and shared by you at your own risk. 


You may create, publish and share user contributions on our website. User contributions are completely optional and not mandatory for being a member, using our services and accessing or using this website. By sharing user contributions, you confirm that you understand that this data is publicly displayed. We are trying our best to protect your data from any misuse, but we cannot control the actions of other members with whom you may share such data, as well as the actions of parties who access and use our website and thus view and interact with your data. Therefore you agree that you create, publish and share any such data at your own risk. 

You can edit and delete user contributions any time in the respective section of our website (either your account, portfolio or the groups where you shared your data). You may also cancel your membership and delete your account at any given time. 



We use a 2-step verification system for our marketing communications and newsletters. When you opt in to receive marketing communications from us or when you sign up for our newsletter, you automatically receive an email that asks you to accept receiving marketing communications or newsletters from us. Only when you accept do you agree to receive such communications. They may include newsletters, blog posts, surveys and information about our business, website and services, as well as updates concerning them. We retain a record of your consent. If you take no action, you will not receive any such communications whatsoever. Please get in touch with us if you accidentally receive such communications, we will then manually remove you from our subscription lists.

You can choose to no longer receive marketing communications and newsletters any time by contacting us at or by clicking the “unsubscribe” link at the bottom of our email communications. Please note that it may take up to 5 business days for your new preferences to take effect. We shall therefore retain your personal data in our records for marketing purposes until you notify us that you no longer wish to receive marketing emails from us.



When you contact us by email, post or by using the contact forms and chat boxes on our website, we may keep a record of the correspondence in order to be of service to you, for analytical and research purposes and to optimise our services and customer care. Only administrators have access to these communications. Keeping a record of the correspondences with you helps us to improve our services and solve issues quickly.



We try our best to keep your data safe and secure. We use the latest technology, software and keep our devices up to date to ensure that your data is protected from unauthorised access, use, alteration, disclosure and loss. Only our admins and employees have access to your data. In some cases we download, store or print your data for our bookkeeping purposes and to provide you with invoices. If we download such data, we store it securely on our devices. These devices are locked safely in our office and are password protected. Only administrators have access to our devices and we try our best to use the latest software and security practices. 

We may also upload this data to Google Drive, which we use for creating invoices. Our Google account is password protected and only our admins have access to it. If we print any such data, we store it securely in our office. If we destroy such printed data, we use shredders to keep your data safe. We may also share invoices with our accountants for bookkeeping purposes. When we provide you with invoices, we email them to you using our GMail account. You may request invoices by post at your own expense if you prefer that. 

Any payment transactions are encrypted using SSL technology. 

Whenever you are asked to choose a password, you are responsible for choosing a secure password and for keeping it confidential. We never have access to your passwords and we would never ask you to share it with us. Should you receive suspicious communications concerning your account, payment information or passwords, please let us know immediately!


Although we try our best to keep your data safe, no system can be completely secure and the transmission of data via the internet always involves risks. Despite all safety measures, we cannot guarantee that your personal data will always remain completely secure. By using our services, communicating with us or accessing and using our website you acknowledge that you submit data at your own risk. 



We collect, store and process your data for the following purposes:

  • To provide our services

We collect, store and process your data in order to comply with our contractual obligation to deliver our goods and be of service to you.

  • Legitimate interest

We may also collect, store and process your data for our legitimate interests. This includes providing you with any of our services including customer services; to create, maintain and improve our services including our website; to detect and correct errors; to verify your identity and credit; to provide you with invoices; to protect our business, data and intellectual property; to protect the data of our users, customers and business partners; to promote our services and business; to enforce the terms of any other agreement between us; for regulatory and legal purposes; for audit purposes and to contact you about changes to this policy.

  • As required by law

We may collect, store, process and share your data when we are required to do so by law. Reasons can be to comply with legal regulations, inspections and other requests from the Austrian government or other authorities; to protect our business and interests as well as those of our customers, users, partners and affiliates; to respond to legal proceedings, claims or complaints; or to detect and prevent fraud and crimes. 



In order to run our business and be of service to you, it is necessary for us to use the services and technologies of third parties. They collect, store and process data on our behalf. We do not sell, share or disclose your data in any other way and to any other party than those described in this policy. 


We may share your data with: 

  • Affiliates

  • Partners

  • Instructors 

  • Third parties who critique your work 

  • Members (since they can see your membership profiles)

  • Other students (e.g. when you work on group projects and you share sketches)

  • Service providers, sub-contractors and agents that we may appoint to perform services on our behalf and in accordance with our instructions

  • Payment providers

  • Event ticket providers

  • Email communication providers

  • IT- and software service providers

  • Website hosts

  • Marketing analysts

  • Accountants

  • Lawyers and 

  • any other third parties mentioned by us when you share your data with us. 


3rd parties who provide us with software; payment, event management, marketing, communication and web-host technologies are:

  • Wix

  • Google

  • MailChimp

  • SurveyMonkey

  • TicketTailor

  • PayPal

  • Klarna

  • Easyname


Please visit the websites of these 3rd parties to learn more about how they collect, store and process data:


Under certain circumstances we may have to disclose your personal data under applicable laws and/or regulations, for example to protect a third party's rights, property, or safety.

We may also share your personal data in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.



Some or all of your personal data may be stored or transferred outside of the European Union (the EU) for any reason, including for example, if our email server is located in a country outside the EU or if any of our service providers or their servers are based outside of the EU. We shall only transfer your personal data to organisations that have provided adequate safeguards in respect of your personal data. Some of your personal data and recorded correspondence between you and us may be stored on one of our devices or external hard drives for backup purposes, to ensure that we can be of service to you, answer your queries, for research purposes and to improve our customer service. These devices and hard drives can only be accessed by our employees and are protected with door locks and the latest security software.



If you create an account or sign up for one of our membership programs, we shall retain your personal data until you delete your account. If you receive marketing communications from us, we shall retain your personal data until you opt out of receiving such communications.

If you have used our services or communicated with us, we shall retain your personal data for 2 years following the latest communications, interactions and purchases. We do this to respond to any further queries you might have and to provide you with invoices. 

If you use our contact form to contact us or when contact us directly via email, the emails themselves, as well as your email address, will be stored on our email account for 2 years and deleted afterwards. If we download and/or store such emails for backup purposes, these emails may be stored on one of our devices for 2 years after reception. Information stored on our event ticket provider’s account will be stored there as long as we use the services of this service provider.



You have the right to obtain from us a copy of the personal data that we hold about you, and to require us to correct errors in the personal data if it is inaccurate or incomplete. You also have the right to have us delete your personal data any time. To exercise these rights, or any other rights you may have under applicable laws, please contact us at Please note the we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.



Our event ticket shop and website may contain links to other websites. We may also share such links with you when you are communicating with us. Members and other users of our website as well as fellow students and instructors may also share links that lead to external websites. Once you have used these links to leave our event ticket shop or website, you should note that such sites are not governed by this policy and that we do not have any control over that other site and its content. We share links to provide you with information and resources which you may find interesting and valuable. Since the websites to which such links lead may change over time, we cannot guarantee that the content is still valuable and that the website is still working once you follow such a link. We have no control over other websites, their content and policies, which is why you understand that you follow any links leading away from our website and event ticket shop at your own risk. We cannot be held responsible for the protection and privacy of any information which you provide whilst visiting other websites. Therefore we advise you to exercise caution and to look at the privacy policy applicable to the sites in question. 



If any provision of this policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.

This policy is governed by and construed in accordance with the law of Austria. By visiting and using our website, communicating with us and by using our services you agree to submit to the exclusive jurisdiction of the Austrian Courts.



We may change the terms of this policy from time to time. You are responsible for regularly reviewing this policy so that you are aware of any changes to it. If you continue to use our services, including our website, after such changes have taken effect, you automatically accept those changes.



If you have any questions regarding this policy, feel free to contact us through the chat box or contact forms on our website, by email or phone:

+43 699 101 87 062


Last update: 22.11.2021

bottom of page