Datenschutz

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services").

The terms used are not gender-specific.

As of September 9, 2022

Table of Contents


RESPONSIBLE PARTY :  

Global Minds AG c/o Cormoran  

Mr. Rüdiger Eisele,  
Am Zirkus 2, 10117 Berlin,
Tel. +49 1511 1590825,
E-Mail: eisele@businesscampus.digital    


DATA PROTECTION OFFICER :

ARNELIS GmbH
Ewa Eigen
Christophstr. 15-17
50670 Cologne
Email: datenschutz@arnelis.de

Overview of processing activities

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of data processed

  • Inventory data.
  • Payment details.
  • Location data.
  • Contact details.
  • Content data.
  • Contract details.
  • Usage data.
  • Metadata/communication data.

Categories of affected persons

  • Customers.
  • Interested parties.
  • Communication partner.
  • Users.
  • Business and contractual partners.
  • Pupils/ Students/ Participants.

Purposes of processing

  • Provision of contractual services and customer service.
  • Contact requests and communication.
  • Security measures.
  • Direct marketing.
  • Range measurement.
  • Tracking.
  • Office and organizational procedures.
  • Conversion measurement.
  • Managing and responding to inquiries.
  • Content Delivery Network (CDN).
  • Feedback.
  • Marketing.
  • Profiles containing user-related information.
  • Provision of our online services and user-friendliness.
  • Information technology infrastructure.

Relevant legal bases

Below you will find an overview of the GDPR legal bases on which we process personal data. Please note that in addition to the GDPR regulations, national data protection regulations may apply in your or our country of residence or establishment. Furthermore, should more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In addition to the data protection regulations of the General Data Protection Regulation (GDPR), national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (BDSG). The BDSG contains specific provisions regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfers, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment-related purposes (§ 26 BDSG), especially with regard to the establishment, execution, or termination of employment relationships and the consent of employees. In addition, state data protection laws of the individual federal states may also apply.

Security measures

In accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, transfer of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.

IP address truncation: If IP addresses are processed by us or by the service providers and technologies we use, and processing a full IP address is not necessary, the IP address is truncated (also known as "IP masking"). This involves removing the last two digits, or the last part of the IP address after a period, or replacing them with placeholders. The purpose of truncating the IP address is to prevent or significantly hinder the identification of a person based on their IP address.

TLS encryption (https): To protect the data you transmit via our online service, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in your browser's address bar.

Transfer of personal data

As part of our processing of personal data, it may be necessary to transfer or disclose data to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

Data transfer within the organization: We may transfer personal data to other entities within our organization or grant them access to this data. If this transfer is for administrative purposes, it is based on our legitimate business interests, is necessary for the performance of our contractual obligations, or is permitted by law.

Data processing in third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or disclosing or transferring data to other persons, bodies or companies, this will only be done in accordance with legal requirements.

Subject to explicit consent or where transfer is required by contract or law, we only process or have data processed in third countries with a recognized level of data protection, contractual obligations through so-called standard contractual clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Articles 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

Deletion of data

The data we process will be deleted in accordance with legal requirements as soon as the consent to process it is withdrawn or other legal grounds for processing cease to apply (e.g., if the purpose for processing this data no longer exists or it is no longer necessary for that purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means the data will be blocked and not processed for any other purpose. This applies, for example, to data that must be retained for commercial or tax law reasons, or whose storage is necessary for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Our privacy policy may also contain further information on the storage and deletion of data, which takes precedence for the respective processing activities.

Use of cookies

Cookies are small text files or other storage markers that store information on and read information from end devices. For example, they can be used to save login status in a user account, shopping cart contents in an online store, accessed content, or used functions of an online service. Cookies can also be used for various other purposes, such as improving the functionality, security, and user-friendliness of online services, as well as analyzing visitor traffic.

Information on consent:  We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless legally required. In particular, consent is not necessary if the storage and reading of information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online service) that they have expressly requested. The revocable consent is clearly communicated to users and includes information on the respective cookie usage.

Information on the legal basis for data protection:  The legal basis for processing users' personal data using cookies depends on whether we request user consent. If users consent, the legal basis for processing their data is their explicit consent. Otherwise, data processed using cookies is processed based on our legitimate interests (e.g., in the efficient operation of our online services and improving their usability) or, if this occurs within the scope of fulfilling our contractual obligations, if the use of cookies is necessary to meet our contractual obligations. We explain the purposes for which we process cookies in this privacy policy or within the framework of our consent and processing procedures.

Storage duration:  The following types of cookies are distinguished with regard to storage duration:

  • Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).
  • Persistent cookies: Persistent cookies remain stored even after the user closes their device. This allows, for example, login status to be saved or preferred content to be displayed directly when the user revisits a website. Similarly, user data collected using cookies can be used for audience measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are persistent and can be stored for up to two years.

General information on revocation and objection (opt-out):  Users can revoke their consent at any time and also object to processing in accordance with the legal requirements of Article 21 GDPR. Users can also declare their objection via their browser settings, e.g., by deactivating the use of cookies (although this may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ .

Further information on processing procedures, methods and services:

  • Processing of cookie data based on consent:  We use a cookie consent management process to obtain, manage, and revoke user consent for the use of cookies and the processing activities and providers mentioned within the cookie consent management process. The consent declaration is stored to avoid having to request it again and to be able to demonstrate consent in accordance with legal requirements. Storage can be server-side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) to assign the consent to a user or their device. Subject to individual information regarding the providers of cookie management services, the following applies: The storage period for consent can be up to two years. A pseudonymous user identifier is created and stored along with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers), and the browser, operating system, and device used.

Business services

We process data of our contractual and business partners, e.g. customers and prospective customers (collectively referred to as "contractual partners") within the framework of contractual and similar legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractually), e.g. to answer inquiries.

We process this data to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations, and remedying warranty claims and other service disruptions. Furthermore, we process the data to protect our rights and for the purposes of the administrative tasks associated with these obligations, as well as for company organization. We also process the data based on our legitimate interests in proper and efficient business management and security measures to protect our contractual partners and our business operations from misuse, compromise of their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other support services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the framework of applicable law, we only disclose contractual partner data to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about other forms of processing, e.g., for marketing purposes, within the scope of this privacy policy.

We will inform our contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special markings (e.g. colors) or symbols (e.g. stars or similar), or personally.

We delete data after the expiry of statutory warranty periods and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, for example, as long as it must be retained for legal archiving purposes. The statutory retention period is ten years for tax-relevant documents, as well as for commercial books, inventories, opening balance sheets, annual financial statements, the work instructions necessary for understanding these documents, and other organizational documents and accounting records. For received commercial and business correspondence and copies of sent commercial and business correspondence, the retention period is six years. This period begins at the end of the calendar year in which the last entry was made in the book, the inventory, opening balance sheet, annual financial statement, or management report was prepared, the commercial or business correspondence was received or sent, the accounting record was created, the record was made, or the other documents were created.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms apply to the relationship between users and the providers.

  • Types of data processed: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email addresses, telephone numbers); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
  • Affected persons: Customers; prospective customers; business and contractual partners; pupils/students/participants.
  • Purposes of processing: Provision of contractual services and customer service; security measures; contact requests and communication; office and organizational procedures; administration and answering of inquiries.
  • Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

  • Customer Account:  Contractual partners can create an account within our online service (e.g., customer or user account, hereinafter referred to as "customer account"). If registration of a customer account is required, contractual partners will be informed accordingly, as well as about the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration, as well as subsequent logins and use of the customer account, we store the customers' IP addresses along with the access times in order to prove registration and prevent any misuse of the customer account. If customers have terminated their customer account, the data relating to the customer account will be deleted, unless its retention is required for legal reasons. It is the customers' responsibility to back up their data after termination of their customer account; legal basis: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Educational and training services:  We process the data of participants in our educational and training programs (collectively referred to as "trainees") in order to provide them with our training services. The data processed, its nature, scope, purpose, and the necessity of its processing are determined by the underlying contractual and training relationship. Processing activities also include performance assessment and evaluation of our services and those of the instructors. In the course of our activities, we may also process special categories of data, in particular information concerning the health of trainees and data revealing their ethnic origin, political opinions, religious or philosophical beliefs. Where necessary, we obtain the explicit consent of the trainees and otherwise process these special categories of data only if it is necessary for the provision of the training services, for purposes of preventive healthcare, social protection, or the protection of the trainees' vital interests. Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Payment methods

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use additional service providers besides banks and credit institutions for this purpose (collectively "payment service providers").

The data processed by payment service providers includes master data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, amount, and recipient-related information. This information is required to process the transactions. However, the entered data is processed and stored only by the payment service providers. This means we do not receive any account or credit card information, but only confirmation or rejection of the payment. The payment service providers may transmit the data to credit reference agencies for identity and creditworthiness verification. Please refer to the terms and conditions and privacy policies of the payment service providers for further information.

The terms and conditions and privacy policies of the respective payment service providers apply to payment transactions and can be accessed on their respective websites or transaction applications. We also refer you to these for further information and to exercise your rights of withdrawal, access, and other data subject rights.

  • Types of data processed: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
  • Affected persons: Customers; prospective customers.
  • Purposes of processing: Provision of contractual services and customer service.
  • Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing procedures, methods and services:

  • PayPal:  Payment services (technical integration of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website:  https://www.paypal.com/de ; Privacy policy:  https://www.paypal.com/de/webapps/mpp/ua/privacy-full .
  • Stripe:  Payment services (technical integration of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website:  https://stripe.com ; Privacy policy:  https://stripe.com/de/privacy .

Provision of the online service and web hosting

We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Content data (e.g., entries in online forms).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); Security measures; Content Delivery Network (CDN).
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

  • Provision of online services on rented storage space:  For the provision of our online services, we use storage space, computing capacity and software that we rent from a corresponding server provider (also called "web host") or otherwise obtain; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Collection of Access Data and Log Files:  Access to our online services is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed web pages and files, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files may be used for security purposes, e.g., to prevent server overload (especially in the case of malicious attacks, so-called DDoS attacks), and to ensure server capacity and stability. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.
  • Email sending and hosting:  The web hosting services we use also include sending, receiving, and storing emails. For these purposes, the addresses of the recipients and senders, as well as other information relating to email transmission (e.g., the providers involved) and the content of the respective emails, are processed. The aforementioned data may also be processed for spam detection purposes. Please note that emails are generally not encrypted when sent over the internet. While emails are usually encrypted during transmission, they are not encrypted on the servers from which they are sent and received (unless end-to-end encryption is used). We therefore cannot assume any responsibility for the transmission of emails between the sender and their receipt on our server. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Content Delivery Network:  We use a Content Delivery Network (CDN). A CDN is a service that enables the faster and more secure delivery of online content, especially large media files such as graphics or program scripts, using regionally distributed servers connected via the internet; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • STRATO:  Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: STRATO AG, Pascalstraße 10, 10587 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:  https://www.strato.de ; Privacy policy:  https://www.strato.de/datenschutz ; Data processing agreement: Provided by the service provider.
  • Limelight:  Content Delivery Network (CDN); Service provider: Limelight Networks, 222 South Mill Avenue, 8th Floor, Tempe, AZ 85281, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:  https://de.limelight.com ; Privacy policy:  https://de.limelight.com/legal/ .

Registration, login and user account

Users can create a user account. During registration, users are informed of the required mandatory information, which is processed for the purpose of providing the user account based on contractual obligations. The processed data includes, in particular, login information (username, password, and email address).

When you use our registration and login functions, as well as your user account, we store your IP address and the time of each action. This storage is based on our legitimate interests, as well as those of our users, in protection against misuse and other unauthorized use. We do not generally share this data with third parties unless it is necessary to pursue our legal claims or we are legally obligated to do so.

Users can be informed via email about processes relevant to their user account, such as technical changes.

  • Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. email addresses, telephone numbers); content data (e.g. entries in online forms); meta/communication data (e.g. device information, IP addresses).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and customer service; security measures; administration and response to inquiries; provision of our online services and user-friendliness.
  • Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

  • Registration with real name:  Due to the nature of our community, we ask users to use our services only with their real names. This means that the use of pseudonyms is not permitted; Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Deletion of data after termination:  If users have terminated their user account, their data relating to the user account will be deleted, subject to legal permission, obligation or user consent; legal basis: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • No obligation to retain data:  It is the users' responsibility to back up their data before the end of the contract if they have terminated their contract. We are entitled to irretrievably delete all user data stored during the contract period; legal basis: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Contact and inquiry management

When you contact us (e.g. via contact form, email, telephone or social media) and within the framework of existing user and business relationships, the information provided by the requesting persons is processed to the extent necessary to answer the contact requests and any requested measures.

The processing of contact requests and the management of contact and request data within the framework of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to answer (pre-)contractual requests and otherwise on the basis of the legitimate interests in answering requests and maintaining user or business relationships.

  • Types of data processed: Contact data (e.g., email addresses, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
  • Affected persons: Communication partners.
  • Purposes of processing: Contact requests and communication; administration and response to inquiries; feedback (e.g. collecting feedback via online form); provision of our online services and user-friendliness; provision of contractual services and customer service.
  • Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

  • Contact form:  When users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to handle their request. For this purpose, we process personal data within the framework of pre-contractual and contractual business relationships, insofar as this is necessary for their fulfillment, and otherwise based on our legitimate interests and the interests of our communication partners in responding to requests, as well as our legal retention obligations; legal bases: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Newsletters and electronic notifications

We only send newsletters, emails, and other electronic notifications (hereinafter "newsletters") with the recipient's consent or where legally permitted. If the content of the newsletter is specifically described during the registration process, this description is decisive for the user's consent. Otherwise, our newsletters contain information about our services and our company.

To subscribe to our newsletters, you generally only need to provide your email address. However, we may ask you to provide a name for personalized addressing in the newsletter, or other information if required for the purposes of the newsletter.

Double opt-in procedure: Subscription to our newsletter is always carried out using a double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from subscribing using someone else's email address. Newsletter subscriptions are logged to document the registration process in accordance with legal requirements. This includes recording the registration and confirmation times as well as the IP address. Changes to your data stored with the email service provider are also logged.

Erasure and restriction of processing:  We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove previously given consent. The processing of this data is limited to the purpose of defending against potential claims. An individual deletion request is possible at any time, provided that the prior existence of consent is confirmed. In cases where we are obligated to permanently respect objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The registration process is logged based on our legitimate interests for the purpose of documenting its proper execution. If we engage a service provider to send emails, this is done based on our legitimate interests in an efficient and secure email delivery system.

Contents:

Information about us, our services, promotions and offers.

  • Types of data processed: Inventory data (e.g. names, addresses); Contact data (e.g. email, telephone numbers); Meta/communication data (e.g. device information, IP addresses); Usage data (e.g. websites visited, interest in content, access times).
  • Affected persons: Communication partners.
  • Purposes of processing: Direct marketing (e.g. by email or post).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
  • Right to object (opt-out):  You can unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to receiving further newsletters. You will find an unsubscribe link at the end of each newsletter, or you can use one of the contact options listed above, preferably email.

Further information on processing procedures, methods and services:

  • Measurement of open and click rates:  The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server, or, if we use a mailing service provider, from their server, when the newsletter is opened. During this retrieval, technical information such as browser and system information, as well as your IP address and the time of retrieval, are collected. This information is used to technically improve our newsletter based on the technical data or to analyze target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and the legal basis for this processing is consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Web analytics, monitoring and optimization

Web analytics (also known as "reach measurement") is used to evaluate visitor traffic to our online services and can include pseudonymous data on visitor behavior, interests, or demographic information such as age or gender. Reach analysis allows us, for example, to identify when our online services, their features, or content are most frequently used or encourage repeat visits. It also helps us understand which areas require optimization.

In addition to web analytics, we can also use testing procedures to, for example, test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles—that is, data aggregated from a usage session—may be created for these purposes, and information may be stored in and retrieved from a browser or device. The data collected includes, in particular, visited websites and elements used therein, as well as technical information such as the browser and operating system used, and usage times. If users have consented to the collection of their location data by us or by the providers of the services we use, location data may also be processed.

User IP addresses are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored for web analytics, A/B testing, and optimization; instead, pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

  • Types of data processed: Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Audience measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); tracking (e.g., interest-/behavior-related profiling, use of cookies); provision of our online services and user-friendliness.
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further information on processing procedures, methods and services:

Online marketing

We process personal data for online marketing purposes, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as "content") based on the potential interests of users, as well as the measurement of its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (a "cookie") or similar methods are used to store user information relevant to displaying the aforementioned content. This information may include, for example, viewed content, visited websites, used online networks, as well as communication partners and technical information such as the browser used, the computer system used, and information about usage times and functions used. If users have consented to the collection of their location data, this data may also be processed.

Users' IP addresses are also stored. However, we use available IP masking methods (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored as part of the online marketing process; instead, pseudonyms are used. This means that neither we nor the providers of the online marketing methods know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is generally stored in cookies or using similar methods. These cookies can later be read on other websites that use the same online marketing methods and analyzed for the purpose of displaying content, as well as supplemented with further data and stored on the server of the online marketing provider.

In exceptional cases, personal data may be associated with profiles. This occurs, for example, when users are members of a social network whose online marketing methods we use and the network links the user profiles with the aforementioned information. Please note that users may enter into additional agreements with the providers, for example, by giving their consent during registration.

We generally only receive access to aggregated information about the success of our advertisements. However, through conversion tracking, we can examine which of our online marketing methods have led to a conversion, i.e., a contract signed with us. Conversion tracking is used solely to analyze the success of our marketing efforts.

Unless otherwise stated, please assume that cookies used will be stored for a period of two years.

  • Types of data processed: Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest-/behavior-related profiling, use of cookies); marketing; profiles with user-related information (creation of user profiles); conversion measurement (measuring the effectiveness of marketing measures).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
  • Right to object (opt-out):  We refer you to the privacy policies of the respective providers and the opt-out options provided by them. If no explicit opt-out option is provided, you can disable cookies in your browser settings. However, this may restrict the functionality of our website. We therefore also recommend the following opt-out options, which are offered for specific regions: a) Europe: https://www.youronlinechoices.eu . b) Canada: https://www.youradchoices.ca/choices . c) USA: https://www.aboutads.info/choices . d) Cross-region: https://optout.aboutads.info .

Further information on processing procedures, methods and services:

  • Google Ads and Conversion Tracking:  We use the online marketing tool "Google Ads" to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a likely interest in the ads (so-called "conversion"). We also measure the conversion of these ads. However, we only receive the anonymous total number of users who clicked on our ad and were redirected to a page with a "conversion tracking tag." We ourselves do not receive any information that could identify individual users. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; legal basis: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); website:  https://marketingplatform.google.com ; privacy policy https://policies.google.com/privacy Further information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices ; Data processing terms between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms .

Presences in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about ourselves.

Please note that user data may be processed outside the European Union. This may pose risks for users, as it could, for example, make it more difficult to enforce their rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on usage patterns and the resulting user interests. These user profiles can then be used to display advertisements both within and outside the networks that are presumably tailored to the users' interests. For these purposes, cookies are typically stored on users' computers, recording their usage patterns and interests. Additionally, user profiles can also store data independent of the devices used by the users (especially if the users are members of the respective platforms and are logged in).

For a detailed description of the respective processing methods and the options for objecting (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Regarding requests for information and the assertion of data subject rights, we would like to point out that these can be most effectively addressed directly with the service providers. Only the providers have access to user data and can take appropriate action and provide information directly. However, should you require assistance, you can contact us.

  • Types of data processed: Contact data (e.g., email addresses, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Contact requests and communication; feedback (e.g. collecting feedback via online form); marketing.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

  • Instagram:  Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:  https://www.instagram.com ; Privacy policy:  https://instagram.com/about/legal/privacy .
  • Facebook Pages:  Profiles within the Facebook social network - We, together with Meta Platforms Ireland Limited, are responsible for collecting (but not further processing) data from visitors to our Facebook page (so-called "Fan Page"). This data includes information about the types of content users view or interact with, or the actions they take (see "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/policy ), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy ). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, so-called "Page Insights," to page administrators so they can gain insights into how people interact with their pages and the content associated with them. We have entered into a specific agreement with Facebook ("Information about Page Insights," https://www.facebook.com/legal/terms/page_controller_addendum ) which, in particular, regulates the security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e., users can, for example, submit requests for information or deletion directly to Facebook). The rights of users (in particular, the rights to information, deletion, objection, and lodging a complaint with the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information about Page Insights" ( https://www.facebook.com/legal/terms/information_about_page_insights_data ); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:  https://www.facebook.com ; Privacy policy https://www.facebook.com/about/privacy Standard contractual clauses (guaranteeing a level of data protection when processing in third countries):  https://www.facebook.com/legal/EU_data_transfer_addendum ; Further information: Joint controllership agreement: https://www.facebook.com/legal/terms/information_about_page_insights_dataJoint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transfer of data to its parent company, Meta Platforms, Inc., in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
  • LinkedIn:  Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:  https://www.linkedin.com ; Privacy policy:  https://www.linkedin.com/legal/privacy-policy ; Data processing agreement:  https://legal.linkedin.com/dpa ; Standard contractual clauses (guaranteeing a level of data protection when processing in third countries):  https://legal.linkedin.com/dpa ; Opt-out option:  https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .
  • Twitter:  Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, Parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy policy:  https://twitter.com/privacy , (Settings: https://twitter.com/personalization ).
  • YouTube:  Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy policy:  https://policies.google.com/privacy ; Opt-out option:  https://adssettings.google.com/authenticated .
  • Xing:  Social network; Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:  https://www.xing.de ; Privacy policy:  https://privacy.xing.com/de/datenschutzerklaerung .

Plugins and embedded functions as well as content

We integrate functional and content elements into our online services that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos, or city maps (hereinafter collectively referred to as "content").

The integration of third-party content always requires that these providers process users' IP addresses, as they cannot send the content to users' browsers without them. The IP address is therefore necessary for displaying this content or these functions. We strive to use only content from providers who use IP addresses solely for content delivery. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These pixel tags allow for the analysis of information such as visitor traffic on the pages of this website. The pseudonymized information can also be stored in cookies on users' devices and may include, among other things, technical information about the browser and operating system, referring websites, the time of visit, and other information about the use of our online services, as well as be combined with such information from other sources.

  • Types of data processed: Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Location data (information about the geographic position of a device or person).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online service and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

  • Integration of third-party software, scripts, or frameworks (e.g., jQuery):  We integrate software into our online services that we retrieve from third-party servers (e.g., function libraries that we use for the presentation or user-friendliness of our online services). In doing so, the respective providers collect users' IP addresses and may process them for the purpose of transmitting the software to users' browsers, for security purposes, and for evaluating and optimizing their services. Legal basis : Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Font Awesome (hosted on our own server):  Display of fonts and icons; Service provider: The Font Awesome icons are hosted on our server; no data is transmitted to the provider of Font Awesome; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Google Fonts (retrieved from Google servers):  Fonts (and symbols) are retrieved for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their consistent display, and compliance with any applicable licensing restrictions. The user's IP address is transmitted to the font provider so that the fonts can be made available in the user's browser. Furthermore, technical data (language settings, screen resolution, operating system, hardware used) is transmitted, which is necessary for providing the fonts depending on the devices used and the technical environment; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:  https://fonts.google.com/ ; Privacy policy:  https://policies.google.com/privacy .
  • Google Fonts (Bereitstellung auf eigenem Server): Schriftarten ("Google Fonts") zwecks einer nutzerfreundlichen Darstellung unseres Onlineangebotes; Dienstanbieter: Die Google Fonts werden auf unserem Server gehostet, es werden keine Daten an Google übermittelt; Rechtsgrundlagen: Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).
  • Google Maps: Wir binden die Landkarten des Dienstes “Google Maps” des Anbieters Google ein. Zu den verarbeiteten Daten können insbesondere IP-Adressen und Standortdaten der Nutzer gehören; Dienstanbieter: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Irland; Rechtsgrundlagen: Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://cloud.google.com/maps-platform; Datenschutzerklärung: https://policies.google.com/privacy.
  • YouTube-Videos: Videoinhalte; YouTube-Videos werden über eine spezielle Domain (erkennbar an dem Bestandteil "youtube-nocookie") im sogenannten "Erweiterten Datenschutzmodus" eingebunden, wodurch keine Cookies zu Nutzeraktivitäten erhoben werden, um die Videowiedergabe zu personalisieren. Dennoch können Angaben zur Interaktion der Nutzer mit dem Video (z.B. Merken der letzten Wiedergabestelle), gespeichert werden; Dienstanbieter: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Mutterunternehmen: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Rechtsgrundlagen: Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.youtube.com; Datenschutzerklärung: https://policies.google.com/privacy.

Änderung und Aktualisierung der Datenschutzerklärung

Wir bitten Sie, sich regelmäßig über den Inhalt unserer Datenschutzerklärung zu informieren. Wir passen die Datenschutzerklärung an, sobald die Änderungen der von uns durchgeführten Datenverarbeitungen dies erforderlich machen. Wir informieren Sie, sobald durch die Änderungen eine Mitwirkungshandlung Ihrerseits (z.B. Einwilligung) oder eine sonstige individuelle Benachrichtigung erforderlich wird.

Sofern wir in dieser Datenschutzerklärung Adressen und Kontaktinformationen von Unternehmen und Organisationen angeben, bitten wir zu beachten, dass die Adressen sich über die Zeit ändern können und bitten die Angaben vor Kontaktaufnahme zu prüfen.

Rechte der betroffenen Personen

Ihnen stehen als Betroffene nach der DSGVO verschiedene Rechte zu, die sich insbesondere aus Art. 15 bis 21 DSGVO ergeben:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right of withdrawal for consents: You have the right to withdraw any consent you have given at any time.
  • Right to information: You have the right to request confirmation as to whether data concerning you is being processed, and to access this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: In accordance with legal requirements, you have the right to request the completion of your personal data or the correction of inaccurate personal data concerning you.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be erased without undue delay, or alternatively, in accordance with legal requirements, to request a restriction of the processing of the data.
  • Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, or to request its transmission to another controller, in accordance with the legal requirements.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Definitions of terms

This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined primarily in Article 4 of the GDPR. The legal definitions are binding. The following explanations, however, are intended primarily to aid understanding. The terms are listed alphabetically.

  • Content Delivery Network (CDN): A "Content Delivery Network" (CDN) is a service that enables the faster and more secure delivery of online content, especially large media files such as graphics or program scripts, using regionally distributed servers connected via the Internet.
  • Conversion tracking: Conversion tracking (also known as "visit action analysis") is a method used to determine the effectiveness of marketing measures. Typically, a cookie is stored on users' devices within the websites where the marketing measures are implemented and then retrieved again on the target website. For example, this allows us to track whether the ads we placed on other websites were successful.
  • Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Profiles with user-related information: The processing of "profiles with user-related information," or simply "profiles," encompasses any type of automated processing of personal data that involves using this personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this can include various information concerning demographics, behavior, and interests, such as interaction with websites and their content, etc.). Examples of such profiling include interests in specific content or products, click behavior on a website, or location. Cookies and web beacons are frequently used for profiling purposes.
  • Audience measurement: Audience measurement (also known as web analytics) is used to analyze visitor traffic to an online service and can include visitors' behavior or interests in specific information, such as website content. With the help of audience analysis, website owners can, for example, determine when visitors access their website and which content they are interested in. This allows them to better tailor the website content to their visitors' needs. Pseudonymous cookies and web beacons are frequently used for audience analysis to recognize returning visitors and thus obtain more accurate analyses of online service usage.
  • Location data: Location data is generated when a mobile device (or another device with the technical capabilities for location tracking) connects to a cell tower, Wi-Fi network, or similar location-determining technology. Location data indicates the geographically identifiable position of the device on Earth. Location data can be used, for example, to display map functions or other location-dependent information.
  • Tracking: "Tracking" refers to the process of observing user behavior across multiple online services. Typically, behavioral and interest information related to the online services used is stored in cookies or on the servers of the tracking technology providers (so-called profiling). This information can then be used, for example, to display advertisements to users that are likely to match their interests.
  • Controller: The term "controller" refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data, be it collection, analysis, storage, transmission, or erasure.
Glückwunsch
Sie haben die Lernkontrolle mit Erfolg bestanden.

Zum Training