De | En

Terms and conditions

Parties

“Headstart Studios” stands for Headstart Studios GmbH, which provides the products. The address of the Headstart Studios GmbH branch in Germany is

Headstart Studios GmbH,

Rödingsmarkt 20,

20459 Hamburg.

In these terms and conditions, “we” refers to Headstart Studios GmbH, “us” and “our” are also used in the appropriate meaning; “you” refers to the client, “him” and “his” are also used in the appropriate meaning.

1. Definitions

1.1 Unless otherwise stated, the following words in these terms and conditions (“Terms”) shall have the following meanings:

“Brochure”: product brochure(s) published by a training provider;

“cohort”: Group of participants included in the products after a fixed date of course commencement.

“Terms and conditions of use”: Conditions of use of the purchased product; each named individual user must agree to these in order to access products;

“Course Start Date”: Start date of the product(s), which is the date from which access to the Online Learning Environment is granted. Registration information will be sent to the designated e-mail address on the course start date;

“House Rules”: The house rules defined in the “Online Learning Environment”;

“Intellectual Property Rights”: Patents, utility models, trademarks, trade names, logos, get-ups, domain names, copyrights (including rights in computer software), database rights, moral rights, confidential information and know-how, whether registered or not, including requested registrations and all other types of intellectual property rights worldwide;

“Participant Results” means all content generated by the Participant as part of the Products, including, but not limited to, reports, presentations, videos, websites, web pages, graphics, text, blog entries, quotes, potential names/trademarks, searches, configurations and audio recordings

“Materials”: Elements related to the Products, either at the beginning of the Product or later;

“Named Individual Users”: employees of the Customer to whom the Customer has granted access to their account;

“Online Access”: Access to the training provider’s online learning community and online learning materials (the “Online Learning Environment”);

“Order”: the customer’s request to Headstart Studios to provide one or more selected products from the Training Provider, consisting of an order and a contract;

“Price”: the price of a Product including shipping, packaging and VAT, which has been confirmed in writing;

“Product”: Products listed in an Order, consisting of the associated training guides, instruction, support services and access to online materials;

“Third Party Content”: Content owned by third parties to which Headstart Studios may refer its participants, including, but not limited to, websites, blog entries, social media, documents, videos, podcasts, quotes, potential names/trademarks;

“Training Provider”: A company or organization that provides training and courses to companies and individuals and is listed in the Order as the provider of the products;

“instructor support” means instruction related to the products and conducted by instructors appointed by the training provider;

“instructor support period” means the limited period after enrolment for a product during which instructor support is available; and

“Page”: Website of the training provider.

2. general information

2.1 These terms and conditions (in combination with the documents referred to herein) govern the terms and conditions on the basis of which Headstart Studios provides the products ordered by the customer. Headstart Studios points out that by ordering the products, the customer agrees to comply with these terms and conditions. Therefore, these terms and conditions should be kept for future reference.

2.2 By placing an order to Headstart Studios, the customer confirms that he is legally responsible and entitled to conclude binding contracts on behalf of his company.

2.3 The Client shall generally assume full responsibility for all activities conducted using his account information and password, as well as for the activities of the individual users designated by him.

2.4 The Customer warrants that all information provided by him/her to Headstart Studios (including but not limited to company name, registered office and bank details) is complete, accurate and up to date, and shall notify Headstart Studios immediately of any changes to the information with which he/she has registered for online access or purchase of products.

2.5 Headstart Studios reserves the right: (a) temporarily or permanently block online access and/or suspend the provision of services in the event of a breach of these terms and conditions; (b) delete or modify the content of the Training Provider brochure or site at any time; and (c) cancel or rescind orders (whereby orders that are cancelled through no fault of the Customer will not be charged to the Customer).

3. Payment

3.1 The price of a Product shall be payable in full within 14 days of the date of the Order or as otherwise agreed in the Order, and timely payment shall be a condition of compliance with these Conditions.

3.2 If payments are not made in accordance with the deadline in paragraph 3.1, Headstart Studios reserves the right to suspend or block the provision of services and online access and the delivery of products until the corresponding payment has been properly received. In addition, Headstart Studios charges interest on the amount owed at an annual rate of 8% above the base rate applicable at the time. Corresponding interest will be calculated on a daily basis from the due date until payment of the outstanding amount is made, regardless of any judgment. Headstart Studios reserves the right to take legal action to collect any outstanding amounts, including collection of the outstanding amount by a collection agent; furthermore, the customer or the individual users designated by the customer may not enter into the relevant products until all outstanding payments have been received.

3.3 Amounts due under these Terms and Conditions shall be paid in full and without any deductions or retentions (other than deductions or retentions required by law). Offsetting or retention is only permitted with or in the case of undisputed or legally established claims.

4. Order and provision of products

4.1 The customer order is considered an offer to purchase products under these terms and conditions; Headstart Studios is free to accept or reject this offer at its discretion. Headstart Studios accepts the offer by sending an order confirmation or an invoice (the “Contract”). A contract is also concluded when the customer makes full payment for the product based on a payment option provided by Headstart Studios.

4.2 Headstart Studios grants online access upon conclusion of the contract and sends the registration data to the provided e-mail addresses of the named individual users.

4.3 The Customer assumes full responsibility for ensuring that the named individual users know which products they have registered for, that they meet the participation criteria and that they are suitable candidates for the products.

4.4 Named Individual Users must register in the online learning environment to access the materials and complete the course. If Named Individual Users violate the Terms of Use, Headstart Studios reserves the right to suspend or terminate individual access to the online learning environment.

4.5 There is no guarantee that online access will be uninterrupted or completely error-free or that any errors in access can be corrected immediately. In the event of significant access disruptions that affect the learning experience, Headstart Studios will endeavor to establish contingency plans to ensure that the training opportunities expected by the product are fully available.

5. Services

5.1 By accepting these terms and conditions, the customer also agrees to the provision of services by the training provider in accordance with the provisions of this clause 5.

5.2 Headstart Studios will make every effort to provide the products on the dates and times specified in the order, but if a product can not be provided on the date specified, the training provider will inform the customer and the designated individual users as soon as possible in writing about this fact.

5.3 The training provider may subcontract Headstart Studios obligations under these terms and conditions (including without limitation the provision of instructor support) to third parties. The subcontracting of obligations under these terms and conditions does not release Headstart Studios from its liability and Headstart Studios obligations to the customer.

5.4 In exceptional circumstances, it may be possible for participants to transfer to another cohort. Cohort changes are at the discretion of the training provider. If participants change to a later cohort, access to original products will end and a fee for the additional instructor time may be payable.

6. Intellectual property rights

6.1 The intellectual property rights in products, materials and the online learning environment are and remain with the training provider or its licensors.

6.2 The intellectual property rights in the participant results are and remain with Headstart Studios and Headstart Studios licensors. To the extent that participants, customers, or named individual users create or acquire intellectual property in the course of using the products, they are alternatively obligated to transfer such intellectual property to Headstart Studios and Headstart Studios licensors and effect such transfer at the time the intellectual property rights are created or acquired.

6.3 Unless expressly stated in these terms and conditions, the customer does not acquire any intellectual property rights in the products, materials, online learning environment, participant results or software. Customer agrees that Customer shall not rent, lease, sublicense, loan, copy, modify, adapt, adapt, translate, reverse engineer, decompile, disassemble or create derivative works based on the Products or any part of the Products and shall not use, reproduce or trade in the Products in whole or in part (other than as described in these Terms) except to the extent that Customer is entitled to corresponding legal rights which cannot be waived.

6.4 By agreeing to these Terms and accepting the Customer’s offer in accordance with Section 4.1, Headstart Studios agrees to grant the Customer a limited, non-exclusive, non-transferable, revocable license to use the Product(s) and Participant Results, which is intended solely for use by Named Individual Users for the purpose of completing the Products.

6.5 If the training provider grants online access, the customer agrees: (a) that the license granted to him to access the content of the Online Learning Environment is personal to him and to the Named Individual Users, and takes all reasonable precautions to ensure that the Registration Data is secure and is not disclosed to any third party Both Customer and Named Individual Users shall at all times comply with the applicable rules of the Online Learning Environment; (b) that Headstart Studios may suspend or terminate online access upon termination or if payments for the Products have not been made in full.

7. Third party content

7.1 In the context of product provision, Headstart Studios may refer to third party content via links. This means that named individual users may leave Headstart Studios site and go to websites that are not operated by Headstart Studios. Headstart Studios is not responsible for the content or availability of linked sites.

7.2 If Headstart Studios provides links to third-party websites that may be of interest to visitors to the Headstart Studios website, and the customer clicks on those links, the customer will leave our site and be directed to other sites. These sites are not under the control of the training provider.

7.3 Headstart Studios is not responsible for the content of linked third-party websites. Headstart Studios does not represent these third parties and does not recommend or guarantee their products. Headstart Studios is not responsible for the accuracy of the information on the linked sites. Customers and Named Individual Users should always verify information on linked sites before relying on it.

7.4 Because the security and privacy policies of these sites may differ from those of Headstart Studios, the security and privacy policies of the third party providers should be read carefully.

7.5 Any questions or concerns regarding the products and services offered on the linked third party sites are the responsibility of the respective third party provider.

8. Termination of contract

8.1 The contract regulated in these conditions can be terminated by Headstart Studios if: (a) there is a material breach of the terms of these terms by the customer (including non-payment) which cannot be remedied, or which can be remedied but which has not been remedied within fourteen (14) days of Headstart Studios’ request to remedy the breach In such circumstances, Headstart Studios may instruct the training provider to cease providing services for the customer’s account, including online access, until the violation is resolved; (b) insolvency proceedings are opened against the customer’s assets or the opening of such proceedings is denied due to lack of assets; (c) the customer commits an unauthorized act with respect to the products that violates Headstart Studios intellectual property rights.

8.2 The customer has the right to terminate the contract governed by these terms and conditions in accordance with clause 10 below. In addition, he may also be entitled to corresponding legal rights, which cannot be waived.

8.3 If either party terminates the agreement governed by these Terms and Conditions, (a) the materials and software must be returned to Headstart Studios; (b) all copies of the software, including software stored on hard drives of computers under the control of the Customer must be destroyed; and (c) the use of the Services and online access must be terminated immediately.

9. Limitation of liability

9.1 The liability of Headstart Studios to pay damages, regardless of the legal grounds, in particular from impossibility, delay, defective or incorrect delivery, breach of contract, breach of obligations in contract negotiations and tort is, insofar as it depends in each case on fault, in accordance with this paragraph 9 limited.

9.2 Headstart Studios is not liable in the case of simple negligence of its organs, legal representatives, employees or other agents, unless it is a breach of essential contractual obligations. Essential contractual obligations are the obligation to provide the products in a timely manner, their freedom from defects that affect their usability more than just insignificantly, as well as consulting, protection and care obligations, which are intended to enable the contractual use of the services and products of Headstart Studios, or the protection of life or limb of the customer or the protection of its property from significant damage.

9.3 Insofar as Headstart Studios is liable for damages on the merits pursuant to Section 9.2, this liability shall be limited to damages which Headstart Studios foresaw when accepting the order pursuant to Section 4.2 as a possible consequence of a breach of contract or which it should have foreseen when applying normal commercial care. Indirect damage and consequential damage resulting from defects in the services provided by Headstart Studios are also only eligible for compensation if such damage is typically expected when the products are used as intended.

9.4 The above exclusions and limitations of liability shall apply to the same extent in favor of the organs, legal representatives, employees and other agents of Headstart Studios.

9.5 The limitations of this clause 9 shall not apply to the liability of Headstart Studios due to intentional conduct, for guaranteed characteristics, for injury to life, body or health or under the Product Liability Act.

9.6 Headstart Studios is not liable in cases of force majeure and other circumstances for which Headstart Studios is not responsible. Force majeure shall include, in particular, strikes, lockouts, weather conditions, and failures of the Internet and communications network for which Headstart Studios is not responsible.

9.7 The information in the training provider’s brochure or on the site is updated at certain intervals and may not be up to date when the customer views it. Headstart Studios assumes no liability that such information is current.

9.8 Headstart Studios can not guarantee that the online learning environment or the software is free of computer viruses or other malware. The customer should therefore take reasonable precautions when accessing the online learning environment or downloading the software. The pages of the online learning environment may contain technical inaccuracies and typographical errors.

9.9 Headstart Studios assumes no liability for the actions and omissions of telecommunications providers or for failures and errors in their networks and equipment.

9.10 Headstart Studios reserves the right to change prices, information and specifications in connection with the products, taking into account Headstart Studios obligations under the preceding paragraph 3 from time to time.

10. Right of withdrawal

10.1 Insofar as the customer is a consumer within the meaning of § 13 of the German Civil Code (BGB), i.e. a natural person who concludes a legal transaction for purposes which can predominantly be attributed neither to his commercial nor his self-employed professional activity, he shall have a statutory right of revocation in accordance with the following provisions of this clause 10.

REVOCATION INSTRUCTION

10.2 The customer has the right to revoke the contract within fourteen days without giving reasons. The revocation period is fourteen days from the day of the conclusion of the contract. In order to exercise the right of revocation, the customer must inform Headstart Studios (Headstart Studios GmbH, Rödingsmarkt 20, 20459 Hamburg; e-mail: support@headstart-studios.com) by means of a clear statement (e.g. letter or e-mail) of the decision to revoke the contract. The customer may use the attached sample revocation form for this purpose, which is not mandatory. In order to comply with the revocation period, it is sufficient for the customer to send the declaration on the exercise of the right of revocation before the end of the revocation period.

10.3 If the customer revokes the contract, Headstart Studios will refund all payments received by us from the customer, including delivery costs (with the exception of additional costs resulting from the fact that the customer has chosen a different type of delivery than the cheapest standard delivery offered by us), immediately and no later than fourteen days from the day on which we receive the notice of withdrawal of the contract. For this repayment, we shall use the same means of payment that the Customer used for the original transaction, unless expressly agreed otherwise with the Customer; in no case shall the Customer be charged for this repayment. If the customer has requested that services should commence during the cancellation period, the customer shall pay Headstart Studios a reasonable amount corresponding to the proportion of the services already provided by the time the customer informs Headstart Studios that the right of cancellation with respect to this contract has been exercised, compared to the total scope of the services provided for in the contract.

NOTES ON THE EXPIRATION OF THE RIGHT OF WITHDRAWAL

10.4 The right of revocation expires in the case of a contract for the provision of services, if Headstart Studios has provided the service in full and has begun with the execution of the services only after the customer has given his express consent and confirmed his knowledge that he loses his right of revocation in the event of full performance of the contract by Headstart Studios.

11. Changes of dates

11.1 Up to the date of the start of the course, the start date of a product can be postponed at any time free of charge, provided that free places are available on the desired date and the customer pays any price differences between the two dates.

11.2 After the date of the start of the course, it is at the discretion of the Participant Service Team (support@headstart-studios.com) whether the customer can start the course at a later date, subject to availability and payment of a postponement fee of 200 €, plus VAT if applicable. If the product price of the new cohort to which the change is to be made is higher than the price of the cohort for which the client originally registered, the difference in price will also be charged to the client. The Client may only change once to a new date of course start and the new date may not be more than 3 months after the original date of course start.

11.3 If an order is to be cancelled or postponed, the customer shall contact his Participant Service Department by telephone, e-mail or in writing (to our registered office) as soon as possible. Business hours are Monday to Friday from 9:00-18:00.

12. complaint procedure

12.1 By default, all complaints go through the training provider’s participant service department, so the customer should contact the training provider’s registered address with appropriate notifications.

13. general information

13.1 These Terms and Conditions and all documents expressly referred to herein constitute the entire agreement between the parties and supersede any and all prior agreements, understandings or understandings between the parties, whether oral or written.

13.2 Failure at any time to insist upon strict performance of any of the Customer’s obligations under these Conditions or failure to exercise any right or remedy under these Conditions shall not constitute a waiver of such right or remedy and shall not relieve the Customer from compliance with any such obligations. A waiver in case of non-performance shall not constitute a waiver in case of subsequent non-performance.

13.3 Insofar as these Terms and Conditions contain loopholes, the legally effective provisions which the parties would have agreed upon in accordance with the economic objectives and purpose of these Terms and Conditions if they had been aware of the loophole shall be deemed agreed upon to fill these loopholes.

13.4 All necessary notifications to Headstart Studios shall be addressed to the registered office. Notices shall be sent by Headstart Studios either by e-mail or by post to the addresses provided by the customer when the order is placed, or by posting the notice on the site (if these are of a general nature). Notices shall be deemed received and properly delivered immediately upon posting on the Site, twenty-four (24) hours after sending an email, or three days after posting a letter. For Letters, proof of delivery of a Notice shall be sufficient to prove that such letter was properly addressed, postage paid and posted; for e-mails, proof that such e-mail was sent to the e-mail address provided by the addressee shall be sufficient.

13.5 The agreement regulated in these conditions is binding for the customer and Headstart Studios as well as the respective successors and assignees. The customer may not transfer, assign, commission or otherwise dispose of the agreement regulated in these terms and conditions or his rights or obligations arising therefrom. During the term, Headstart Studios may at any time during the agreement regulated in these conditions or the rights or obligations arising therefrom, transfer, assign, commission, transfer or otherwise sell.

13.6 The parties agree that the provisions of this Agreement apply to them personally and are not intended to transfer enforcement rights to third parties.

13.7 These terms and conditions as well as contracts based on them shall be governed by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods. The statutory provisions restricting the choice of law and the applicability of mandatory provisions, in particular of the state in which the customer as a consumer has his habitual residence, shall remain unaffected.

13.8 If the customer is a merchant, a legal entity under public law or a special fund under public law, the place of jurisdiction for all disputes arising from contractual relationships between the customer and the provider is Hamburg.

SAMPLE REVOCATION FORM

If you want to cancel the contract, please fill out this form and send it back.

To:

Headstart Studios GmbH
Rödingsmarkt 20
20459 Hamburg

Germany e-mail:

support@headstart-studios.com

I/we (*) hereby revoke the contract concluded by me/us (*) for the purchase of the following goods (*)/the provision of the following service (*)

Ordered on(*)/received on(*):

Name of the consumer(s):

Address of the consumer(s):

Signature of consumer(s) (only in case of paper notification):

date:

(*) Delete as appropriate.

Data protection information

1. Contact person

is responsible in the sense of the basic data protection regulation (DSGVO):

Headstart Studios GmbH, Rödingsmarkt 20, 20459 Hamburg

info@headstart-studios.com, +49 176 22542222

Questions about our products and services, changes of address or the revocation of consent should be addressed directly to our service team: support@headstart-studios.com.

Questions regarding data protection can also be addressed directly to our data protection officer: Attorney David Heimburger, dh@davidheimburger.de, +49 40 / 22863648

2. Your rights in general

At this point we would like to summarise the general rights you are entitled to under the DSGVO with regard to the data processed by us. For an explanation of the legal terms we refer to the applicable definitions in the DSGVO. Should something remain incomprehensible, please feel free to ask us.

  • You can revoke at any time and for the future the consent you have given us for the processing or transfer of your data (Art. 7 para. 3 DSGVO).
  • If the legal basis for processing your data is a legitimate interest according to Art. 6 para. 1 lit. f DSGVO, you may lodge an objection to data processing according to Art. 21 DSGVO. Insofar as the data processing in question involves direct marketing, you do not have to justify your objection in any way; in all other cases, you would have to explain the reasons for your objection that arise from your particular situation.
  • If we have stored incorrect information about you, you can request us to correct your data (Art. 16 DSGVO).
  • You can demand information from us at any time as to which of your data we are processing (Art. 15 DSGVO, § 34 BDSG).
  • You can demand that we delete your data or restrict its processing, provided that your request does not conflict with any higher-ranking storage obligations (Art. 17 or 18 DSGVO, § 35 BDSG).
  • You can demand that we provide you with the data that you yourself have made available to us in a machine-readable format for forwarding to third parties (Art. 20 DSGVO).
  • You may complain to a supervisory authority for data protection, e.g. the Hamburg Data Protection Commissioner, about data protection issues with us.

3. Data processing by us

Any form of processing of personal data requires a legal basis that allows us to process such data. The legal basis is primarily determined by the purpose for which the data are processed. The lawfulness within a legal basis is regularly measured by the specific scope of the data processing and by the measures we take to protect your data.

All legal bases for data processing result from Art. 6 Para. 1 DSGVO and for data requiring special protection, such as health data, from Art. 9 Para. 2 DSGVO. These two provisions list the preparation or fulfilment of contractual, statutory or social obligations as the most important legal basis for data processing. In addition, many data processing operations are carried out in our legitimate interests, unless the interests of the data subjects outweigh the data processing in view of the specific circumstances. Finally, there is the possibility that the data processing is based on your consent (Art. 7 DSGVO) or for persons under 16 years of age when using information society services (e.g. Internet sites, online games, social media platforms) by the children or young people in connection with the consent of a parent or guardian (Art. 8).

At this point we would like to expressly point out that none of our offers are directed at persons under 16 years of age.

In part, our obligation to ask you for your consent does not only result from the data protection law according to the DSGVO but also from the stricter law according to the EU ePrivacy Directive. We have taken the regulations of this directive into account without expressly referring to them in the following.

4. General note on cookies

Our Internet pages use so-called cookies. These are text files that are stored by your browser on your device when you call up a website. Different information can be stored in a cookie. Sometimes a cookie only stores a yes or no (“true” or “false”), sometimes a string of characters is stored which allows the browser to be uniquely identified when you visit the website again.

The right to set cookies is measured not only by the DSGVO, but also by the ePrivacy Directive of the EU and its implementation in national law. The ePrivacy Directive distinguishes between (essential) cookies that are absolutely necessary for the operation of the online offer and those that are not. Essential cookies may also be set without consent, but non-essential cookies always require consent – even if this is not required under the DSGVO (and e.g. a legitimate interest exists as a legal basis)

Due to the strict requirements of the ePrivacy Directive, we ask you for your consent to the use of non-essential cookies when you access our website.

The purpose of each cookie as well as the legal basis for its use according to the DSGVO can be found in the following description of the individual data processing.

There are various ways to prevent the acceptance of cookies on your device:

  • The standard case should be that when you call up one of our Internet pages you decide via our consent manager which cookies you allow and which you do not allow. Sometimes we can only offer you a blanket acceptance or rejection of all cookies.
  • In principle you can set your browser so that it never accepts cookies. By such a complete exclusion you will most likely lose functions based on cookies that you would actually like to accept or that do not require your consent.
  • You can call up Internet pages in the private mode of your browser. The private mode also blocks the setting of cookies in your browser memory.
  • Some browsers or browser plug-ins offer you the possibility of making more differentiated presettings as to which cookies you wish to accept by default and which not.
  • A special case: Google offers you a browser plug-in for download that prevents the setting of Google cookies. You can find the corresponding plug-in here: https://tools.google.com/dlpage/gaoptout?hl=de

4.1 Your customer relationship with us

4.1.1 Booking seminars (Xing Events)

Description: Events we offer can be booked through Xing as a service provider. We will forward you from our website to Xing during the booking process. At Xing, you can complete the booking with an existing Xing account or create a separate booking account. Xing will inform us about the completion of the booking and we will transfer your data to our own customer database (CRM) if we do not already have it. You will receive the invoice from Xing, who will collect the payments on our behalf.

Xing will act as the data protection officer during the booking process. Details on data protection at Xing can be found at: https://privacy.xing.com/de/datenschutzerklaerung

Categories of data: Contact details, booked event (topic and date), payment status

Data recipient (possibly transfer to third countries): New Work SE (operator of xing.com), Dammtorstraße 30, 20354 Hamburg. A transfer to third countries does not take place.

Purpose + legal basis: Online booking of our training courses and use of a professional booking service for this purpose. The legal basis for the booking process is preparation or fulfilment of the training contract with us. The exchange of data with Xing is in the legitimate interest of our customers, as Xing is an established German provider in the field of professional communication and will only process your data to the extent necessary for the booking.

Storage period: Xing is responsible for the storage of data at Xing. We store the data of your booking for six years in accordance with the provisions of commercial law on the retention of business letters or for ten years after the retention periods under tax law.

4.1.2 Customer database (online CRM HubSpot)

Description: We maintain your data in our customer database in terms of Customer Relation Management (CRM). We use HubSpot’s powerful cloud technology to process your contract and billing data and send you invitations to the events you have booked. Via CRM we control the business communication with you and document the history of your customer relationship with us.

Our CRM also manages your registration for our newsletters and marketing information. Access to your personal customer accounts in our separate training applications is also controlled from the CRM.

We provide some of our Internet pages directly via HubSpot as a hosting service provider. See also the processing “Analysis of user behaviour (HubSpot)”.

Data categories: Registration data (name, e-mail address, password), contact data (phone number, address), orders (goods/services, payment and delivery conditions, invoices), date of birth/age, activity history, marketing consent

Data recipient (possibly transfer to third countries): HubSpot Inc., USA, contact in the EU: One Dockland Central, Dublin 1, Ireland. To us, HubSpot is obliged to respect data protection through a contract for order processing according to Art. 28 DSGVO. HubSpot has certified itself for data transfer to the USA under the EU-US-Privacy-Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG) and thus guarantees a handling of data on EU data protection level.

Purpose + legal basis: Use of a high-performance CRM system as a cloud solution, which enables us to provide our customers with comprehensive support from acquisition to billing. Legal basis is in preparation or fulfillment of the training contract with us.

Storage period: We store your customer account for up to six years after the last customer contact has been made. In this respect we fulfil the storage obligation for business letters from commercial law. We will store your account for longer if you continue to subscribe to our newsletter. If you cancel your newsletter registration at a later date, your data will be deleted immediately afterwards.

4.1.3 Online training

Description: Our product are trainings, which take place in large parts as online trainings (webinars). For this purpose, we work together with different eLearning platforms, which are hosted for us by cloud service providers. For these platforms we create customer accounts for you, whose access data we send to you. The courses you have booked will be booked into the customer accounts. Your training progress will also be documented here.

You are free to add a photo or symbol image to your user account in our learning platform.

During the courses we sometimes ask you for your consent to make your e-mail address available to other participants. This disclosure is intended to enable participants to exchange learning content outside the webinars. You are free to refuse to give your e-mail address to others without any disadvantages for the course participants.

During the webinars you can get involved in the course in different ways (chat, audio, video). Some of our webinars are recorded so that they can be viewed afterwards. You will be informed of this at the beginning of the respective course at the latest.

In some cases you will receive notifications (e.g. reminders) for your courses by e-mail, which are automatically sent by our eLearning platform.

Participation in the webinars takes place via your Internet browser (see the processing “Visiting our Internet pages”).

At some of our events, you can also access the webinars via our app for mobile devices (see the “Use of our apps” processing).

Data categories: Name, e-mail address, password (encrypted and not readable for us), photo, booked courses and training progress (activity history), sound and film recordings or text comments (for your own activity in a webinar)

Data recipient (possibly transfer to third countries): Our cloud service providers for eLearning platforms, who are bound to data protection by a contract processing agreement. A transfer to third countries does not take place.

Purpose + legal basis: Use of an eLearning system as a cloud solution that enables us to use a powerful infrastructure for our webinars. The legal basis for the processing of your data is fulfilment of the training contract with us. The legal basis for the transfer of your e-mail address to other participants is your consent.

Storage period: We store your account in the eLearning platform for up to two years after the last contact with you. In this respect, we fulfil the obligation to retain business letters under commercial law and want to make it possible to send you duplicates of your training confirmations even some time after completion of the course.

4.1.4 External lecturers

Description: Many of the experts who are lecturers for the webinars in our online training courses are not employed by us but external service providers. Within the framework of the webinar, the lecturers are given access to their personal data as they become visible in the eLearning platform. In addition, the lecturers have insight into the results of exams you have taken. The lecturers are contractually bound by us to confidentiality. You may not export your data from the eLearning platform or use your data in any way for purposes other than the execution of the training.

Categories of data: Name, e-mail address, photo, booked courses and training progress as well as examination results, sound and film recordings or text comments (in case of own activity in the webinar)

Data recipients (possibly transfer to third countries): External lecturers in the online training courses. There is no transfer of data to third countries.

Purpose + legal basis: Integration of external experts as lecturers for the online training courses. The legal basis for the disclosure of your data is a legitimate interest, since the lecturers have access to the personal data solely via the e-learning platform and are bound to confidentiality by their service provider contract.

Duration of storage: There is no independent storage, since the lecturers only access the data in the eLearning platform.

4.2 Direct communication with us

4.2.1 E-mail communication

Description: If you send us an e-mail, it will arrive in at least one of our e-mail boxes. The content of your e-mail and the metadata accompanying it (sender address, time of sending, etc.) are stored on the e-mail servers of our hosting provider. In addition, after retrieval from the server, they may be stored in the e-mail programs on the devices that have access to the mailbox (computers, smartphones, tablets).

The concrete processing of personal data in an e-mail depends on the thematic content of the e-mail and the resulting storage obligations. It is conceivable that we may include your data in our contact directory for customers, business partners and other contacts.

Categories of data: Name, e-mail address; time of delivery or dispatch; other meta data that typically occur in e-mail communication; other personal data in the content of the e-mail such as further contact data in e-mail signatures, inquiries, orders, offers or complaints by e-mail.

Data recipient (possibly transfer to third countries): Our e-mail hosting service provider as the processor of the order. Transfer to third countries does not take place (unless you are using or residing with a hosting service provider outside the European Economic Area).

Purpose + legal basis: Communication by e-mail. Depending on the content of the correspondence, the legal basis is preparation or performance of a contract or a legitimate interest in replying to your e-mail.

Storage period: Depends on the content of the correspondence; in principle, commercial law requires that business letters be stored for six years.

4.2.2 Telephone Calls

Description: When we call each other, our mobile phones or our cloud-based telephone system in combination with our softphones record your number and the time of the call. These data in the call lists are continuously deleted from subsequent calls.

If the content of the call suggests it, we create a call note and record it in the appropriate place (e.g. in the customer database or for applicants in the personnel area). It is conceivable that we include your data in our contact directory for customers, business partners and other contacts.

Recordings of conversations will only be made in exceptional cases and after we have obtained your express consent.

Categories of data: Telephone number; time of the call; if applicable, contents of the call

Data recipient (possibly transfer to third countries): Telecommunications providers who are subject to the secrecy of telecommunications and the service provider for our cloud telephone system in connection with our softphones, who is bound to data protection by a contract processing agreement. A transfer to third countries does not take place.

Purpose + legal basis: Communication by telephone call. Depending on the content of the conversation, the legal basis is preparation or fulfilment of a contract or a legitimate interest in the exchange with you.

Storage period: Depends on the content of the conversation; regularly only a few days. Individual conversation notes may be subject to the commercial law retention obligation for business letters of six years.

4.2.3 Letter post

Description: If you send us a letter, we will regularly answer it with a letter that we create on the computer and save as a file. We often scan your letter to archive it as part of our digital office management. The specific processing of personal data in our correspondence depends on the thematic content of the letters and the resulting storage obligations. It is conceivable that we include your data in our contact directory for customers, business partners and other contact persons.

Categories of data: Name + address; personal data in the content of the letters such as further contact data on your letterhead, inquiries, orders, offers, complaints or other topics

Data recipient (possibly transfer to third countries): postal service provider. A transfer to third countries only takes place if the item is sent to an address outside the European Economic Area. In these cases, data protection is guaranteed by international agreements on postal secrecy.

Purpose + legal basis: Communication by letter. Depending on the content of the correspondence, the legal basis is preparation or performance of a contract or a legitimate interest in exchanging information with you.

Storage period: Depends on the content of the correspondence; in principle, commercial law requires that business letters be stored for six years.

4.2.4 Videoconference (Zoom)

Description: If you take part in a video conference with us to which we have (technically) invited, we are responsible for the data processing through this communication. We use the provider Zoom for video conferences. When we invite you to a conference, we send a URL from Zoom that is related to the specific conference.

To participate in a video conference, you must use either the Zoom app for mobile devices or workstations (desktop/laptop). The apps are automatically offered for download when you open the invitation link to a Zoom conference.

It is also possible to participate alone by telephone. In addition to the invitation URL, you will also be provided with the corresponding access data for a telephone dial-in.

As a participant you do not need to create a user account for Zoom. However, you are free to use such an account for participation. When dialing into the conference, you will be asked to enter a participant name for the conference, e.g. to be able to assign requests to speak in the chat during the conference to you. You can also use fantasy names here.

The Zoom app asks for your permission to access your microphone and camera. You can grant any of these permissions, but you do not have to if you want to follow a conference without active participation, for example.

In addition to audio and video, the conference app offers you additional functions: an accompanying chat for exchanging information in text form, requests to speak using symbol icons, profile maintenance (profile picture, additional contact data, artificial background image). Conferences can be recorded. When we record conferences, we inform all participants before the recording starts and start the recording only after all participants have agreed to the recording by clicking the corresponding button. If a participant does not agree with the recording, we will either waive the recording or ask the person not to participate in the recorded conference. Audio recordings can be transcribed by Zoom into a text file for us.

If there is no explicit recording, the conference will not be saved in any way. After the conference has ended, the contents of a non recorded conference can no longer be accessed. This corresponds to telephone conversations that were not recorded.

It is technically possible for each participant to create screenshots or a recording of the conference as a whole or in parts by means outside the zoom app. Such behaviour without the appropriate agreement of all participants can constitute a breach of data protection by the person acting and, if it is not one of our employees, is beyond our responsibility. Secret recordings of the spoken word may constitute a criminal offence under Section 201 of the German Criminal Code. We reserve the right to take legal action of any kind against persons who use their participation in a video conference to engage in behaviour hostile to data protection.

As the host (moderator) of the conference, we have the technical possibilities to mute you without your participation, to change your user name and to exercise other moderator rights. We only use such possibilities if there is a need for them. We use the zoom function Attention Tracking, which shows our moderators during their presentation if the zoom app is not the active app on your screen for more than 30 seconds. This feedback signals to our presenters that the audience is turning to other activities and that there may be problems with the presentation.

Zoom is bound to us by a contract for data protection. Zoom is not allowed to use all data, which the service provider processes through your conference participation, for its own purposes.

As far as data processing is concerned which is not directly related to the specific conference, the responsibility does not lie with us but directly with Zoom. This applies, for example, to downloading the Zoom app or using your own Zoom user account. By downloading the Zoom app to your end device, you establish an independent legal relationship between yourself and Zoom. For a Zoom user account you can enter your e-mail address or log in via your Facebook or Google account.

The data transfer between your terminal device and the Zoom server requires Zoom to know the IP address you are online during the video conference. The servers also record all types of data that regularly occur when using tele media services. Information on data protection at Zoom can be found here: https://zoom.us/docs/de-de/privacy-and-legal.html and https://zoom.us/privacy

Categories of data: User name, participation times, video or audio signal, video or audio recording (only with consent), audio transcript (only after recording), actions in the chat, status request to speak, profile data (profile picture, contact data, background picture), telephone number (when participating by telephone), use of the Zoom app only in the background; further data categories such as IP address or e-mail address are processed by Zoom on its own responsibility.

Data recipient (possibly transfer to third countries): Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA. Zoom is obliged to data protection as an order processor. Zoom has certified itself for data transfer to the USA under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TNkCAAW) and thus guarantees that the data is handled at EU data protection level.

Purpose + legal basis: Use of a video conference. Depending on the content of the conversation, the legal basis is preparation or fulfilment of a contract or a legitimate interest in the exchange with you. For recordings, consent is the legal basis.

Storage duration: If no recording is made, all data will be deleted at the end of the conference. If the conference was recorded, the recording will be deleted as soon as the last purpose for which the recording was made has been achieved.

4.2.5 Business cards

Description: If you give us a business card, we take over the data made on it to your person into our contact list.

Data categories: Name, contact data (address, telephone, fax, e-mail), company, business area of your company, your job title, your area of responsibility, place, time and circumstance of the establishment of contact as well as if necessary special references to your accessibility or the addressed business topics

Data recipient (possibly transfer to third countries): Our e-mail hosting service provider as contract processor, since we operate contact directories as part of the e-mail mailboxes (Outlook Exchange Server)

Purpose + legal basis: To maintain contacts. Legal basis is a legitimate interest, since you have voluntarily given us your business card.

Duration of storage: We store your data until you ask us to delete them – unless a business relationship has been established between us in the meantime, which results in independent storage obligations for your contact data.

4.3 Visiting our Internet pages

4.3.1 Provision of our Internet pages

Description: In order for a web server to make our website available to your browser, the server must collect technical data about your device used for this purpose, your browser and your Internet access. This is called a log file or weblog. These are data that you necessarily leave behind with every Internet page that you call up. The IP address from which you access our pages is the central point. The web server sends the data you want to see to this Internet address.

Data categories: IP address from which our site was called up; date and time of access; objects on our website that are called up in the browser; type and version of the Internet browser; type and version of the operating system

Data recipient (possibly transfer to third countries): Our hosting service providers, each of whom is bound to data protection through a contract processing agreement. We operate different websites with different hosting service providers. Some pages are hosted in Germany. A transfer to third countries does not take place for these pages.

Some pages are hosted in the USA by HubSpot. HubSpot Inc, USA, contact in the EU: One Dockland Central, Dublin 1, Ireland. To us, HubSpot is obliged to respect data protection through a contract for order processing according to Art. 28 DSGVO. HubSpot has certified itself for data transfer to the USA under the EU-US-Privacy-Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG) and thus guarantees a handling of data on EU data protection level.

Purpose + legal basis: Provision of our website as well as investigations, should an illegal access to our website occur (e.g. a hacker attack). Legal basis is a legitimate interest, as the operation of a website is not possible without the registration of the weblog. In the specific case of an attack on our website, we have a legitimate interest in being able to provide the investigators with evidence of how the attack took place.

Storage period: 7 days

4.3.2 Cookie management

Description: For all cookies requiring your consent, we ask for your consent before storing them in your browser cache. The decisions you make will in turn be stored in a cookie on your device, so that we do not have to ask you for your consent again when you visit our website again. You can revise your decision at any time by deleting the corresponding cookie (borlabds-cookie, storage period 1 year) from your device via the settings of your browser.

For our HubSpot pages this cookie is called: _hs_opt_out. For the other pages: borlabs-cookies

Categories of data: Consent status (yes/no)

Data recipient (possibly transfer to third countries): None

Purpose + legal basis: Legally compliant consent management for cookies. Legal basis is a legitimate interest, since saving the cookie decision only slightly restricts the rights of visitors and at the same time simplifies the use of the pages for repeated visits.

Duration of storage: Until the corresponding cookie is deleted from your browser cache or until the cookie’s expiry date is reached

4.3.3 Contact form

Description: Our internet pages have a contact form. You can use it to send us messages, e.g. if you don’t have your own e-mail address or if you don’t want to use it for sending us messages. Your voluntary entries are technically sent to us as an e-mail (even if you have not entered an e-mail address as sender).

As soon as you send your message, the data processing corresponds to sending an e-mail to our central contact address. While you are on the website and enter your details in the form, the data processing corresponds to calling up any of our websites.

Categories of data: See the processing operations “Provision of a website” and “E-mail communication”.

Data recipients (possibly transfer to third countries): See the processing operations “Provision of a website” and “E-mail communication”.

Purpose + legal basis: Provision of a contact form as an additional way of contacting us. Depending on the content of your contact, the legal basis is the preparation of a contract performance or a legitimate interest.

Storage period: See the processing operations “Provision of a website” and “E-mail communication”.

4.3.4 Web Fonts (Online Fonts)

Description: To enable an individual design of our internet pages, we use so-called web fonts. These are fonts that your browser loads from the Internet to display our site – if the fonts have not yet been loaded from a previous visit to a page with this font in your browser’s memory.

Some fonts are available directly on our own server. In this respect, this is not an independent processing that goes beyond the processing “providing our Internet pages”. Sometimes we access fonts from external servers, in our case fonts from Google (Google Fonts). Google enables an outstandingly fast provision of the font files and ensures that the currently optimal font is provided.

To download the fonts from the Google font servers (gstatic.com) your IP address must be transmitted to Google, because otherwise a transmission of the data package is not possible. Google does not receive any further data from you in connection with this processing.

Data categories: IP address from which your device is connected to the Internet

Data recipient (possibly transfer to third countries): Google LLC, for us as a European organisation contactable via Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The data collected by Google Fonts is transferred to Google’s servers in the USA and processed there. For this purpose, Google has certified itself under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI) and thus guarantees that the data is handled at EU data protection level.

Purpose + legal basis: Provision of Google Fonts in a fast and up-to-date form. Legal basis is a legitimate interest, since in the context of this processing only the IP address of your device is transmitted without further references to your use of the Internet.

Storage duration: The storage duration is the responsibility of Google. It is not necessary for us to delete your data, as we do not collect any data from you through the use of Google Fonts.

4.3.5 Video streaming (YouTube)

Description: Our website shows films about a video player from YouTube, a subsidiary of Google. When you visit a page equipped with a YouTube player, a connection is made to YouTube’s servers and Google’s cookies are set in your browser. These cookies tell Google’s servers which of our pages you have visited and which movie you have watched. Google sets the following cookies via the YouTube player: GPS, Visitor_Info1_Live, YSC, IDE

We do not receive any data about your usage behaviour from Google or YouTube with regard to this data collection.

If you are logged in to your YouTube account while visiting our site, you allow YouTube to associate your usage history directly with your personal profile. You can prevent this by logging out of your YouTube account.

For more information about how we handle your information, please see Google’s privacy policy at https://www.google.de/intl/de/policies/privacy

Categories of data: IP address from which our site was accessed; date and time of access; films accessed; parts functions used to recommend the film; type and version of the Internet browser; type and version of the operating system; Google ID stored in cookies

Data recipient (possibly transfer to third countries): Google LLC, for us as a European organisation contactable via Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The data collected in the context of the YouTube use is transferred to Google’s servers in the USA and processed there. For this purpose, Google has certified itself under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI) and thus guarantees that the data is handled at EU data protection level.

Purpose + legal basis: We use the YouTube player in order to offer you a powerful video streaming service. Legal basis for the data transfer to Google is your consent via cookie management.

Storage duration: The storage duration is the responsibility of Google. It is not necessary for us to delete your data, as we do not collect any data from you through the use of YouTube.

4.3.6 Analysis of user behaviour (Google Analytics)

Description: We use the web analysis service Google Analytics. On our behalf, Google creates statistical reports about the activities on our website, the regional origin of the visitors and technical parameters of the devices with which our pages are visited.

We use analytics with the extension “anonymizeIP” so that IP addresses are only processed in a shortened form in order to exclude the possibility of direct personal references. Through IP anonymisation, the end of your IP address is replaced by zeros by Google within the European Union before the data is transferred to the USA. Only in exceptional cases will the complete IP address be transferred to a Google server in the USA and shortened there.

We have linked our Analytics account with our marketing account at Google and thus enable Google to display ads for us in an even more target-group oriented way. In addition, we can now better understand which advertising measure has been successful and which not. See the processing “Google Ads” and the corresponding note on our joint responsibility with Google in the sense of Art. 26 DSGVO.

Google Analytics uses cookies to bundle the usage data from your browser. This gives us the opportunity to determine the quota of returning visitors or to trace usage paths within our Internet pages.

The Analytics cookies have the designations _ga (to recognize returning visitors), _gid (to be able to form statistical groups) and _gat (to reduce data comparison with extended Google functions).

Comprehensive information on the use of the data collected by Google can be found in Google’s privacy policy (https://policies.google.com/privacy) and in Google’s information on cookies (https://policies.google.com/technologies/cookies).

Categories of data: IP address by which the device goes online; location or country and Internet service provider for Internet access linked to the IP address; date and time of access; objects on our website that are called up (clicked on) in the browser; type and version of the Internet browser; type and version of the operating system; websites from which the user has accessed our website; websites that the user accesses from our website; Google ID stored in the cookie.

Data recipient (possibly transfer to third countries): Google LLC, for us as a European organisation contactable via Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Google is obligated to us to observe data protection via a contract for order processing in accordance with Art. 28 DSGVO. The information collected by the cookies is transferred to Google’s servers in the USA and stored there. In cases where, despite the restrictions imposed, such as the anonymisation of IP addresses, personal data is transferred to the USA, Google has certified itself under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI) and thus guarantees that the data is handled at EU data protection level.

Purpose + legal basis: The purpose of this usage analysis is to enable us to further improve our Internet offering based on the findings of the analysis.

The legal basis, in particular for linking the analytics data with the advertising functions of Google, is your consent, which you have given via our cookie manager.

Storage period: 26 months (Reason: This storage period enables us to create annual reports).

4.3.7 Analysis of usage behaviour (HubSpot)

Description: We use HubSpot technology as the central database for the management of our customers (see the processing “Customer database (CRM)”). HubSpot automatically supplements the core data of our customers with information on the usage history of our digital offers. This makes it easier for us to assign the use of our services and any problems that may arise to individual customers and to present our customers with suitable offers for further use of our services.

The recording of usage behaviour is carried out via cookies. HubSpot uses its own cookies and merges this data with other data we have collected through other analysis services to provide the most complete customer profile possible.

The direct HubSpot cookies are: _hs_opt_out (cookie consent), _hssc, _hssrc, _hstc, _HubSpotutk

For a stable delivery of HubSpot’s web pages HubSpot uses the Content Delivery Network Cloudflare, which sets the following cookies _cfduid, _cfruid

Categories of data: IP address from which the device goes online; location or country linked to the IP address as well as Internet service provider for the Internet access through which the visitor goes online; date and time of access; objects on our website that are called up (clicked on) in the browser; type and version of the Internet browser; type and version of the operating system; websites from which the user has accessed our website; websites that the user accesses from our website; IDs stored in the individual cookies

Data recipient (possibly transfer to third countries): HubSpot Inc., USA, contact in the EU: One Dockland Central, Dublin 1, Ireland. To us, HubSpot is obliged to respect data protection through a contract for order processing according to Art. 28 DSGVO. HubSpot has certified itself for data transfer to the USA under the EU-US-Privacy-Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG) and thus guarantees a handling of data on EU data protection level.

Purpose + legal basis: The purpose of this usage analysis is to be able to create a customer profile that is as complete as possible in order to be able to provide customers with comprehensive assistance with their inquiries and to be able to provide customers with appropriate services and offers. The legal basis is consent, which is given via cookie consent.

Storage period: Your usage data linked to the customer account will remain stored with us as long as your account is stored by us at HubSpot (see processing “Customer database (CRM)”).

4.3.8 Analysis of user behaviour (Facebook pixels)

Description: Our internet pages set cookies from Facebook, which are known as Facebook pixels. This enables us to provide Facebook with data about your use of our site. This enables Facebook to provide ads for us within Facebook and Instagram in a more targeted manner.

The corresponding data is only transferred to Facebook if you agree to the setting of the corresponding cookies. The names of the Facebook cookies are: AA003, ATN, _fbp, fr

Categories of data: IP address from which the device goes online; location or country and Internet service provider for Internet access linked to the IP address; date and time of access; objects on our website that are called up (clicked on) in the browser; type and version of the Internet browser; type and version of the operating system; websites from which the user has accessed our website; websites that the user accesses from our website; Facebook ID stored in the cookie

Data recipient (possibly transfer to third countries): Facebook Inc., for us as a European organisation, contactable via Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook is obliged to us to observe data protection via a contract for order processing in accordance with Art. 28 DSGVO. Insofar as data is transferred to Facebook servers in the USA, Facebook has certified itself under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC) and thus guarantees that the data is handled at the EU data protection level.

Purpose + legal basis: The purpose of the data transfer to Facebook is to be able to provide ads on Facebook and Instagram as close as possible to the target group. The legal basis is your consent, which you have given via our cookie manager.

Storage duration: The storage duration is the responsibility of Facebook. It is not necessary for us to delete your data, as we do not collect any data from you through the use of the Facebook pixel.

4.3.9 Analysis of usage behavior (SalesViewer)

Description: Through our internet pages we use the technology of SalesViewer, which provides us with information about the companies from which visitors to our pages come. For this purpose a javascript-based code is used, which lets SalesViewer record the IP address used by the visitor. A cookie is not used. On our behalf, SalesViewer compares this data with publicly available information and as a result provides us with an overview of the companies from which visitors to our website come.

SalesViewer offers the possibility to prevent data collection by SalesViewer by using an opt-out cookie. You can find the cookie at: https://www.salesviewer.com/de/opt-out

For further information on data protection at SalesViewer please visit: https://www.salesviewer.com/de/datenschutzerklaerung

Categories of data: IP address used to connect the device online and the company behind the address; date and time of access

Data recipient (possibly transfer to third countries): SalesViewer. SalesViewer is obligated to us to observe the data protection regulations for a contract for order processing according to article 28 DSGVO. A transfer to third countries does not take place.

Purpose + legal basis: The purpose of data collection is to identify companies that are interested in our services. Legal basis is a legitimate interest, since the data analysis performed by SalesViewer does not relate to natural persons and only makes statements about the companies that have provided the Internet access.

Storage period: 1 year

4.3.10 Analysis of user behaviour (LinkedIn)

Description: Our Internet pages use cookies from LinkedIn. This enables us to provide LinkedIn with information about your use of our site. This allows LinkedIn to deliver ads to us within LinkedIn in a more targeted manner.

This information is only transferred to LinkedIn if you consent to the use of cookies. The names of the LinkedIn cookies are: UserMatchHistory, bcookie, bscookie, long, lidc, lissc

Categories of data: IP address from which the device goes online; location or country and Internet service provider for Internet access linked to the IP address; date and time of access; objects on our website that are called up (clicked on) in the browser; type and version of the Internet browser; type and version of the operating system; websites from which the user has accessed our website; websites that the user accesses from our website; LinkedIn ID stored in the cookie

Recipient of the data (possibly transfer to third countries): LinkedIn Corp., for us as a European organisation contact LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn is obligated to us to observe data protection via a contract for order processing in accordance with Art. 28 DSGVO. Insofar as data is transferred to LinkedIn servers in the USA, LinkedIn has certified itself under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0) and thus guarantees that the data is handled at EU data protection level.

Purpose + legal basis: The purpose of data transfer to LinkedIn is to be able to provide advertisements on LinkedIn as close as possible to the target group. The legal basis is your consent, which you have given via our cookie manager.

Storage period: The storage period is the responsibility of LinkedIn. It is not necessary for us to delete your data, as we do not collect any data from you through the use of LinkedIn cookies.

4.3.11 Use of a Content Delivery Network (Cloudflare)

Description: Some of our Internet pages are made available via a so-called Content Delivery Network (CDN) as a particularly resilient form of Internet hosting. For us, Cloudflare is in use as CDN. Cloudflare with its specialized technology makes it possible that Internet pages can be delivered quickly worldwide even with heavy traffic. Besides Cloudflare offers special safety functions, which make the Internethosting particularly stable against attacks.

For the full use of its safety functions Cloudflare works with Cookies. These cookies are regarded as essential cookies, as their function only serves the reliable provision of the internet pages. The names of the Cloudflare cookies are: _cfduid, _cfruid

Categories of data: IP address from which the device goes online; date and time of access; objects on our website that are called up in the browser; type and version of the Internet browser; type and version of the operating system; websites from which the user has accessed our website; websites that the user calls up from our website

Data recipient (possibly transfer to third countries): Cloudflare Inc., 101 Townsend Street, San Francisco, California 94107, USA. Cloudflare is obliged to us to observe data protection via a contract for order processing according to Art. 28 DSGVO. As far as data is transferred to Cloudflare’s servers in the USA, Cloudflare has certified itself under the EU-US-Privacy-Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0) and thus guarantees a handling of the data on EU data protection level.

Purpose + legal basis: The purpose of the data transfer to Cloudflare is to be able to provide our internet pages securely and quickly. Legal basis is a legitimate interest, since Cloudflare uses the data only to increase and secure the efficiency of our internet hosting.

Storage duration: The storage duration is the responsibility of Cloudflare. A data deletion with us is not necessary, since we ourselves do not collect any data from you through the use of Cloudflare cookies.

4.4 Marketing Communication

4.4.1 Receiving our newsletter

Description: You can subscribe to our e-mail newsletter. All you have to do is enter your e-mail address. Other information such as your name is voluntary and serves to enable us to personalize the sending of e-mails with a direct form of address.

If you register online for the newsletter, you will receive a one-time e-mail from us to the e-mail address you have provided, in which we ask you to confirm your registration. In this way we want to avoid that you are registered for our newsletter by someone who does not have or should not have access to this address. This two-step procedure is called Double-Opt-in for double consent.

By registering for our newsletter, you consent to us sending you e-mails on the topics described on the registration page, both in terms of data protection and competition law.

You can revoke your registration and thus your consent for the future at any time. You can do so by clicking on the corresponding link at the end of each newsletter we send out.

We record the use of our newsletter via so-called tracking pixels and campaign URLs for the Internet links in the newsletter. The tracking pixel calls up our newsletter server when you open the e-mail. The call of the internet links in the newsletter is recorded via the campaign assignment.

Data categories: E-mail address, documentation of e-mail verification (double opt-in), time of your registration; your name, company/institution (voluntary); usage data (opening the e-mail + clicking on Internet links)

Data recipient (possibly transfer to third countries): HubSpot as our service provider for the newsletter dispatch, who is obligated to data protection through an order processing contract. HubSpot has certified itself for data transfer to the USA under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG) and thus guarantees that data is handled at EU data protection level.

Purpose + legal basis: Provision of an e-mail newsletter and optimization of our newsletter content. Legal basis is your consent.

Storage period: After revocation of your consent your data will be deleted immediately.

4.4.2 Telemarketing (B2C)

Description: As far as a consumer (B2C) has given his consent for us to make advertising calls, we also offer our services by telephone call (telemarketing).

The details of the calls follow the processing “customer database (CRM)” and “telephone calls”.

Categories of data: Name, telephone number, existence of consent Telemarketing, time of contact

Data recipient (possibly transfer to third countries): None

Purpose + legal basis: Personal presentation of the service portfolio and booking conditions in a telephone conversation with potential customers whose consent has been obtained for a call. Legal basis is a consent.

Storage period: see processing “Customer database (CRM)” and “Phone calls

4.4.3 Telemarketing (B2B)

Description: As far as a potential business customer (B2B) has given his presumed consent for us to make advertising calls, we also offer our services by telephone call (telemarketing). We assume a corresponding presumed consent if you have contacted us and have provided us with your telephone number, e.g. in the context of a whitepaper download or newsletter registration.

The details of the calls follow the processing “customer database (CRM)” and “telephone calls”.

Data categories: Name, telephone number, company/organisation, existence of marketing consent, order of whitepaper, time of contact

Data recipient (possibly transfer to third countries): None

Purpose + legal basis: Personal presentation of the service portfolio and booking conditions in a telephone conversation with potential customers whose consent for a call has presumably been obtained. Legal basis is a presumed consent in the sense of § 7 Abs. 2 Nr. 2 UWG.

Storage period: see “Customer database (CRM)” and “Telephone calls” processing operations

4.4.4 Google Ads

Description: We serve ads through Google Ads. In order to optimize our marketing activities, Google Ads accesses personal data that is made available to Google via cookies and its various analysis services for websites, apps and the Android and Chrome OS operating systems provided by Google. We ourselves do not have access to the personal data on which the display of our ads is based. We only select general parameters for the audience to which our ads are to be delivered. In this respect we do not process personal data.

By linking our Google Ads account with our Google Analytics account, we make it easier for Google to recognize interested parties who have already visited our website.

Our own internet pages set cookies from Google’s advertising services (Google Ads, Doubleclick). The cookie names are: NID, SID, IDE, DSID, FLC, AID, TAID, exchange_uid, test_cookie, _gads, _gac, _gcl).

Linking accounts and setting Google’s advertising cookies constitutes processing of personal data. In this respect, a joint responsibility within the meaning of Article 26 DSGVO arises with regard to personal data, for which we have concluded a corresponding “controller-controller” agreement with Google (https://support.google.com/analytics/answer/9012600).

The agreement divides the responsibility between Google and us in such a way that we are responsible for collecting the analysis data and Google is responsible for using the data for advertising purposes. As a result, you should exercise all your rights with respect to the use of your data within Google Analytics with us and you should exercise all your rights with respect to the use of your data to deliver targeted ads directly to Google.

We cannot provide any details about the data processing at Google. The data protection information from Google (https://policies.google.com/privacy) applies here.

Categories of data: Usage data from Google’s various services, through which cookies are sent to our website and from our Google Analytics account

Data recipient (possibly transfer to third countries): Google LLC, for us as a European organisation contactable via Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The data collected within the scope of Google Analytics is transferred to servers in the USA for Google Ads and processed there. For this purpose, Google has certified itself under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI) and thus guarantees that the data is handled at EU data protection level.

Purpose + legal basis: Targeted publication of advertisements. Legal basis is consent, because Google’s cookies are only set in the browser after consent.

Storage duration: The storage duration is the responsibility of Google. It is not necessary for us to delete data, as we do not collect any data from you through the use of Google Ads.

4.4.5 Facebook Ads

Description: We place ads via Facebook Ads. In order to optimize our marketing activities, Facebook accesses personal data that is available to Facebook on its own platform (facebook.com and instagram.com), via its analysis services for websites and apps, and WhatsApp metadata. We ourselves do not have access to the personal data on which the display of our ads is based. We only select general parameters for the target audience to which our ads are to be made available. In this respect we do not process personal data.

Individual ads are designed in such a way that you allow Facebook to pass on your contact details to us. We receive your data to the extent that you allow Facebook to pass them on to us.

By linking our Facebook Ads account with our company profiles on Facebook and Instagram, we make it easier for Facebook to recognize interested parties who have already been on our profiles.

Our internet pages also set cookies from Facebook (cookie name: fr, _fbp). The linking of accounts and the setting of Facebook cookies represents a processing of personal data.

We cannot provide any details about the data processing at Facebook. The Facebook data protection information applies here: https://www.facebook.com/about/privacy

Categories of data: Usage data from Facebook’s various services and the Facebook pixel on our Internet pages (see the processing “Facebook pixel”)

Data recipient (possibly transfer to third countries): Facebook Inc., for us as a European organisation, contactable via Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Insofar as data is transferred to Facebook servers in the USA, Facebook has certified itself under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC) and thus guarantees that the data is handled at EU data protection level.

Purpose + legal basis: Target group-specific publication of advertisements. The legal basis is consent, as Facebook’s cookies are only set in the browser after consent and the use of Facebook pages requires registration with Facebook.

Storage duration: The storage duration is the responsibility of Facebook. It is not necessary for us to delete your data, as we do not collect any data from you through the use of Facebook Ads.

4.5 Use of our Apps

4.5.1 Functions in the App

Description: With our app you can access the contents of your courses booked with us and your user profile. The functions in the app are basically the same as those offered in the Internet browser, but are displayed in an optimized way for use on mobile devices. No special app-related data processing takes place. Reference can be made to the processing “online training”.

The contents are technically hosted by Lemon as the processor of the order. Even though we are responsible for the operation of the app, the app is offered for download by Lemon as developer on our behalf in the app stores.

Details on data protection at Lemon can be found here: https://www.lemon-mobile-learning.com/datenschutz/

Categories of data: See the processing “Online trainings”.

Data recipient (possibly transfer to third countries): Lemon Systems GmbH, Beim Alten Gaswerk 1, 22761 Hamburg. Lemon is obligated as a processor to data protection. A transfer to third countries does not take place.

Purpose + legal basis: Use of a learning system as a mobile solution. Legal basis for the processing of your data is the fulfilment of the training contract with us.

Storage period: See the processing “Online training courses”.

4.5.2 Downloading the Apps

If you want to use our app on your mobile device, you will need to download it from an App Store appropriate for your device’s operating system. For iOS devices this is Apple’s AppStore, for Android devices it is either Google’s PlayStore or another platform for Android apps.

All data processing in connection with the download of our App is between you and the respective App Store. We do not receive any personal data about this, but only statistical compilations about the number of downloads. For all information about the respective data processing we refer to the corresponding data protection information of Apple, Google or the download platform you are using.

4.6 Our Social Media Profiles

4.6.1 Facebook and Instagram

Description: We run company profiles (also called fan page) on Facebook and Instagram. Such a fan page enables us to present our organization on Facebook or Instagram, to contact you on this social media platform and to point out our services and offers through ads on these platforms.

Facebook provides us with analysis data on the use of our fan page (called Page Insights). This gives us an impression of how successful each of our communication measures is.

For details of data processing at Facebook, please refer to the Facebook privacy information: https://www.facebook.com/about/privacy

In accordance with a ruling of the European Court of Justice, the use of this analysis data is carried out in joint responsibility with Facebook in accordance with Art. 26 DSGVO. Facebook has accordingly provided a joint responsibility agreement (https://www.facebook.com/legal/terms/page_controller_addendum). In the agreement, Facebook has assumed sole responsibility for all data processing issues. If you wish to exercise your rights under the DSGVO with regard to the data processed in Page Insights, you should contact Facebook directly via your Facebook account. However, in accordance with the legal regulations on joint responsibility, you are also free to contact us with your concerns. We would then forward your request to Facebook.

Data categories: Facebook username; comments, likes and page views within Facebook or Instagram and time of action

Data recipient (possibly transfer to third countries): Facebook Inc., for us as a European organisation, contactable via Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Insofar as data is transferred to Facebook servers in the USA, Facebook has certified itself under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC) and thus guarantees that the data is handled at EU data protection level.

Purpose + legal basis: Analysis of the usage behavior on our fan page or our Instagram profile. Legal basis is the consent you have given in the course of your Facebook registration.

Storage duration: The storage duration is the responsibility of Facebook.

4.6.2 Twitter

Description: We run a company profile on Twitter. Such a Twitter profile enables us to present our organisation on Twitter, to get in touch with you on this social media platform and to point out our services and offers via advertisements on these platforms.

Twitter provides us with analysis data through the use of our profile page (Twitter Analytics). This gives us an impression of how successful each of our communication measures is.

The Twitter data protection information applies to the details of data processing on Twitter: https://twitter.com/de/privacy

Categories of data: Twitter username; comments, likes and page views within Twitter and time of action

Data recipient (possibly transfer to third countries): Twitter Inc., for us as a European organisation, contact Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. As far as data is transferred to the USA, Twitter has certified itself under the EU-US Privacy-Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO) and thus guarantees that the data is handled at EU data protection level.

Purpose + legal basis: Analysis of user behaviour on our Twitter profile. Legal basis is the consent you have given in the course of your Twitter registration.

Storage duration: The storage duration is the responsibility of Twitter.

4.6.3 LinkedIn

Description: We operate a company profile at LinkedIn. Such a LinkedIn profile allows us to introduce our organisation to LinkedIn, to get in touch with you on this social media platform and to advertise our services and offers on these platforms.

LinkedIn provides us with analysis data on the use of our profile page. This gives us an idea of how successful each of our communication measures is.

For details of data processing at LinkedIn, please refer to the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy

Categories of data: LinkedIn username; comments, likes and page views within LinkedIn and time of action

Recipient of the data (possibly transfer to third countries): LinkedIn Corp., for us as a European organisation contact LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Where data is transferred to LinkedIn servers in the USA, LinkedIn has certified itself under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0) and thus guarantees that the data is handled at EU data protection levels.

Purpose + legal basis: Analysis of the usage behaviour on our LinkedIn profile. The legal basis is the consent you have given during your LinkedIn registration.

Storage period: The storage period is the responsibility of LinkedIn.

4.6.4 Xing

Description: We operate a company profile at Xing. Such a Xing profile allows us to present our organization at Xing, to get in touch with you on this social media platform and to advertise our services and offers on these platforms.

Xing provides us with analysis data through the use of our profile page. This gives us an impression of how successful each of our communication measures is.

The Xing data protection information applies to the details of data processing at Xing: https://privacy.xing.com/de/datenschutzerklaerung

Categories of data: Xing username; comments, likes and page views within Xing and time of action

Data recipient (possibly transfer to third countries): New Work SE (operator of xing.com), Dammtorstraße 30, 20354 Hamburg. A transfer to third countries does not take place.

Purpose + legal basis: Analysis of the usage behaviour on our Xing profile. The legal basis is the consent you have given in the course of your Xing registration.

Storage period: The storage period is the responsibility of Xing.

4.7 Suppliers and service providers

4.7.1 Business relationship

Description: We have business relationships with suppliers and service providers for the processing of which personal data is processed, as far as the companies are self-employed persons or partnerships or we communicate with specific contact persons.

Data categories: Contact, contract and invoice data

Data recipients (possibly transfer to third countries): tax consultants, auditors, lawyers in their capacity as professional secrecy holders and, in the event of a tax audit, the tax authorities

Purpose + legal basis: Proper management. The legal basis is both the fulfilment of contracts and legal obligations and legitimate interests.

Storage period: In accordance with tax law, invoice data must be stored for 10 years; contract data must be stored for different periods depending on the type of contract. In the case of copyrights, such periods extend up to 70 years beyond the death of the author.

4.7.2 Mention of names in publications

Description: In publications published by us we name authors according to the right of the authors to be named. The naming also extends to the accompanying marketing and public relations work. As far as authors represent an institution relevant to the publication, their affiliation to this institution is also mentioned. For some publications, professional contact details of the authors are also published as a service for the readers.

Data categories: Name, academic title; partly institution and professional contact details

Data recipient (possibly transfer to third countries): none

Purpose + legal basis: To indicate authorship. The legal basis for the name Fulfilment of the author’s contract and, if applicable, with regard to contact details, is a legitimate interest, as only professional contact details of relevant contact persons are published here.

Duration of storage: After delivery of the publications, we cannot subsequently delete them.

4.8 Filling of positions

4.8.1 Applications

Description: If you apply for a job with us, we will process your application documents until the application procedure is completed, solely for the purpose of deciding on your employment. We restrict access to your documents to those persons whom we can reasonably include in the decision on your employment. In order to do this in the best possible way, we manage your application and your documents in a separate application database, which is made available to us by a cloud service provider. This means that we do not have to send your documents e.g. by e-mail to all the people we involve in the decision-making process about your recruitment.

If we decide to hire you, your application documents will be transferred to your personnel file. If no recruitment is made, we will either ask you for your consent to be included in our candidate pool or destroy your documents as soon as you can no longer expect to appeal against our decision under anti-discrimination law.

Categories of data: Name + contact details; details in the letter of application, curriculum vitae, certificates and references, training certificates and professional qualifications, notes on job interviews (by telephone and in person), results of recruitment tests if applicable

Data recipient (possibly transfer to third countries): Our service provider for the applicant database, who is obliged to protect your data via a contract processing agreement. A transfer to third countries does not take place.

Purpose + legal basis: Basis for decision for filling a position. The legal basis is the preparation of a contract fulfilment (employment contract) and subsequently the defence of objections against negative decisions.

Storage period: 6 months after completion of the original application procedure

4.8.2 Candidate pool

Description: If we are currently unable to offer you a suitable position, but would like to consider you again in the selection process for future vacancies, we ask for your permission to keep your application documents beyond the end of the current application process. If we are unable to get back to you for more than two years, we will ask for your consent again for further storage.

Data categories: Name + contact details; details in the letter of application, curriculum vitae, certificates and references, training certificates and professional qualifications, notes on job interviews (by telephone and in person), results of recruitment tests if applicable.

Data recipient (possibly transfer to third countries): none

Purpose + legal basis: Basis for decisions on future appointments. Legal basis is consent.

Storage period: 2 years since last contact or last consent

4.9 General infrastructure

4.9.1 Visitor WiFi

Description: We provide visitors with access to our WiFi network and thus to the Internet. When you log on to the WiFi network access point, the unique identifier of your device and the hours of use are recorded. For all services that you access while using our network on the Internet, the IP address of our network is logged. If investigations are made into activities that originate from our IP address, we are sometimes obliged to provide the documentation of use in the so-called log file.

Data categories: MAC address of the device, usage times

Recipients of data (possibly transfer to third countries): Normally no recipients; authorities responsible for investigations and possibly private owners of a right to information or forensic experts commissioned by us

Purpose + legal basis: Log files such as this serve to enable and strengthen IT security in our company. The legal basis is a legitimate interest, as we only access the WiFi logfile when a security analysis is required. We can only assign the WiFi data to specific devices and thus their owners with considerable effort and regularly only with the help of police investigations.

Storage period: Our WiFi log file is regularly deleted, at the latest once a year.

4.9.2 Financial accounting

Description: All payments are recorded in the financial accounts. The financial accounting takes place internally, but we use a cloud-based software solution for this.

Data categories: Name, customer or supplier number, bank details or credit card data, travel data (time, destination, accommodation, means of transport, costs), entertainment (date, place/business, persons served, reason for service, costs), details of other expenses (purchases, gifts)

Data recipient (possibly transfer to third countries): Our service provider for financial accounting, who is obligated to data protection through a contract processing agreement. A transfer to third countries does not take place.

Purpose + legal basis: Management of all payment transactions. Legal basis is contract fulfilment or legal obligation (tax and commercial law).

Storage period: We store the data in the financial accounting for 10 years (obligation from § 147 AO).

4.9.3 Transfers of payments

Description: Payments via a bank or credit card account of ours are documented accordingly in the account documents.

Data categories: Name, bank details, payment date, payment amount, reason for payment (posting text)

Data recipient (possibly transfer to third countries): Our account-holding financial institutions, which are legally bound to data protection through banking secrecy and banking supervision. A transfer to third countries does not take place.

Purpose + legal basis: Cashless payment transactions; legal basis is contract fulfilment.

Storage period: We keep account statements for 10 years (obligation from § 147 AO).

4.9.4 IT Administration

Description: We use service providers for the administration, maintenance and support of our information technology. These service providers do not deal with the content of the personal data processed by us. However, during the maintenance of databases and other system units, it can happen that personal data is taken note of by the service providers. All of our service providers have been expressly committed to confidentiality by means of appropriate contracts and in accordance with the sensitivity of the data to which they have access.

Data categories: Any type of data

Data recipient (possibly transfer to third countries): IT service providers who are bound to data protection by a contract processing agreement or another form of confidentiality obligation. A transfer to third countries does not take place.

Purpose + legal basis: Use of competent service providers for professional IT administration. The legal basis is a legitimate interest, as the service providers have been committed to data protection by means of adequate confidentiality obligations.

Storage period: An independent storage does not take place.

4.9.5 File Storage (Metadata, Microsoft Graph)

Description: In addition to the data acquisition in individual (previously described) databases, we store documents on our storage media. This typically includes Office documents (Word, Excel, Powerpoint), PDF files, images, movies, layouts, other formats of text, spreadsheets and presentation files and finally any kind of file whose use is appropriate in the context of our business processes.

The data protection issues regarding the content of the files depend on the relevant processing purposes. Parallel to this, independent processing results from the storage of the files and the metadata regularly attached to them (primarily the creator signature).

We use Microsoft Office 365 as a cloud solution for file storage (in Sharepoint or OneDrive). For the efficient use of our data we have activated the Office Delve function, which in turn accesses Microsoft Graph or Office Graph. Graph evaluates the metadata of all files to improve their retrievability.

Data categories: Any kind of data, but here focus on metadata: Signature of the file creator, signatures of file editors (also in comments + notes); time of creation, editing or storage

Data recipient (possibly transfer to third countries): Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521; Microsoft is bound to data protection by a contract processing agreement. Insofar as the EU subsidiary transfers data to the US parent company Microsoft Corp., the data transfer is secured both by EU standard contract clauses and by Microsoft’s certification under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).

Purpose + legal basis: File storage in a high-performance computer centre and use of modern search functionalities. The legal basis is a legitimate interest, as the processing is carried out within the framework of an order processing.

Storage duration: Depends on the storage time for the individual file

4.9.6 Disposal of data media and documents

Description: The deletion or destruction of data also constitutes data processing. We dispose of paper documents with personal data worthy of protection via the locked bins of a professional document shredder. The level of document destruction agreed with the service provider corresponds to the risk or confidentiality classification of the documents to be destroyed.

Storage media (hard disks; e.g. from servers, computers, smartphones, tablets, USB sticks, memory cards) on which previously sensitive personal data was stored will be handed over to a professional shredder of storage media if they are no longer to be used for storing this data. The level of the deletion or destruction process corresponds to the risk or confidentiality classification of the data previously stored on the medium.

Categories of data: Any type of data.

Data recipient (possibly transfer to third countries): Service providers for the professional destruction of paper documents and storage media who are obliged to comply with data protection regulations by means of contract processing agreements. A transfer to third countries does not take place.

Purpose + legal basis: Risk-compliant destruction or deletion of personal data. The legal basis is the legal obligation to minimise and delete data from the DSGVO:

Duration of storage: Storage beyond the deletion/destruction does not take place.

Last update: 11.05.2020

Copyright © – Alle Rechte vorbehalten