The data protection instructions fulfill the information requirements according to the requirements of Item 12 ff. of the EU General Data Protection Regulation ("GDPR") and provide an overview of the processing of your personal data (on this website).
- 1. Who is responsible for the processing of my data?
- 2. Which data is collected?
- 3. Which cookies are used?
- 4. What data is collected for what purposes?
- 4.1 Technical provision of the website
- 4.2 Use of the web shop
- 4.3 Contact form, e-mail and telephone contact
- 4.4 Newsletter
- 4.5 Web tracking
- 5. Who receives my data?
- 6. Will my data be processed outside the EU or EEA (third-country transfer)?
- 7. What privacy rights do I have?
- 8. To what extent is there an automated decision-making process?
- 9. Is profiling taking place?
- 10. Final / Version information
1. Who is responsible for the processing of my data?
Telephone: +49 (0) 5241-80-0
is responsible for the processing of this data (hereinafter referred to as "Company"). The Company has collected personal data in connection with the GDPR and the Federal Data Protection Act (hereinafter referred to as "FDPA").
You can reach the data protection officer of the Company under the address above with the addition "To the data protection officer" or via email: email@example.com.Back to Top
2. Which data is collected?
When you visit the website, the computer used automatically collects information (hereinafter referred to as "access data"). This access data includes server log files, which usually consist of information about the browser type and version, the operating system, the Internet service provider, the date and time of use of the web page, previously visited web pages and other websites accessed for the first time via the website, as well as the IP address of the computer exist. With the exception of the IP address, the server log files are not personally identifiable. An IP address is personally identifiable when the IP address has been permanently assigned when using the internet connection and when the Internet provider can assign the IP address to an individual.
If you continue to use the services of the website, pseudonymous usage profiles and/or the data entered by you on the website (e.g. search words, login data, ratings, form or contract entries, click data) will be processed.
Some services of the website require that you provide personal information to the Company. In these cases, the data provided by you will be used to provide you with the service you require or to be able to process the respective request. The following personal data is processed on the website:
- User data such as e-mail address, telephone number, name and password
- Email content sent by Courseware Marketplace, such as the Password Reset link.
- Payment details such as a credit card number, credit limit and invoice number.
- Process author information such as name, phone number, and certification status.
- End user data such as student e-mail and name processed.
- Processing order data such as license status, PO number and order address.
- Organizational information such as organization number, main contact and preferred Lab Hoster.
3. Which cookies are used?
Basically, cookies are only an online identifier without personal reference. Cookies are personally identifiable, if the information generated by the cookies is combined with other information or data. A distinction can be made between the cookies that are required for the provision of the website and the cookies required for other purposes, such as user behavior analysis or advertising.
The cookies required for the provision of the website include, but are not limited to:
- Cookies used to identify or authenticate users;
- Cookies that temporarily store certain user entries (e.g. contents of a shopping cart or an online form);
- Cookies that store certain user preferences (e.g. search or language settings);
- Cookies that store data to ensure trouble-free playback of video or audio content.
- Analysis cookies, which are used to record the usage behavior (e.g. clicked advertising banners, visited subpages, search queries) of our users and to evaluate them in statistical form;
4. What data is collected for what purposes?
The purposes of the data processing may be the result of technical, contractual or legal requirements as well as consent.
We use the data mentioned in section 2 for the following purposes:
- Provision of the website and ensuring technical safety, in particular to remedy technical errors and to ensure that unauthorized persons do not gain access to the systems of the Website;
- Web analytics to make the website more efficient, interesting, and to conduct market research;
- To register and create a user account, e.g. for the purchase of goods or services;
- To operate Arvato Marketing activities, in particular banner advertising and targeted information such as personalized offers to our customers.
- To give Arvato a collection of information about customers' browsing and buying behavior, including insight into the success of special campaigns, tenders, etc.
- To carry out credit checks.
- To enable Arvato to fulfill its contractual obligations and, for to remit payment to a third party if a product has been purchased by a customer who has been redirected from the third party's website to the Arvato website.
For more information about these data processing purposes, see the following sections of this Privacy Notice.Back to Top
4.1 Technical provision of the website
4.1.1 Description and scope of data processing
To ensure the functionality of the website, the execution of security analysis and the defense against attacks, records of the server log files are automatically stored, as part of the accruing access data according to item 2 for the computer system of the used computer upon entering and while using the website. Storage of the server log files together with other data does not take place. The Company uses the server log files for statistical analysis to analyze and correct technical incidents, to ward off attacks and fraud attempts, and to optimize the website's functionality.
4.1.2 Purposes and legal basis of data processing
The legal basis for the collection of the server log files is Item. 6 para. 1 lit. f GDPR. The functionality of the website, the performance of security analysis and the prevention of attacks and fraud attempts are of legitimate interest to the Company.
4.1.3 Duration of storage or criteria for determining this duration
After accessing the web pages, the server log files are stored on the web server and the IP address contained therein is stored as long as necessary for the purpose. An evaluation during this storage period takes place exclusively in the case of an attack.
4.1.4 Opposition and removal option
You have the right to object to the processing of your data in the context of server log files, provided that there are reasons for this arising from your particular situation. If you would like to exercise your right of objection, please contact the contact address specified in section 1.Back to Top
4.2 Use of the web shop
4.2.1 Description and scope of data processing
The website features a web shop where you can buy goods and/or services of the Company. For the settlement of the purchase as well as for the conclusion of the contract, it is necessary that you provide your personal data. Data required for the conclusion of the contract are marked separately, further data can be provided voluntarily. Your credentials will also be processed to verify the purchase and - if you have a user account - to identify you the next time you log in. As part of the contract, your data may be forwarded to authorized third parties such as payment institutions for the purpose of payment. Also, service providers can be used for the payment processing, as long as they exclusively comply with the data protection contracts under the authority of the Company. To prevent the disclosure and/or access to/by unauthorized third parties to your personal data - especially financial data - the ordering process is encrypted. In order to make the purchase, you will need to create a customer account so that you provide your details when registering for the first time, and the Company can save your details for later purchases.
4.2.2 Purposes and legal basis of data processing
Data processing in the context of using the web shop is required to process the purchase of goods and/or services. The legal basis is Item 6 para. 1 lit. b GDPR.
4.2.3 Duration of storage or criteria for determining this duration
Due to commercial and tax regulations, the Company is obliged to store your data for a period of six to ten years. However, the Company limits the processing of data so that your data will only be processed to comply with legal obligations. You can deactivate your customer account at any time, however your data will be processed further for the aforementioned reasons.
4.2.4 Opposition and removal options
The processing of your data is required for the contract. Consequently, it is not possible to object to this processing.Back to Top
4.3 Contact form, e-mail and telephone contact
4.3.1 Description and scope of data processing
The website provides the possibility to contact the Company via a contact form, an e-mail address or a telephone number. If you wish to use this feature, the data entered in the contact form, your e-mail address and/or your telephone number, as well as your concerns will be transmitted to the Company. Depending on the request (e.g. questions about the Company's products and services, assertion of your data subject rights, such as information), your contact details will be processed further (with the help of service providers). Your contact information may be shared with third parties (such as affiliates), to the extent necessary to process your request,
4.3.2 Purposes and legal basis of data processing
The legal basis for the processing of your contact data is based on Item 6 para. 1 lit. f GDPR. Your legitimate interests lie in the processing of your request and further communication. If your contact is aimed at concluding a contract with the Company, the legal basis for the processing of your contact data is Item 6 para. 1 lit. b GDPR.
4.3.3 Duration of storage or criteria for determining this duration
After processing your request and terminating further communication, the contact details will be deleted. However, if the intention behind your contacting the Company is to conclude a contract with the Company or if you wish to assert your data subject rights such as information inquiry. For this purpose, the data will be stored until the contractual and/or legal obligations have been fulfilled and statutory retention periods do not preclude deletion.
4.3.4 Opposition and removal options
You have the right to object to the processing of your contact details, provided there are reasons for this arising from your particular situation. If you would like to exercise your right of objection, please contact the contact address specified in section 1. If you object, communication cannot be continued. However, if the intention behind your contacting the Company, such as the initiation of a contract, fulfillment of a contract or assertion of your data subject rights, requires the processing of contact details, you cannot exercise your right to objection.Back to Top
4.4.1 Description and scope of data processing
4.4.2 Purposes and legal basis of data processing
The processing of your data through the login form is required for the promotion of the Company's goods and/or services. The legal basis for processing the data when registering for the newsletter is the consent according to Item 6 para. 1 lit. a GDPR with reference to Section 7 Subsection 2 No. 3 of the Law against Unfair Competition (hereinafter referred to as "UWG").
4.4.3 Duration of storage or criteria for determining this duration
The data will be stored during the newsletter subscription. After inactivity of the newsletter, the data will no longer be used for the newsletter. The data will be stored until contractual and/or legal obligations have been met and statutory retention periods do not preclude deletion. The same applies if you have revoked your consent.
4.4.4 Opposition and removal options
You can revoke your consent to the newsletter at any time by clicking on the following link or notifying the Company of your revocation under [firstname.lastname@example.org, subject "revocation newsletter"].Back to Top
4.5 Web tracking
The website contains built-in services that optimize the user-friendliness and measure the reach of the website. Your access data (see section 2) will be recorded and the usage behavior will be evaluated by means of analysis cookies (see section 3). For web tracking, a personal identification is generally not required, so that when you enter your access data, the stored IP address is either not used or only shortened and pseudonymous usage profiles are created. These are not merged with other data and you have the possibility to opt out at any time. The creation of personal usage profiles is only carried out in exceptional cases and provided you have given your consent.
The web tracking services are usually provided by service providers who process the data only as directed by the person responsible and not for their own purposes as a so-called processor. This is ensured by contract processing contracts. If the service providers outside the European Union or the European Economic Area (hereinafter referred to as "EU or EEA") process their data, a so-called third-country transfer takes place. This is permissible, provided that you have given your consent, the Company has provided guarantees for a data protection level that is appropriate to the European standard or the EU Commission has classified the respective third country as a safe third country. The third-country transfer of the respective service is indicated below. Further information on the recipients of your data can be found in section 5.
The web tracking services of the website are described in more detail below.
4.5.1 Google Tag Manager
The website uses Google Tag Manager for its functionality. This service is provided by Google Inc., 1600 Amphitheater Park-way, Mountain View, CA 94043, USA (Google Inc.). Through the Google Tag Manager, the web tracking services (see Section 4.4) and other services included in this website can be managed by so-called "tags" (these are placeholders for a website code). Google Tag Manager implements these tags. No cookies are used and no personally identifiable information is collected by Google Tag Manager. The Google Tool Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data.
4.5.2 Google Analytics
The website uses the service Google Analytics. Provider of Google Analytics is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Analytics creates a pseudonymous usage profile to optimize the user-friendliness of the website. The pseudonimity is ensured by the fact that before you submit your data to Google, the IP address is shortened and no conclusion on your person is possible. The pseudonymous usage profile is evaluated after delivery for the purpose of optimizing usability. A merge with other data from Google does not take place. Through a contract processing contract, the Company ensures that Google processes the data only at its own discretion.
Through the use of Google Analytics, third country transfers take place (see paragraph 4.7). With a certification according to the EU-US Privacy Shield, however, Google ensures that the third-country transfer guarantees the European privacy level.
4.5.3 Purposes and legal basis of data processing:
The legal basis for recording and evaluating pseudonymous usage profiles is Item 6 para. 1 lit. f GDPR. In optimizing the user-friendliness of the website and the range measurement are the legitimate interests of the Company. Insofar as personal usage profiles are recorded and evaluated, the legal basis is your consent in accordance with Item 6 para. 1 lit. a GDPR.
4.5.4 Duration of storage or criteria for determining this duration:
The data collected and evaluated using the web tracking services is typically stored until you object to its use. If the data processing is based on your consent, your data will be stored until you revoke your consent.
4.5.5 Opposition and removal options:
You may opt-out of using the web tracking services at any time by modifying your browser settings or by using the following link(s) to download and install the available browser plug-ins: Google Analytics: https://support.google.com/analytics/answer/181881?hl =DE].
If the data processing is based on your consent, you can revoke your consent at any time by informing the Company of your revocation [email@example.com, subject "revocation consent web tracking"].Back to Top
5. Who receives my data?
Within the Company, those entities gain access to your data that are required to fulfill the purposes described in section 4 above. Also, service providers employed by the Company may gain access to your data (so-called "processors", such as data centers, newsletters, sweepstakes, and customer service or debtor management). Order processing contracts ensure the adherence to instructions, data security and the confidential handling of your data by these service providers.
A data transfer to other recipients such as advertising partners, providers of social media services or credit institutions (so-called "third parties") will take place if required by law or if you have consented
Personal data will not be rented or sold to third parties.
The following third parties are included in the data transfer:
- Public sector bodies and institutions, such as law enforcement agencies, who gain access to your data for compliance with legal or regulatory obligations.
- Arvato reserves the right to transfer your personal information to the relevant publisher, such as Microsoft Inc. or Microsoft affiliates, e.g. to forward the respective training organization.
- Providers of Lab Hosting Websites
- Credit bureaus
Forwarding is also possible to the following persons:
Companies working on behalf of Arvato: we hire companies to provide certain services to us, such as but not limited to customer hotlines or the processing of payments. In this context, it may be necessary for these companies to process your personal information. We are acting on these companies to use the data only for the provision of these services. Businesses are not allowed to pass this information on to third parties, unless this is necessary to provide the services.
Company sales: Arvato reserves the right to disclose your personal data or parts thereof to third parties in the event of a sale of the Company or Company objects, provided that the services provided via the website are transferred to a third party. In case of a sale, Arvato will give you the opportunity to object to a redirect. This may result in the acquiring company no longer being able to provide the services provided by Arvato.
Your consent: In all other cases, Arvato will obtain your consent before disclosing your data. Arvato can e.g. organize a special offer or contest with third parties in connection with which you are asked to consent to the disclosure of data to that third party.
Further information on the transfer of data to the respective third party can be found in the individual purposes according to Section 4.Back to Top
6. Will my data be processed outside the EU or EEA (third-country transfer)?
If the service providers listed in section 5 and/or third parties outside the EU or the EEA process your data for the purposes specified in paragraph 4, this may result in your data being transmitted to a country where none of the EU or the EEA reasonable level of data protection can be guaranteed. However, such a level of data protection can be guaranteed with a suitable guarantee. A suitable guarantee may be standard contractual clauses provided by the EU Commission. You may request a copy of these warranties from the contact details in section 1. Exceptionally, any guarantees may be waived if you consent or the third country transfer is required for the performance of your contract with the Company. The EU Commission has also recognized certain third countries as safe third countries, so that it is not possible at this point to provide any suitable guarantees from the Company.
The following service providers process their data outside the EU or EEA:
- For the use of web-tracking services, service providers are set up whose rights centers are located in a third country or which have access to data centers within the European Union or the EEA from a branch in a third country. The services, which are certified according to the EU-US Privacy Shield, ensure that the third-country transfer guarantees the European level of data protection.
7. What privacy rights do I have?
At any time you have the right to request information about the personal data stored with us. If any personal information about you is false or out of date, you have the right to ask for its correction. You also have the right to request the deletion or restriction of the processing of your data in accordance with Item 17 or Item 18 GDPR. You may continue to have the right to disclose the data you provide in a common and machine-readable format (data transferability right).
If you have given consent to the processing of personal data for specific purposes, you may revoke your consent at any time with future effect. The revocation must be sent to the Company at the contact address specified in section 1.
In accordance with Art. 21 GDPR, the right to object, at any time for reasons arising from your particular situation, to the processing of your data according to the legal basis of Art. 6 para. 1 lit. f GDPR. You also have the right to object to the processing of your personal data for the purpose of direct mail at any time. The same applies to the automated procedures for the use of individual cookies, if these are not mandatory for the provision of the website.
In addition, you have the opportunity to contact a data protection authority and file a complaint there. The authority responsible for the Company is the Country Representative for Data Protection and Freedom of Information North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen)
Telephone: 0211 / 38424-0
Fax: 0211 / 38424-10
You can also contact the data protection authority responsible for your place of residence.
Back to Top
8. To what extent is there an automated decision-making process?
For the purposes mentioned in section 4, we do not use fully automated decision-making.Back to Top
9. Is profiling taking place?
For the purposes mentioned under Item 4, no profiling takes place.Back to Top
10. Final / Version information
As the site evolves and new technologies are introduced to improve our service to you, changes to these privacy notices may be required. Therefore, we recommend that you review these privacy statements from time to time.