Web Data Protection Policy

We, edudip GmbH, as the operator of these pages, take the protection of your personal data very seriously. We treat your data confidentially and in accordance with the statutory data protection regulations and this data protection policy. This data protection policy applies to our websites www.edudip.com, www.edudip.market and help.edudip.com.

Information obligations for personal data collection (Art. 13 EU GDPR)

We have been subject to the provisions of the European General Data Protection Regulation (EU GDPR), the provisions of the German Federal Data Protection Act (BDSG) and other applicable laws. In the following, we inform you in accordance with the provisions of Art. 13 EU GDPR how we collect and process your personal data in a legally compliant manner when you use our website.

01. Scope, purpose and legal basis of data processing (Art. 13 para. 1 lit. c) and d) EU GDPR)

a. Visiting our website

First and foremost, we would like to use our website to provide information about ourselves and our activities. At the same time, we offer our browser-based webinar software “edudip” and our online marketplace for webinars “edudip.market” via our website. 

In connection with our websites, we generally process personal data only insofar as this is necessary for the provision, use and optimisation of our website and our software, as well as to safeguard our legitimate interests (Art. 6 para. 1 subpara. 1 lit. f) EU GDPR). We also process your data in order to fulfill contracts or to carry out pre-contractual measures (Art. 6 para. 1 subpara. 1 lit. b) EU GDPR). In addition, we only process your data in connection with our website if you have expressly consented to it (Art. 6 para. 1 subpara. 1 lit. a) EU GDPR).

b. Logging – server log files
The provider of the webpages automatically logs and stores information in so-called server log files, which your browser automatically transmits to us. These are

  • Browser type and version
  • Operating system used (referrer)
  • URL host name of the accessing computer
  • Time of the server request
  • IP address

The legal basis for storing the server log files is Art. 6 para. 1 subpara. 1 lit. f) EU GDPR. We have a legitimate interest in the presentation of our website without technical errors, as well as optimisation of our website, both of which require the server log files to be recorded. Our legitimate interest is also to maintain the security of our website, because the data are also used to identify and track unauthorised attempts to access our web server. The evaluation is carried out by employees of our company. User profiles are not created. It will not be passed on to third parties, including extracts.

c. Cookies

  (i) General information on cookies

Our websites use cookies. Cookies are small text files that are stored on your device and saved by your browser. They do not damage your end device and do not contain viruses. Cookies are either temporarily stored on your device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain on your device until you delete them yourself or they are automatically deleted by your web browser. 

Cookies have different functions. Many cookies are necessary for technical reasons as certain website functions would not work without them (e.g. executing the electronic communication process). Other cookies are functional, they are used to provide certain functions that you want (e.g. test account). Other cookies are used for website optimisation, i.e. to evaluate user behaviour on our website and to make our website more user-friendly, effective and secure.

In some cases, third-party cookies can also be stored on your device (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services). 

The legal basis for creating both technical and functional cookies is Art. 6 para. 1 subpara. 1 lit. f) EU GDPR saved. Such cookies are stored in the interest of providing our website without technical errors and for website optimization.

Technically necessary cookies are stored on the legal basis of § 25 para. 2 no. 2 TTDSG. Such cookies are stored in order to provide you with the expressly requested service.

All other cookies (e.g. those used to analyse your user behaviour and those from third-party providers) are stored on the legal basis of Section 25 (1) TTDSG in conjunction with Art. 6 (1) subpara. 1 lit. a) EU GDPR, if you give us your consent to do so. When you visit our website, an opt-in checkbox will be displayed which allows you to declare your consent to the storage of said cookies. You may revoke your consent at any time, non-retroactively, by opening the cookie settings page and using the opt-out checkbox there. You can access the cookie settings at any time by clicking on the fingerprint symbol at the bottom left of our website. 

 

(ii) Cookies when you visit our website 

For more information about which cookies we use and how you can manage your cookie settings and disable certain types of tracking, please refer to our Cookie Notice, which you can access via the fingerprint at the bottom of our website.

(iii) Cookies when conducting our webinars

We use the following cookies to organise the webinars:

Google reCAPTCHA 

Google reCAPTCHA is a service that allows us to check whether a visitor to our website is a human or a bot. This is to ensure that no fake users, machines or computer programmes interact automatically on the website and, for example, post comments or carry out registrations. This system not only prevents spam comments, but also cyber attacks.

Responsible: Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)

Data protection officer: Contact form for questions about data protection – Policy Help (google.com)

Purpose and legal basis: Google reCAPTCHA serves to maintain user-friendliness and at the same time to ward off spam and bots if you have given your consent (§ 25 para. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a DSGVO). With regard to the revocation of your consent, please refer to section 03.

Collected data:

  • Website that embeds reCAPTCHA
  • Complete screenshot of the browser window
  • Your “click path”, interaction with the website
  • Mouse movements and keyboard strokes
  • Date and time of the visit
  • length of visit
  • Your IP address
  • Technical information about your browser and the end devices you use (e.g. operating system, language setting, screen resolution)
  • Browser plugins
  • If applicable, cookies (other Google cookies from the last 6 months) the referrer URL (via which website/advertising medium you came to this website)

Transfer to third countries: The parent company of Google Ireland Limited is Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The information generated by Google Analytics about the use of our websites is transmitted to a Google server in the USA and stored there. There is an adequacy decision by the European Commission for the transfer of data to the USA and Google LLC is certified in accordance with the EU-US data protection agreement (Data Privacy Framework).

Storage period: The data is deleted as soon as it is no longer required for the purposes of processing.

You can find Google’s privacy policy and cookie policy here: Privacy Policy – Privacy Policy & Terms of Use – Google; How Google uses cookies – Privacy Policy & Terms of Use – Google

 

Matomo

Matomo is an analysis program with which we can analyse user behaviour on our website. Matomo is installed and hosted on our own server so that no personal data is passed on to third parties.

Purpose and legal basis: Matomo is used to evaluate visitor information in order to further optimise our advertising offer if you have given your consent (§ 25 para. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR). The information collected using Matomo enables us to determine how many people use certain offers at the same time and to determine the load behaviour of our web offers; if necessary, the information is used to adapt the technical basis so that the pages run stably for the users of our web offers even with a higher usage load. Technical information about the devices and browsers you use helps us to recognise the causes of errors, e.g. in the event of problems with the display of our websites or the playback of video formats, and to resolve the underlying problems as quickly as possible. Information on user behaviour, on the other hand, is helpful for us to identify whether, for example, users of our websites have difficulties finding certain buttons or whether other processes on our websites can be made more user-friendly. With regard to the cancellation of your consent, please refer to section 03.

 

Data collected:

  • Page views
  • Start of the session
  • Websites visited (within the edudip pages)
  • Date and time of the visit (time of the start of the session)
  • Your IP address (the IP address is not stored, but discarded immediately after it is collected for technical reasons)
  • Technical information about your browser and the devices you use (e.g. language setting, screen resolution)
  • Outgoing links (i.e. the information that you are leaving the edudip pages)
  • Information about your usage behaviour (click and scrolling events)

Storage period: The data is deleted as soon as it is no longer required for the purposes of processing.

d. Social networks

YouTube

Videos from YouTube are integrated into our website. These videos were embedded using the “extended data protection mode” offered by YouTube. According to the company itself, YouTube does not initiate any data processing operations until you watch a video. When you watch a video, YouTube processes data to a specifically unknown extent (including your IP address) and, under certain circumstances, stores cookies, provided you have given your prior consent. YouTube is in turn connected to the Google DoubleClick network. The Google DoubleClick network processes data to a specifically unknown extent (including your IP address) and, under certain circumstances, stores cookies, provided you have given your prior consent. 

YouTube in Germany and the EU is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube’s parent company is Google LLC, 1600 Amphitheater Parkway, Mountain View, California 94043. Data and information from users is processed by YouTube and Google in the EU and in third countries, such as the USA. The legal basis for the data processing associated with embedding YouTube videos is Art. 6 para. 1 subpara. 1 lit. a) EU GDPR. By giving your consent or by clicking on the YouTube video, you record that you agree to the transfer of personal data to YouTube and Google and thus to the transfer of data to third countries (outside the EU). 

We also operate our own YouTube channel. Please note that each time our YouTube channel is accessed (either via a link or in any other way) on YouTube websites, personal data are processed by YouTube/Google in a specifically unknown extent. This includes, among other things, your IP address and the previous website you visited before accessing YouTube. In addition, every time our YouTube channel is accessed, cookies and tracking technologies are deployed by YouTube/Google. This enables Google to understand and analyse your user behaviour beyond YouTube’s websites. All of this happens regardless of whether you are logged into your YouTube user account or have one at all. If you are logged into your YouTube user account, you allow YouTube to assign your user behaviour directly to your personal profile. According to the company, you can prevent this by logging out of your YouTube account. Further information on data protection at YouTube can be found in YouTube’s Data Policy and Cookie Policy at: https://policies.google.com/privacy?hl=en, https://policies.google.com/technologies/cookies?hl=en. We have no influence on the processing of your data by Google and on whether Google complies with the applicable data protection regulations.

e. Enquiries / contact

If you would like to contact us, please use the contact details provided. If you contact us by phone, email or fax, your request, including all personal data resulting from it, will be stored and processed by us for the purpose of processing your request. The data will be used strictly for processing your request. We use the onOffice product for fast and exclusively internal communication. No customer data is passed on to the company. Our internal customer communication data is stored exclusively on servers in Germany.

The legal basis for processing this data is Art. 6 para. 1 subpara. 1 lit. b) EU GDPR, if your request is related to the fulfilment of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest regarding the effective processing of enquiries addressed to us in accordance with Art. 6 para. 1 subpara. 1 lit. f) EU GDPR or on your consent acc. Art. 6 para. 1 subpara. 1 lit. a) EU GDPR, if this was asked for.

The data will be deleted if you ask us to delete it, withdraw your consent to the processing or the purpose of processing no longer applies, i.e. specifically after your request has been processed. Mandatory statutory retention periods remain unaffected. 

f. Use of our “edudip” webinar software

Registration / contractual or pre-contractual use of our webinar software

You can register on our website www.edudip.com to test or use our “edudip” webinar software. We only use the personal data you enter to help us provide our webinar software and to carry out pre-contractual measures or to fulfill the underlying contract. The mandatory information requested during registration must be given in full. Otherwise the registration will be rejected. In event of important changes, such as to the scope of the offer or changes necessary for technical reasons, we will use the email address provided during registration to inform you.

So-called “single sign-on” procedures can also be used for registration, which allow you to log in to our online offering with the help of a user account with a provider of single sign-on procedures. This requires that you are registered with the respective single sign-on provider and enter the required access data in the online form provided for this purpose, or that you are already registered with the single sign-on provider and confirm the single sign-on registration via a button.

Through the link, we automatically receive your name and e-mail address from the single sign-on provider. Whether additional data is transmitted to us depends solely on the single sign-on procedure used, on the data releases selected during authentication and also on which data users have released in the privacy or other settings of the user account with the single sign-on provider.

If you decide that you no longer wish to use the link to your user account with the single sign-on provider for the single sign-on procedure, you must cancel this link within your user account with the single sign-on provider.

You can log in using the following single sign-on procedures:

  • Google Single-Sign-On: Google stores data about your user behaviour on our website after you log in. The controller is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). The parent company of Google Ireland Limited is Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The information generated by Google Single-Sign-On about the use of our websites is transmitted to a Google server in the USA and stored there. There is an adequacy decision by the European Commission for the transfer of data to the USA and Google LLC is certified in accordance with the EU-US data protection agreement (Data Privacy Framework). You can find Google’s privacy policy and cookie policy here: Privacy Policy – Privacy Policy & Terms of Use – Google; How Google uses cookies – Privacy Policy & Terms of Use – Google
  • Microsoft Single-Sign-On: Microsoft stores data about your user behaviour on our website after you log in. The controller is Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland). The parent company of Microsoft Ireland Operations Limited is Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399 USA). The information generated by Microsoft Single-Sign-On about the use of our websites is transmitted to a Microsoft server in the USA and stored there. The European Commission has issued an adequacy decision for the transfer of data to the USA and Microsoft Corporation is certified in accordance with the EU-US Data Protection Agreement (Data Privacy Framework). You can find Google’s privacy policy and cookie policy here: Microsoft Privacy Policy – Microsoft Privacy Policy

As part of the contractual use of “edudip”, we process contract master data (e.g. contractual relationship, product or contract interest), customer history, contract billing and payment data as well as planning and control data. We only process data that is necessary for the establishment, content or change of the legal relationship. We only process usage data about the use of our website insofar as this is necessary to enable the user to use our service or to bill for it. 

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution commissioned with payment processing. Any further transmission of the data does not take place or only if you have expressly consented to said transmission. Your data will not be disclosed to third parties without express consent, for example for advertising purposes. 

The legal basis for data processing during registration via the single sign-on procedure is consent in accordance with Art. 6 para. 1 subpara. 1 lit. a) EU GDPR. With regard to the revocation of your consent, please refer to section 03. The data collected during registration and the data processed in the context of contractual use will be stored by us as long as you are registered on this website. They will be deleted after termination of the business relationship or after completion of the order. Mandatory statutory retention periods remain unaffected.

g.  Use of our webinar software as a participant

If you participate in a webinar offered by edudip itself, we process the personal data that you enter in the mandatory fields (gender, first name and last name, email address) and also user information (e.g. webinar data including display name, chat history and duration of the Participation), technical data (e.g. IP addresses, hashed passwords) as well as voice and video data. In the case of webinars offered by edudip itself, the legal basis for data processing is Art. 6 para. 1 subpara. 1 lit. b) EU GDPR (contract fulfilment / contract initiation). At the webinars we hold, the participant data is deleted after 360 days.

If our customers use our webinar software to offer webinars, these customers are responsible for data protection. In this case, we, edudip, are processors within the meaning of Art. 28 EU GDPR. We process the personal data generated during the customer’s webinar in accordance with the instructions of the underlying order processing contract. Deletion also takes place only on the instructions of the respective customer or by the customer himself.

h. Use of our “edudip.market” online marketplace for webinars

Use of our website www.edudip.market requires registration as a member. To register as a member, you must provide your name, a valid email address and a desired password. No further data is required. Your address, telephone number, email address and bank details are not displayed in your member profile.

To inform other members about yourself, you can use your member profile to describe yourself by providing further details. However, in your member account under Settings -> Privacy, you can decide for yourself who can view your member profile and what they can see. If you work as an online trainer, your offer and your specialisation will be listed at “http://www.edudip.market/trainer” and made available to every visitor to the website. If you do not want said publication, you can change this in the profile settings under “Privacy”. 

If you have concluded a webinar contract with another member, edudip will transmit your specified name and your edudip profile page link to your contractual partner. No further data transfer occurs. Under no circumstances will your data be disclosed for advertising purposes.

All of the data you provide will be used to process the contracts for use of the “www.edudip.market” website and to enable you to use the options offered by “www.edudip.market”. The password you enter will be stored in encrypted form by edudip. The legal basis for this data processing is Art. 6 para. 1 subpara. 1 lit. b) EU GDPR. The data collected during registration and the data processed in the context of contractual use will be stored by us as long as you are registered on this website. They are deleted after the end of the business relationship or after completion of the order. Mandatory statutory retention periods remain unaffected. 

All websites of the platform on which you enter data are secured by 256-bit TLS encryption. Our servers are located in a data centre that is certified according to ISO 27001, ISAE 3402 (successor to SAS 70) and KPMG IDW PS 951 Type B. 

For the purpose of quality assurance, edudip GmbH is authorised to check live streams using technical bodies. 

i. Encrypted payments on our website

If, after conclusion of a fee-based contract (see points h. and i. above), there is an obligation to provide us with your payment details (e.g. account number with direct debit authorisation), this data is required for payment processing. Payment transactions using common payment methods (Visa/MasterCard, direct debit) are performed exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. Encrypted communication ensures that your payment data, which you transmit to us, cannot be read by third parties.

j. Stripe

On our websites we offer payment services via Stripe. The provider for customers within Germany and the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).

If you pay via Stripe, your payment details will be forwarded to Stripe via an interface on our site in order to make the payment. The legal basis for transmission of your data to Stripe is Art. 6 para. 1 subpara. 1 lit. b) EU GDPR (contract processing) and on the basis of our legitimate interest regarding the use of reliable and secure payment processes (Art. 6 para. 1 subpara. 1 lit. f) EU GDPR).

Details on the processing of personal data by Stripe can be found in Stripe’s Privacy Policy at the following link: https://stripe.com/de/privacy.

k. Comment function on this website
To provide the comment function on this page, information about the time the comment was created, your email address and, insofar as you are not posting anonymously, the username you selected, will be saved in addition to your comment. The comments and the associated data (e.g. IP address) are saved and remain on this website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments).

The comments are saved on the basis of your consent (Art. 6 para. 1 subpara. 1 lit. a) EU GDPR). You can revoke your consent at any time without giving a reason. All you need to do is send us an informal email. The legality of the data processing that has already been performed remains unaffected by said revocation.

I. Processing of data when using Newsletter2Go

We process the personal data that you provide in your application, insofar as this is necessary for the decision on establishing an employment relationship with us. The legal basis for this is Art. 6 para. 1 subpara. 1 lit. b) EU GDPR.

Your personal data will be treated confidentially and processed exclusively for the purpose of processing the application, i.e. for recruiting, recruiting and creating an employment contract. In order to implement the application process, it is essential that employees from the HR department, the respective department and, if applicable, the responsible bodies, such as the representative for the severely disabled, have access to your personal data.

If you give us your consent, we will process your personal data in addition to applying for a specific position or a specific appointment, and will contact you at other positions that match your profile. 

General retention and deletion periods apply. We generally store your personal data for as long as this is necessary for deciding on your application and only if there is another legal reason for further storage. Such a legal reason can result in particular from tax and accounting obligations or from defence against possible legal claims, in particular according to the General Equal Treatment Act (AGG). 

If you have not consented to further data processing for other positions that may match your profile, we will delete your data no later than six months after the application process has been completed. If you have given your consent to other positions or have unsolicited applications, we will save your personal data for a maximum of three years, beginning with the end of the year in which you give your consent to us or send your application on your own initiative have submitted. In the event of a successful application, we will transfer your application documents to your personnel file.

m. Vacancies and application procedures
We process the personal data that you provide in your application, insofar as this is necessary for the decision on establishing an employment relationship with us. The legal basis for this is Art. 88 EU GDPR in conjunction with Section 26 para. 1 sentence 1 var. 1 in conjunction with para. 8 sentence 2 BDSG.

Your personal data will be treated confidentially and processed exclusively for the purpose of processing the application, i.e. for recruiting, recruiting and creating an employment contract. In order to implement the application process, it is essential that employees from the HR department, the respective department and, if applicable, the responsible bodies, such as the representative for the severely disabled, have access to your personal data.

If you give us your consent, we will process your personal data in addition to applying for a specific position or a specific appointment, and will contact you at other positions that match your profile.

General retention and deletion periods apply. We generally store your personal data for as long as this is necessary for deciding on your application and only if there is another legal reason for further storage. Such a legal reason can result in particular from tax and accounting obligations or from defence against possible legal claims, in particular according to the General Equal Treatment Act (AGG).

If you have not consented to further data processing for other positions that may match your profile, we will delete your data no later than six months after the application process has been completed. If you have given your consent to other positions or have unsolicited applications, we will save your personal data for a maximum of three years, beginning with the end of the year in which you give your consent to us or send your application on your own initiative have submitted. In the event of a successful application, we will transfer your application documents to your personnel file.

02. Recipients / categories of recipients of personal data (Art. 13 para. 1 lit. e) and f) EU GDPR)

The recipient of the data associated with the use of our websites, our “edudip” webinar software and our “edudip.market” online marketplace is edudip GmbH. Your data will be treated confidentially and will never be disclosed to third parties, neither to recipients within Germany or the European Union nor to recipients in third countries. Profiling is also not carried out. We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution commissioned with payment processing. Any further transmission of the data does not take place or only if you have expressly consented to said transmission. Your data will not be disclosed to third parties without express consent, for example for advertising purposes. 

We may use external service providers who process personal data on our behalf. These are considered processors in the sense of Art. 28 EU GDPR. When data is forwarded to these partners, an order processing contract is therefore always concluded in accordance with the legal requirements to ensure the control and protection of the data.

Edudip GmbH will transfer personal data to institutions (authorities) entitled to information if it is obliged to do so by law or by court order. 

03. Duration of storage and deletion of personal data (Art. 13 para. 2 lit. a) EU GDPR)

The duration of the storage of personal data depends on legal requirements and the purpose of data storage. In general: If the purpose of data processing is no longer applicable, we will delete your data. The reasons for deletion of personal data result from Art. 17 EU GDPR. Secondary to this, your data must always be deleted if one of the following reasons exists:

  • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing was based and there is no other legal basis for the processing.
  • You object to the processing in accordance with Article 21 para. 1 and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Article 21 para. 2.
  • The personal data was processed illegally.
  • The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the member states to which edudip GmbH is subject.

Exceptions, according to which your data does not have to be deleted, even though one of the listed reasons exists, are also regulated in Art. 17 EU GDPR.

04. Your rights as a data subject (Art. 13 para. 2 lit. b) and c) EU GDPR)

The EU GDPR gives the data subject, affected by the processing of personal data, various options to check and influence the handling of their personal data themselves. You therefore have the following rights:

  • Right to access (Art. 15 EU GDPR)
  • Right to rectification (Art. 16 EU GDPR)
  • Right to erasure (Art. 17 EU GDPR, see above)
  • Right to restriction of processing (Art. 18 EU GDPR)
  • Right to data portability (Art. 20 EU GDPR)
  • Right to revoke any consent given (Art. 7 Para. 3 EU GDPR)

You also have the right to object (Art. 21 EU GDPR): For reasons arising from your particular situation, you can at any time object to the processing of your personal data, which is performed on the basis on Art. 6 p. 1 lit. e) or f) EU GDPR. The respective legal basis on which processing is based can be found in this Data Protection Policy. If you lodge an objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for said processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If we process personal data for direct marketing purposes, you have the right to object at any time to said processing of your personal data for the purpose of such advertising. We would also like to point out the options for objection to data processing for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European region).

If you would like to exercise one of the rights mentioned above, please send an email to the address given under Point 5.

05. Data controller (Art. 13 para. 1 lit. a) EU GDPR)

Responsible for the processing of personal data on this website within the meaning of the EU GDPR is:

edudip GmbH
Jülicher Straße 306
52070 Aachen
Telephone: +49 241 91605-0
Email: info@edudip.com

Authorised Managing Director: Dipl. Ing. Torsten Kämper
Authorised Managing Director: Dilek Aydin

The data controller is the natural or legal person who alone or together with others decides on the purposes and means of processing personal data.

06. Our local external Data Protection Officer (Art. 13 para. 1 lit. b) EU GDPR)

The following was appointed as Data Protection Officer acc. to Art. 37 EU GDPR:

Günter Jachtner
Certified Data Protection Officer (TÜV)
CE21 – Gesellschaft für Kommunikationsberatung mbH
Bergfeldstraße 11, 83607 Holzkirchen

NRW branch:
Donnerbachweg 1, 53332 Bornheim
Tel.: +49 221 7160069
Email: datenschutz@edudip.com

07. Right to lodge a complaint with the competent supervisory authority (Art. 13 para. 2 lit. d), Art. 77 EU GDPR)

In addition to the rights listed above, you also have the right to complain to a data protection supervisory authority in every country in the European Union. Below you will find a list of all state Data Protection Officers in the federal states:

https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html

08. Security

a. Technical and organisational measures

edudip GmbH implements technical and organisational measures in the sense of Art. 32 EU GDPR to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are improved continuously in line with technological developments. We have committed all employees to confidentiality. In addition, our employees receive regular training from our data protection officer to ensure that data protection regulations are adhered to. It also ensures that the regulations on data protection are also observed by the external service providers involved.

b. Email

Email security
If you send us an email, your email address will only be used for correspondence with you. An encryption process is not used. Email traffic takes place via the unsecured internet. We would like to point out that the internet poses many risks of attack and that absolutely secure transmission cannot be guaranteed. It is not possible to completely protect data from third-party access. Therefore, please do not send us any confidential or strictly confidential data by email.

Objection to advertising emails
We hereby object to the use of contact data published in this data protection declaration or in the imprint for sending unsolicited advertising and information material. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited promotional information, such as spam emails.

c. Transport Layer Security (TLS) encryption

Our websites use TLS encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

09. Links to other websites

Our websites contain links to other websites. We have no influence on their content and that their operators comply with the applicable data protection regulations. The purpose and scope of any data collection, further processing and use of the data by the respective third party who operates the corresponding website, as well as your rights and setting options for protecting your privacy, can be found in the third party’s data protection notices. We also have no influence on the current and future design or the authorship of the content of the linked pages. We hereby declare that at the time the link was created, no illegal content was recognisable on the linked pages. We expressly distance ourselves from all content that may be relevant under criminal or liability law or that violates common decency. For illegal, incorrect or incomplete content and for damages resulting from the use or non-use of other websites, the provider of the linked page is solely liable.

10. Definitions

Legislators require personal data to be processed lawfully, in good faith and in a transparent manner that is understandable to the data subject. Our data protection declaration should therefore be easy to read and understand for any interested person. To ensure this, we would like to explain some of the terminology.

We use the following terms in this Data Protection Policy:

Data subject

A data subject is every identified or identifiable natural person whose personal data is processed by us.

Processing

Processing is any process or series of processes in connection with personal data, such as the collection, recording, organisation, ordering, storage, adaptation or modification, reading, querying, use, disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction of data.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

Profiling

Profiling is any type of automated processing of personal data, which consists in the fact that this personal data is used to evaluate certain personal aspects that relate to a natural person, in particular to analyse or predict aspects related to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location of this natural person.

Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

Controller or data controller

The controller or data controller is the natural or legal person, public authority, agency or other body that alone or together with others decides on the purposes and means of processing personal data.

Receiver

The receiver is a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not.

Third party

A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorised to process the personal data under the direct authority of the controller or processor.

Consent

Consent is any expression of will voluntarily given by the data subject for the specific case in an informed manner and unequivocally in the form of a declaration or other clear confirmatory act, with which the data subject indicates that they consent to the processing of their personal data is.

11. Final clauses

Due to the further development of our website or the implementation of new technologies, it may become necessary to change this Data Protection Policy. We reserve the right to change this Data Protection Policy at any time, non-retroactively. The version available at the time of your visit always applies.

For further information, e.g. for copyright, see Disclaimer page.