Web Data Protection Policy
Information obligations for personal data collection (Art. 13 EU GDPR)
1. Scope, purpose and legal basis of data processing (Art. 13 para. 1 lit. c) and d) EU GDPR)
a) Visiting our website
In connection with our websites, we generally process personal data only insofar as this is necessary for the provision, use and optimisation of our website and our software, as well as to safeguard our legitimate interests (Art. 6 para. 1 subpara. 1 lit. f) EU GDPR). We also process your data in order to fulfil contracts or to carry out pre-contractual measures (Art. 6 para. 1 subpara. 1 lit. b) EU GDPR). In addition, we only process your data in connection with our website if you have expressly consented to it (Art. 6 para. 1 subpara. 1 lit. a) EU GDPR).
b) Logging – server log files
- Browser type and version
- Operating system used (referrer)
- URL host name of the accessing computer
- Time of the server request
- IP address
The legal basis for storing the server log files is Art. 6 para. 1 subpara. 1 lit. f) EU GDPR. We have a legitimate interest in the presentation of our website without technical errors, as well as optimisation of our website, both of which require the server log files to be recorded. Our legitimate interest is also to maintain the security of our website, because the data are also used to identify and track unauthorised attempts to access our web server. The evaluation is carried out by employees of our company. User profiles are not created. It will not be passed on to third parties, including extracts.
Cookies have different functions. Many cookies are necessary for technical reasons as certain website functions would not work without them (e.g. executing the electronic communication process). Other cookies are functional, they are used to provide certain functions that you want (e.g. test account). Other cookies are used for website optimisation, i.e. to evaluate user behaviour on our website and to make our website more user-friendly, effective and secure.Change your Cookie settings here
In some cases, third-party cookies can also be stored on your device (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
The legal basis for creating both technical and functional cookies is Art. 6 para. 1 subpara. 1 lit. f) EU GDPR saved. Such cookies are stored in the interest of providing our website without technical errors and for website optimization.
The legal basis for for storing all other cookies (e.g. those for analysing your user behaviour and those from third-party providers) is Art. 6 para. 1 subpara. 1 lit. a) EU GDPR, provided you have given us your consent. When you visit our website, an opt-in checkbox will be displayed which allows you to declare your consent to the storage of said cookies. You may revoke your consent at any time, non-retroactively, by opening the cookie settings page and using the opt-out checkbox there. This revocation only affects the future storage of cookies, and not those cookies already saved with your consent. These must be removed by you or via your automatic browser setting.
d. Integration of services for statistical evaluation
This data processing only takes place if you have given your consent in accordance with Art. 6 para. 1 lit. a), Art. 7 GDPR. When you visit our website, an opt-in checkbox will be displayed which allows you to declare your consent. You may revoke this consent at any time, non-retroactively, by re-opening the settings page and using the opt-out checkbox there. This revocation only affects the future storage of cookies, and not those cookies already saved with your consent. These must be removed by you or via your automatic browser setting. You can prevent the installation of Google Analytics cookies from the outset by withholding your consent to their storage; however, we would like to point out that in this case you may not be able to use all functions of our website to their fullest extent. In order to guarantee the data protection-compliant processing of the data, we have an order processing contract with Google in the sense of Art. 28 EU GDPR.
Google Analytics in Germany is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The information generated by the Google Analytics cookies about your use of our website (including your IP address, which has usually been anonymized previously) is transferred to a Google server in the USA and stored there. Due to the ECJ ruling of July 16, 2020, the data protection treaty (Privacy Shield) between the USA and the EU was dissolved. It is disputed whether the current Standard Data Protection Contractual Clauses (SDK) do not meet the requirements of the GDPR. We therefore need your consent. By giving your consent, you record that you agree to the transfer of personal data to Google and thus to the transfer of data to third countries (outside the EU). Google LLC in the USA has been certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).
e) Social networks
Videos from YouTube are integrated into our website. These videos were embedded using the “extended data protection mode” offered by YouTube. According to the company itself, YouTube does not initiate any data processing operations until you watch a video. When you watch a video, YouTube processes data to a specifically unknown extent (including your IP address) and, under certain circumstances, stores cookies, provided you have given your prior consent. YouTube is in turn connected to the Google DoubleClick network. The Google DoubleClick network processes data to a specifically unknown extent (including your IP address) and, under certain circumstances, stores cookies, provided you have given your prior consent.
YouTube in Germany and the EU is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube’s parent company is Google LLC, 1600 Amphitheater Parkway, Mountain View, California 94043. Data and information from users is processed by YouTube and Google in the EU and in third countries, such as the USA. The legal basis for the data processing associated with embedding YouTube videos is Art. 6 para. 1 subpara. 1 lit. a) EU GDPR. By giving your consent or by clicking on the YouTube video, you record that you agree to the transfer of personal data to YouTube and Google and thus to the transfer of data to third countries (outside the EU).
f) Enquiries / contact
The legal basis for processing this data is Art. 6 para. 1 subpara. 1 lit. b) EU GDPR, if your request is related to the fulfilment of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest regarding the effective processing of enquiries addressed to us in accordance with Art. 6 para. 1 subpara. 1 lit. f) EU GDPR or on your consent acc. Art. 6 para. 1 subpara. 1 lit. a) EU GDPR, if this was asked for.
The data will be deleted if you ask us to delete it, withdraw your consent to the processing or the purpose of processing no longer applies, i.e. specifically after your request has been processed. Mandatory statutory retention periods remain unaffected.
g) Use of our “edudip next” webinar software
You can register on our website www.edudip.com/de to test or use our “edudip next” webinar software. We only use the personal data you enter to help us provide our webinar software and to carry out pre-contractual measures or to fulfil the underlying contract. The mandatory information requested during registration must be given in full. Otherwise the registration will be rejected. In event of important changes, such as to the scope of the offer or changes necessary for technical reasons, we will use the email address provided during registration to inform you.
As part of the contractual use of “edudip next”, we process contract master data (e.g. contractual relationship, product or contract interest), customer history, contract billing and payment data as well as planning and control data. We only process data that is necessary for the establishment, content or change of the legal relationship. We only process usage data about the use of our website insofar as this is necessary to enable the user to use our service or to bill for it.
We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution commissioned with payment processing. Any further transmission of the data does not take place or only if you have expressly consented to said transmission. Your data will not be disclosed to third parties without express consent, for example for advertising purposes.
The legal basis for this data processing is Art. 6 para. 1 subpara. 1 lit. b) EU GDPR. The data collected during registration and the data processed in the context of contractual use will be stored by us as long as you are registered on this website. They are deleted after the end of the business relationship or after completion of the order. Mandatory statutory retention periods remain unaffected.
Use of our webinar software as a participant
If you participate in a webinar offered by edudip itself, we process the personal data that you enter in the mandatory fields (gender, first name and last name, email address) and also user information (e.g. webinar data including display name, chat history and duration of the Participation), technical data (e.g. IP addresses, hashed passwords) as well as voice and video data. In the case of webinars offered by edudip itself, the legal basis for data processing is Art. 6 para. 1 subpara. 1 lit. b) EU GDPR (contract fulfilment / contract initiation). At the webinars we hold, the participant data is deleted after 360 days.
If our customers use our webinar software to offer webinars, these customers are responsible for data protection. In this case, we, edudip, are processors within the meaning of Art. 28 EU GDPR. We process the personal data generated during the customer’s webinar in accordance with the instructions of the underlying order processing contract. Deletion also takes place only on the instructions of the respective customer or by the customer himself.
h) Use of our “edudip.market” online marketplace for webinars
Use of our website www.edudip.market requires registration as a member. To register as a member, you must provide your name, a valid email address and a desired password. No further data is required. Your address, telephone number, email address and bank details are not displayed in your member profile.
To inform other members about yourself, you can use your member profile to describe yourself by providing further details. However, in your member account under Settings -> Privacy, you can decide for yourself who can view your member profile and what they can see. If you work as an online trainer, your offer and your specialisation will be listed at “http://www.edudip.market/trainer” and made available to every visitor to the website. If you do not want said publication, you can change this in the profile settings under “Privacy”.
If you have concluded a webinar contract with another member, edudip will transmit your specified name and your edudip profile page link to your contractual partner. No further data transfer occurs. Under no circumstances will your data be disclosed for advertising purposes.
All of the data you provide will be used to process the contracts for use of the “www.edudip.market” website and to enable you to use the options offered by “www.edudip.market”. The password you enter will be stored in encrypted form by edudip. The legal basis for this data processing is Art. 6 para. 1 subpara. 1 lit. b) EU GDPR. The data collected during registration and the data processed in the context of contractual use will be stored by us as long as you are registered on this website. They are deleted after the end of the business relationship or after completion of the order. Mandatory statutory retention periods remain unaffected.
All websites of the platform on which you enter data are secured by 256-bit TLS encryption. Our servers are located in a data centre that is certified according to ISO 27001, ISAE 3402 (successor to SAS 70) and KPMG IDW PS 951 Type B.
For the purpose of quality assurance, edudip GmbH is authorised to check live streams using technical bodies.
i. Encrypted payments on our website
On our websites we offer payment services via Stripe. The provider for customers within Germany and the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).
If you pay via Stripe, your payment details will be forwarded to Stripe via an interface on our site in order to make the payment. The legal basis for transmission of your data to Stripe is Art. 6 para. 1 subpara. 1 lit. b) EU GDPR (contract processing) and on the basis of our legitimate interest regarding the use of reliable and secure payment processes (Art. 6 para. 1 subpara. 1 lit. f) EU GDPR).
k) Comment function on this website
The comments are saved on the basis of your consent (Art. 6 para. 1 subpara. 1 lit. a) EU GDPR). You can revoke your consent at any time without giving a reason. All you need to do is send us an informal email. The legality of the data processing that has already been performed remains unaffected by said revocation.
I) Processing of data when using Newsletter2Go
m) Vacancies and application procedures
Your personal data will be treated confidentially and processed exclusively for the purpose of processing the application, i.e. for recruiting, recruiting and creating an employment contract. In order to implement the application process, it is essential that employees from the HR department, the respective department and, if applicable, the responsible bodies, such as the representative for the severely disabled, have access to your personal data.
If you give us your consent, we will process your personal data in addition to applying for a specific position or a specific appointment, and will contact you at other positions that match your profile.
General retention and deletion periods apply. We generally store your personal data for as long as this is necessary for deciding on your application and only if there is another legal reason for further storage. Such a legal reason can result in particular from tax and accounting obligations or from defence against possible legal claims, in particular according to the General Equal Treatment Act (AGG).
If you have not consented to further data processing for other positions that may match your profile, we will delete your data no later than six months after the application process has been completed. If you have given your consent to other positions or have unsolicited applications, we will save your personal data for a maximum of three years, beginning with the end of the year in which you give your consent to us or send your application on your own initiative have submitted. In the event of a successful application, we will transfer your application documents to your personnel file.
2. Recipients / categories of recipients of personal data (Art. 13 para. 1 lit. e) and f) EU GDPR)
The recipient of the data associated with the use of our websites, our “edudip next” webinar software and our “edudip.market” online marketplace is edudip GmbH. Your data will be treated confidentially and will never be disclosed to third parties, neither to recipients within Germany or the European Union nor to recipients in third countries. Profiling is also not carried out. We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution commissioned with payment processing. Any further transmission of the data does not take place or only if you have expressly consented to said transmission. Your data will not be disclosed to third parties without express consent, for example for advertising purposes.
We may use external service providers who process personal data on our behalf. These are considered processors in the sense of Art. 28 EU GDPR. When data is forwarded to these partners, an order processing contract is therefore always concluded in accordance with the legal requirements to ensure the control and protection of the data.
The current data processing agreements can be found at av.edudip.com.
edudip GmbH will transfer personal data to institutions (authorities) entitled to information if it is obliged to do so by law or by court order.
3. Duration of storage and deletion of personal data (Art. 13 para. 2 lit. a) EU GDPR)
The duration of the storage of personal data depends on legal requirements and the purpose of data storage. In general: If the purpose of data processing is no longer applicable, we will delete your data. The reasons for deletion of personal data result from Art. 17 EU GDPR. Secondary to this, your data must always be deleted if one of the following reasons exists:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing was based and there is no other legal basis for the processing.
- You object to the processing in accordance with Article 21 para. 1 and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Article 21 para. 2.
- The personal data was processed illegally.
- The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the member states to which edudip GmbH is subject.
Exceptions, according to which your data does not have to be deleted, even though one of the listed reasons exists, are also regulated in Art. 17 EU GDPR.
4. Your rights as a data subject (Art. 13 para. 2 lit. b) and c) EU GDPR)
The EU GDPR gives the data subject, affected by the processing of personal data, various options to check and influence the handling of their personal data themselves. You therefore have the following rights:
- Right to access (Art. 15 EU GDPR)
- Right to rectification (Art. 16 EU GDPR)
- Right to erasure (Art. 17 EU GDPR, see above)
- Right to restriction of processing (Art. 18 EU GDPR)
- Right to data portability (Art. 20 EU GDPR)
- Right to revoke any consent given (Art. 7 Para. 3 EU GDPR)
You also have the right to object (Art. 21 EU GDPR): For reasons arising from your particular situation, you can at any time object to the processing of your personal data, which is performed on the basis on Art. 6 p. 1 lit. e) or f) EU GDPR. The respective legal basis on which processing is based can be found in this Data Protection Policy. If you lodge an objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for said processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If we process personal data for direct marketing purposes, you have the right to object at any time to said processing of your personal data for the purpose of such advertising. We would also like to point out the options for objection to data processing for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European region).
If you would like to exercise one of the rights mentioned above, please send an email to the address given under Point 5.
5. Data controller (Art. 13 para. 1 lit. a) EU GDPR)
Jülicher Straße 306
Telephone: +49 241 91605-0
Authorised Managing Director: Dipl. Ing. Torsten Kämper
Authorised Managing Director: Dilek Aydin
The data controller is the natural or legal person who alone or together with others decides on the purposes and means of processing personal data.
6. Our local external Data Protection Officer (Art. 13 para. 1 lit. b) EU GDPR)
Certified Data Protection Officer (TÜV)
CE21 – Gesellschaft für Kommunikationsberatung mbH
Bergfeldstraße 11, 83607 Holzkirchen
Donnerbachweg 1, 53332 Bornheim
Tel.: +49 221 7160069
7. Right to lodge a complaint with the competent supervisory authority (Art. 13 para. 2 lit. d), Art. 77 EU GDPR)
In addition to the rights listed above, you also have the right to complain to a data protection supervisory authority in every country in the European Union. Here you will find a list of all state Data Protection Officers in the federal states.
a) Technical and organisational measures
edudip GmbH implements technical and organisational measures in the sense of Art. 32 EU GDPR to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are improved continuously in line with technological developments. We have committed all employees to confidentiality. In addition, our employees receive regular training from our data protection officer to ensure that data protection regulations are adhered to. It also ensures that the regulations on data protection are also observed by the external service providers involved.
If you send us an email, your email address will only be used for correspondence with you. An encryption process is not used. Email traffic takes place via the unsecured internet. We would like to point out that the internet poses many risks of attack and that absolutely secure transmission cannot be guaranteed. It is not possible to completely protect data from third-party access. Therefore, please do not send us any confidential or strictly confidential data by email.
Objection to advertising emails
We hereby object to the use of contact data published in this data protection declaration or in the imprint for sending unsolicited advertising and information material. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited promotional information, such as spam emails.
c. Transport Layer Security (TLS) encryption
Our websites use TLS encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
9. Links to other websites
We use the following terms in this Data Protection Policy:
A data subject is every identified or identifiable natural person whose personal data is processed by us.
Processing is any process or series of processes in connection with personal data, such as the collection, recording, organisation, ordering, storage, adaptation or modification, reading, querying, use, disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction of data.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling is any type of automated processing of personal data, which consists in the fact that this personal data is used to evaluate certain personal aspects that relate to a natural person, in particular to analyse or predict aspects related to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location of this natural person.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
Controller or data controller
The controller or data controller is the natural or legal person, public authority, agency or other body that alone or together with others decides on the purposes and means of processing personal data.
The receiver is a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not.
A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorised to process the personal data under the direct authority of the controller or processor.
Consent is any expression of will voluntarily given by the data subject for the specific case in an informed manner and unequivocally in the form of a declaration or other clear confirmatory act, with which the data subject indicates that they consent to the processing of their personal data is.
11. Final clauses
For further information, e.g. for copyright, see Disclaimer page.
Jülicher Straße 306
Tel.: +49 241 916050
Fax: +49 241 4004768-9
Security & GDPR
© edudip GmbH 2022
Data privacy |
Data processing agreement