www.coursflorent.de

Privacy policy

Last update: 12th August 2022

Withdrawal option and overview

You can revoke your consent to the use of cookies that are not technically necessary at any time via the privacy settings link in the footer at www.coursflorent.de. In addition, you will receive an overview of the tools and cookies used by us.

Preface

We, Macromedia GmbH together with our subsidiaries (hereinafter jointly: “the company”, “we” or “us”) take the protection of your personal data seriously and would like to inform you at this point about data protection in our company.

Within the scope of our responsibility under data protection law, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) in order to ensure the protection of personal data of the person affected by a processing operation (we also address you as a data subject hereinafter with “customer”, “user”, “you”, “you” or “data subject”).

Insofar as we decide either alone or jointly with others on the purposes and means of data processing, this includes above all the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (cf. Articles 13 and 14 GDPR). With this statement (hereinafter: “Privacy Notice”), we inform you about the manner in which your personal data is processed by us.

Our data protection notices have a modular structure. They consist of a general part for any processing of personal data and processing situations that come into play each time a website is called up (A. General) and a special part, the content of which relates in each case only to the processing situation specified there with the designation of the respective offer or product, in particular the visit to websites as detailed here (B. Visit to websites).

In order to find the parts that are relevant for you, please refer to the following overview for the subdivision of the data protection notices:

Part A | General

General information on data processing when visiting our websites. This is always relevant.

Part B | Website and social media presences

Information about data processing by services that we use on our website, which use cookies and similar technologies. This is relevant if you use our website including social media functions. 

Part C | Online Events

Information about data processing within the framework of our online events.

Withdrawal option and overview

You can revoke your consent to the use of cookies that are not technically necessary at any time via the privacy settings link in the footer at www.coursflorent.de. In addition, you will receive an overview of the tools and cookies used by us.

A. General

(1) Definitions

Following the model of Art. 4 GDPR, this Privacy Notice is based on the following definitions:

  • “Personal data” (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person (“data subject”). An individual is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information relating to his or her physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photographs, video or sound recordings may also contain personal data).
  • “Processing” (Art. 4 No. 2 GDPR) means any operation which involves the handling of personal data, whether or not by automated (i.e. technology-based) means. This includes, in particular, the collection (i.e. acquisition), recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the change of an objective or purpose on which a data processing was originally based.
  • “Controller” (Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
  • “Third party” (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are authorized to process the personal data; this also includes other group-affiliated legal entities.
  • “Processor” (Art. 4 No. 8 GDPR) means a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g. IT service provider). In terms of data protection law, a processor is in particular not a third party.
  • “Consent” (Art. 4 No. 11 GDPR) of the data subject means any freely given, informed and unambiguous expression of will in the form of a statement or other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

(2) Name and address of the controller

The controller of your personal data within the meaning of Art. 4 No. 7 GDPR is us:

Macromedia GmbH

Sandstraße 9
80335 München

Phone: 089 544151-0
Fax: 089 544151-985
info.muc@macromedia.de
www.macromedia.de

A company of the:

Galileo Global Education Germany GmbH

Sandstraße 9
80335 München

Phone: 089 544151-0
Fax: 089 544151-985
info@gge-germany.de

(3) Contact details of the data protection officer

Bei allen Fragen und als Ansprechpartner zum Thema Datenschutz bei uns steht Ihnen unser betrieblicher Datenschutzbeauftragter jederzeit If you have any questions and as a contact person on the subject of data protection at our company, our company data protection officer is available to you at any time. The contact details are:

Peter Christian Felst

Mazars GmbH & Co. KG WPG/StBG
Domstraße 15
20095 Hamburg

datenschutz@gge-germany.de

By law, any processing of personal data is in principle prohibited and only permitted if the data processing falls under one of the following justifications:

  • Art. 6 (1) p. 1 lit. a GDPR (“consent”): if the data subject has voluntarily, in an informed manner and unambiguously indicated by means of a declaration or other unambiguous confirmatory act that he or she consents to the processing of personal data relating to him or her for one or more specific purposes;
  • Art. 6 (1) p. 1 lit. b GDPR: If the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject’s request;
  • Art. 6 para. 1 sentence 1 lit. c GDPR: If the processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., a legal obligation to keep records);
  • Art. 6 para. 1 p. 1 lit. d GDPR: If the processing is necessary to protect vital interests of the data subject or another natural person;
  • Art. 6 (1) p. 1 lit. e GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
  • Art. 6 (1) p. 1 lit. f GDPR (“Legitimate Interests”): if the processing is necessary to protect the legitimate (in particular legal or economic) interests of the controller or a third party, unless such interests are overridden by the conflicting interests or rights of the data subject (in particular if the data subject is a minor).

For the processing operations carried out by us, we indicate below the applicable legal basis in each case. A processing operation may also be based on several legal bases.

(5) Data deletion and storage period

For the processing operations carried out by us, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. If no explicit retention period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. In principle, your data will only be stored on our servers in Germany, subject to any transfer that may take place in accordance with the regulations in A.(7) and A.(8).

However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is required by legal regulations to which we are subject as the responsible party [e.g. § 257 German Commercial Code (HGB), § 147 German Tax Code (AO)]. If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

(6) Data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties (e.g., TSL encryption for our website), taking into account the state of the art, implementation costs, and the nature, scope, context, and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

We will be happy to provide you with more detailed information on request. Please contact our data protection officer (see under A.(3)).

(7) Cooperation with processors

As with any larger company, we also use external domestic and foreign service providers (e.g. for IT, logistics, telecommunications, sales and marketing) to process our business transactions. They will only act on our instructions and have been contractually obligated to comply with the data protection provisions in accordance with Art. 28 GDPR.

If personal data from you is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing order processing relationships.

(8) Requirements for the transfer of personal data to third countries

In the course of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer below at the relevant points.

Some third countries are certified by the European Commission through so-called adequacy decisions to have data protection comparable to the EEA standard (a list of these countries as well as a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. With regard to the individual services, we will inform you at the appropriate point [see B. (6) c)] about the requirements for data transfer to third countries. Please contact our data protection officer (see under A.(3)) if you would like to receive more detailed information on this.

(9) No automated decision-making (including profiling).

We do not ourselves intend to use any personal data collected from you for any automated decision-making process (including profiling).

(10) No obligation to provide personal data

We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products we offer presented below, you will be informed of this separately.

We may be subject to a specific legal or statutory obligation to provide lawfully processed personal data to third parties, in particular public bodies (Art. 6 para. 1 sentence 1 lit. c GDPR).

(12) Your rights

Ihre Rechte als Betroffener bezüglich Ihrer verarbeiteten personenbezogenen Daten können Sie uns gegenüber unter den eingangs unter A.(2) You may assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided at the beginning of A.(2). As a data subject, you have the right

  • to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
  • in accordance with Art. 16 GDPR, to demand the correction of incorrect data or the completion of your data stored by us without delay;
  • pursuant to Art. 17 GDPR, to request the deletion of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • pursuant to Art. 18 GDPR, to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful;
  • pursuant to Art. 20 GDPR, to receive your data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller (“data portability”);
  • object to the processing in accordance with Art. 21 GDPR, provided that the processing is based on Art. 6 (1) p. 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the event of your justified objection, we will review the merits of the case and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing;
  • in accordance with Article 7 (3) GDPR, to withdraw your consent given once (also before the GDPR came into force, i.e. before 25.5.2018) – i.e. your voluntary will, made understandable in an informed manner and unambiguously by means of a declaration or other unambiguous confirming act, that you agree to the processing of the personal data in question for one or more specific purposes – at any time towards us, if you have given such consent. This has the consequence that we may no longer continue the data processing based on this consent in the future, and that complain to a data protection supervisory authority about the processing of your personal data in our company.

(13) Changes to the data protection notice

In the context of the further development of data protection law and technological or organizational changes, our data protection notices are regularly reviewed to determine whether they need to be adapted or supplemented.

Withdrawal option and overview

You can revoke your consent to the use of cookies that are not technically necessary at any time via the privacy settings link in the footer at www.coursflorent.de. In addition, you will receive an overview of the tools and cookies used by us.

B. Visiting web pages

(1) Explanation of function

You can obtain information about our company and the services we offer in particular at [address of the company’s website] together with the associated sub-pages (hereinafter collectively: “websites”). When you visit our websites, personal data may be processed.

(2) Processed personal data

When using the websites for information purposes, the following categories of personal data are collected, stored and processed by us:

“Log data”: When you visit our websites, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:

  • the page from which the page was requested (so-called referrer URL)
  • the name and URL of the requested page
  • the date and time of the request
  • the description of the type, language and version of the web browser used
  • the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established
  • the amount of data transferred
  • the operating system
  • the message whether the request was successful (access status/http status code)
  • the GMT time zone difference

“Contact form data”: When contact forms are used, the data transmitted through them are processed (e.g. gender, surname and first name, address, company, e-mail address and the time of transmission).

In addition to the purely informational use of our website, we offer the subscription to our newsletter, with which we inform you about our range of courses and training and events. If you subscribe to our newsletter, the following “newsletter data” will be collected, stored and processed by us:

  • the page from which the page was requested (so-called referrer URL)
  • the date and time of the request
  • the description of the type of web browser used
  • the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established
  • the e-mail address
  • the date and time of registration and confirmation

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. For the evaluations, we link the aforementioned data and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also contain this ID. The data is collected exclusively pseudonymously, i.e. the IDs are not linked with your other personal data; a direct personal reference is excluded.

We process the personal data described in more detail above in accordance with the provisions of the GDPR, the other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Art. 6 (1) p. 1 lit. f GDPR, the aforementioned purposes also represent our legitimate interests.

The processing of log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 para. 1 p. 1 lit. f GDPR).

Contact form data is processed for the purpose of handling customer inquiries (legal basis is Art. 6 para. 1 p. 1 lit. b or lit. f GDPR).

Newsletter data is processed for the purpose of sending the newsletter. As part of the registration for our newsletter, you consent to the processing of your personal data (legal basis is Art. 6 para. 1 lit. a GDPR). For the registration to our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by e-mail to info.muc@macromedia.de or by sending a message to the contact details given in the imprint.

(4) Duration of data processing

Your data will only be processed for as long as is necessary to achieve the above-mentioned processing purposes; the legal bases specified in the context of the processing purposes apply accordingly. With regard to the use and retention duration of cookies, please refer to point A.(5).

Third parties used by us will store your data on their system for as long as it is necessary in connection with the provision of services for us in accordance with the respective order.

You can find more details on the storage period under A.(5).

(5) Transfer of personal data to third parties; basis for justification

The following categories of recipients, which are usually order processors (see A.(7)), may receive access to your personal data:

  • Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security or tool providers). The legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. b or lit. f GDPR, insofar as it does not involve order processors;
  • Government agencies/authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. c GDPR;
  • Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR.

For the guarantees of an adequate level of data protection in the event of a transfer of data to third countries, see A.(8).

In addition, we will only share your personal data with third parties if you have given your express consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.

(6) Use of cookies, plugins and other services on our website

a) Cookies

We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive by means of a characteristic character string and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer as a whole more user-friendly and effective, i.e. more pleasant for you.

Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user.

A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:

  • Technical cookies: these are required to navigate the website, use basic features and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which web pages you have visited;
  • Performance cookies: these collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you – all information collected is anonymous and is only used to improve our website and find out what interests our users;
  • Advertising cookies, targeting cookies: these are used to provide the website user with tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
  • Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); Sharing cookies are stored for a maximum of 13 months.

Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we will only share your personal data processed through cookies with third parties if you have given your explicit consent to do so pursuant to Art. 6 (1) p. 1 lit. a GDPR In the following, we name the legal bases in connection with the respective service.

b) Social media plugins and other services

Our websites also use other services that do not use cookies, but through other technologies, such as Javascript codes, web beacons, tags, other identifiers supported by AI-based technology that read data from or store data in visitors’ devices.

c) Services in detail

We use the web analytics service AB Tasty from the company AB TASTY SAS, 17 – 19 Rue Michel-le-Comte 75003, Paris (“AB Tasty”) to perform A/B or multivariate tests on websites on the intranet, mobile devices and apps to continuously improve our online offering. With AB Tasty, we have the opportunity to collect statistical information about visitor access to our online support. This information is then transmitted back to us in processed and anonymized form via a web interface. With the help of this collected information we can improve the usability of our website, the product range or the offer of its services.

During the visit to our website, AB Tasty collects statistical information about visitor traffic. This information is usage data, for example, regarding the browsers used, the number of pages viewed, the number of visits, the order of the visit, the duration of the visit to a web page, the filling of a shopping cart or its deletion, etc.

In the process, AB Tasty does not collect any data that allows a direct personal reference (e.g. name, phone number, address), except for the IP address (see below).

AB Tasty sets cookies, which serve the functionality and reliability of the software and the tests performed. The cookies make it possible to recognize visitors (although the identity of the visitor is not recognized). These cookies do not directly store any personal data of website visitors.

All test results are compiled and completely anonymized.

They contain information about:

  • the navigation of the visitor on the website
  • the behavior of visitors to the website
  • the number of visitors
  • the visits
  • pages viewed
  • and other necessary information to measure the effectiveness of a page during a test. This allows to improve the usability and content of the visited web pages. We change the setting of cookies. In addition, it should be noted that the life of cookies does not exceed 13 months.
  • IP and geolocation. While collecting and processing the information, AB Tasty uses the IP address of the Internet user, for the purpose of geolocation (regional details, in some countries potentially the city) of his connecting device. The IP address is deleted immediately after geolocation.

The legal basis for data processing is your express consent pursuant to Art. 6 (1) p. 1 lit. a GDPR, which you can withdraw at any time in the cookie settings.

AB Tasty acts as a processor with regard to the above-mentioned data processing on the basis of a processing contract. The subject of the commissioned processing is the performance of the AB Tasty services.

The Data will be stored on AB Tasty servers located in the European Economic Area (“EEA”). We are not aware of any disclosure to third parties located outside the EEA.

Click here to read the privacy policy of the data processor:
https://support.abtasty.com/hc/en-us/articles/219239327-AB-Tasty-and-data-protectio

Click here to read the cookie policy of the data processor:
https://support.abtasty.com/hc/en-us/articles/218855298-What-are-the-cookies-that-AB-Tasty-places-

Name Purpose Expires
ABTasty To send all test data (visitorID, test and variant IDs, timestamps) 13 month
ABTastySession To identify a unique session and to determine that a new session has begun for a given user Session

We use bookingkit, an online booking system of the company bookingkit GmbH (Sonnenallee 23, 12059 Berlin, Germany), which acts as a processor for us. The use of this application enables the online booking as well as payment of services (e.g. workshops) via our website. This enables us to offer and distribute our services. They are also necessary to be able to conclude the contract with you and process the payment. In addition, the data is used for authentication and optimization of the bookingkit application.

This is an application that collects the following personal data:  

  • Name
  • Address
  • Date of birth
  • E-mail address
  • Phone Number
  • Payment information (e.g. IBAN, credit card numbers)
  • IP address
  • Timestamp
  • Cookie ID
  • Login information

Bookingkit also makes use of various service partners who require the transmission of personal data for order processing. Therefore, personal data is transmitted beyond bookingkit GmbH to the following third parties:

  • Amazon Web Services, Inc
  • Calendly LLC:
  • Hotjar Ltd.
  • MANGOPAY: Upon completion of the payment process, personal data is collected and processed by MANGOPAY for the purpose of carrying out the payment process and fraud prevention. This includes last name, first name, address, date and place of birth, information about your credit and debit card and/ or your banking information, your IP address, browser information and access times. To ensure a sufficient level of security when processing payment data, this data is encrypted and transmitted securely in accordance with the PCI-DSS standard to ensure confidentiality. The PCI-DSS standard serves as a reference for the technical and operational requirements for protecting cardholder data. More detailed information can be found in the privacy policy, which you can view here.

The legal basis of the processing is Art. 6 para. 1 lit. b GDPR.

The retention period is the period during which the collected data is stored for processing. The data will be deleted as soon as the specified processing purpose ceases to apply.

Your personal data will be processed in the European Union and the European Economic Area (“EU”). Nevertheless, this service may transfer the collected data to another- outside the EU- country that does not provide an adequate level of data protection. The data will be transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without you possibly having any legal remedies. Some of bookingkit’s partners, such as calendly, state that they transfer personal data to third countries on the basis of standard contractual clauses of the EU Commission. There are no effective legal remedies available against such data access.

Data protection officer of the processing company

Below you will find the address and e-mail address of the data protection officer of the processing company.

External data protection officer

ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21
20354 Hamburg
E-mail: dataprotection@bookingkit.de

Click here to read the data processor’s privacy policy:
https://bookingkit.net/privacy-statement/

On our website, we use the Facebook pixel from Facebook (from Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, with another branch: Meta Platforms Ireland Limited 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland). For this purpose, we have inserted a code on our website. This is a JavaScript code (pixel) that enables certain functions on the page. If you have come to our website via Facebook ads, Facebook can track your usage actions via the Facebook pixel. For example, if you purchase a product on a website, the Facebook pixel is triggered and stores your actions on the website in one or more cookies.

The following data is collected in the process:

  • Viewed advertisements
  • Viewed content
  • Device information
  • Geographic location
  • HTTP headers
  • Interactions with advertisements, services and products
  • IP address
  • Clicked items
  • Marketing information
  • Non-confidential custom data
  • Pages visited
  • Pixel ID
  • Referrer URL
  • Marketing campaign success
  • Usage data
  • User behavior
  • Facebook cookie information
  • Facebook user ID
  • Usage/click behavior
  • Browser information

If you have a Facebook account, it is possible for Facebook to match the data with your Facebook account data. This data collected via Facebook pixel is anonymous for us and only becomes usable for us when we want to place advertisements. If you are logged in as a Facebook user when you call up our website, your visit to our website will be assigned to your Facebook account.

The purpose of using the Facebook pixel is to better tailor our advertising measures to your wishes and interests. This enables us to show you personalized advertising. Facebook collects your data for the purpose of data analysis and tracking as well as to implement its own advertising measures. 

The legal basis is your express consent pursuant to Art. 6 (1) lit. a GDPR, which you can withdraw at any time in our cookie settings.

The data processed via the Facebook pixel is partly stored on servers in the European Economic Area (“EEA”). However, the data also reaches servers managed by Meta Platforms in the USA. Following the discontinuation of the EU-US Privacy Shield, a transfer of data to the USA can at best be based on standard contractual clauses issued by the EU Commission and further guarantees. It is true that the transfer of personal data is based on standard contractual clauses under which Meta Platforms undertakes to process personal data in accordance with European data protection standards. However, this does not exclude the possibility that the U.S. security authorities, which are equipped with comprehensive powers, may access your personal data at any time and without any reason. This applies even if the servers are located in Europe. As a U.S. company, Meta Platforms may also be required to transfer personal data of EU citizens to the U.S. security authorities that is located on servers in the EEA. There are no effective legal remedies available to you against this.

Meta Platforms will delete your personal data after 720 days at the latest.

You can get more information about the processing here:
https://www.facebook.com/legal/terms/dataprocessing   

General information about Facebook’s privacy policy can be obtained here:
https://www.facebook.com/policy.php

We use the Google Ads service of Google Ireland Limited [Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland; Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland@google.com (“Google”)] to draw attention to our offers with the help of advertisements. If you access our website via a Google ad, Google Ads will store a cookie in your terminal device.

The advertising material is delivered by Google via so-called “ad servers”. For this purpose, we and other websites use so-called ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. Through the Google Ads cookies stored on our website, we can obtain information about the success of our advertising campaigns. These cookies are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that a user no longer wishes to be addressed) are usually stored as analysis values.

The cookies set by Google enable Google to recognize your internet browser. If a user visits certain pages of the website of an Ads customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer, so the cookies cannot be tracked across the websites of other Ads customers. Through the integration of Google Ads, Google receives the information that you have called up the relevant part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We ourselves do not independently collect personal data in the aforementioned advertising measures but provide Google alone with the opportunity to collect the data. We only receive statistical evaluations from Google, which provide information about which ads were clicked on how often and at what prices. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.

The legal basis for the processing of your personal data is your express consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR.

The revocation of your consent is possible at any time, without affecting the permissibility of the processing until the revocation. The easiest way to revoke is via our Consent Manager or via the following functions: a) by setting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving third-party ads; b) by setting your browser to block cookies from the domain “www.googleadservices.com”, www.google. de/settings/ads, deleting this setting when you delete your cookies; c) by disabling the interest-based ads of the providers that are part of the self-regulatory campaign “About Ads” via the link www.aboutads.info/choices, deleting this setting when you delete your cookies; d) by permanently disabling them in your Firefox, Internet Explorer or Google Chrome browsers at the link www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all functions of this offer.

The data transmitted to Google is stored on servers managed by Google in the USA. Following the discontinuation of the EU-US Privacy Shield, a transfer of data to the USA can at best be based on standard contractual clauses issued by the EU Commission and further guarantees. Although the transfer of personal data is based on standard contractual clauses, this does not rule out the possibility that the U.S. security authorities, which have extensive powers, can access your personal data at any time and without any reason. This applies even if the servers are located in Europe. As a U.S. company, Google may also be obliged to transfer personal data of EU citizens to the U.S. security authorities, regardless of the storage location. There are no effective legal remedies available to you against this.

Click here to read Google’s privacy policy:
https://policies.google.com/privacy?hl=de

Click here to read Google’s cookie policy:
https://policies.google.com/technologies/cookies?hl=de

Click here to object on all domains of Google:
https://safety.google/privacy/privacy-controls/

Name Purpose Expires
_gac_UA-* to store and count pageviews 90 days
Goog_pem_mod to provide ad delivery or retargeting persistent
Ads/Ga-Audiences to store information for remarketing purposes expires immediately
Session_depth to store ad display frequency 30 minutes
_gac_* to store and track audience reach 90 days
Google_pem_mod to provide ad delivery or retargeting persistent

We use Google Ads with the additional application “Google Remarketing” of the company Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).

With this procedure, we can create advertisements based on existing information about you and address you again during your further internet use. This is done by means of cookies set when you visit our offers (usually by cookies), via which your usage behavior when visiting various websites is recorded by Google and evaluated pseudonymously. According to its own statements, Google does not combine the data collected in the course of remarketing with your personal data, which may be stored by Google.

The following data is collected:

  • Duration of visit
  • IP address
  • Pages visited
  • Content in which the user is interested
  • Web page usage   

The legal basis for the processing of your data is your express consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR.

The revocation of your consent is possible at any time, without affecting the permissibility of the processing until the revocation. The easiest way to revoke is via our Consent Manager or via the following functions: a) by setting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving third-party ads; b) by setting your browser to block cookies from the domain “www.googleadservices.com”, www.google. de/settings/ads, deleting this setting when you delete your cookies; c) by disabling the interest-based ads of the providers that are part of the self-regulatory campaign “About Ads” via the link www.aboutads.info/choices, deleting this setting when you delete your cookies; d) by permanently disabling them in your Firefox, Internet Explorer or Google Chrome browsers at the link www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all functions of this offer.

Google deletes your personal data as soon as they are no longer needed for the processing purpose. Cookie information is deleted after one year at the latest.

The data transmitted via to Google LLC is predominantly stored on servers managed by Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) in the European Economic Area (EEA). However, it cannot be ruled out that your personal data may also be stored on servers located outside the EEA in the USA. After the EU-US Privacy Shield has ceased to apply, a transfer of data to the USA can at best be based on standard contractual clauses and further guarantees issued by the EU Commission. Although the transfer of personal data is based on standard contractual clauses, this does not rule out the possibility that the U.S. security authorities, which have extensive powers, can access your personal data at any time and without any reason. This applies even if the servers are located in Europe. As a U.S. company, Google may also be required to transfer personal data of EU citizens to the U.S. security authorities that is located on servers in the EU or the EEA. There are no effective legal remedies available to you against this.

Click here to read Google’s privacy policy:
https://policies.google.com/privacy?hl=de

Click here to read Google’s Cookie Policy:
https://policies.google.com/technologies/cookies?hl=de

Click here to opt-out on all Google domains:
https://safety.google/privacy/privacy-controls/

We use the Google Analytics service provided by Google LLC (“Google”). This service enables an analysis of the use of our internet pages and uses cookies for this purpose. For this purpose, the information generated by the cookie, such as your anonymized IP address, is transmitted on our behalf to a Google LLC server in the USA, where it is stored and analyzed. For on this website Google Analytics has been extended by the code “gat.anonymizeIp();”. This ensures an anonymized collection of IP addresses. The anonymization of your IP address is usually done by shortening your IP address by Google LLC within the European Union or in other contracting states of the European Economic Area (EEA). In exceptional cases, your IP address is transmitted to a Google LLC server in the USA and only anonymized there. According to Google, your IP address transmitted here will not be merged with other data from Google LLC. As part of the Google Analytics advertising function, remarketing and reports on performance by demographic characteristics and interests are used. The purpose of these methods is to use the information about user behavior to align advertising measures more closely with the interests of the respective users. As part of remarketing, personalized advertising measures can be placed on other websites based on the visitor’s surfing behavior on our websites. In this context, the advertising materials may contain products that the visitor has previously viewed on our websites. If you have consented to their web and app browsing history being linked by Google to their Google account and information from their Google account being used to personalize ads, Google uses this data for cross-device remarketing. The personal data is obtained through the use of cookies.

The following data is collected in this process:  

  • App updates
  • Click path
  • Date and time of visit
  • Device information
  • Downloads
  • Flash version
  • Location information
  • IP address
  • JavaScript support
  • Pages visited
  • Purchase activity
  • Referrer URL
  • Usage data
  • Widget interactions
  • Browser information

The legal basis for the processing of your data is also in this respect Art. 6 para. 1 p. 1 lit. a GDPR You can object to the collection of your data by Google Analytics at any time via the cookie settings.

The personal data collected from you is transmitted to servers managed by Google, most of which are located in the USA. After the cessation of the EU-US Privacy Shield, a data transfer to the USA can at best be based on standard contractual clauses and further guarantees issued by the EU Commission. Although the transfer of personal data is based on standard contractual clauses, this does not rule out the possibility that the U.S. security authorities, which are equipped with comprehensive powers, can access your personal data at any time and without any reason. This applies even if the servers are located in Europe. You have no effective legal remedies against this.

The data will be stored for a maximum of two years.

Click here to read Google’s privacy policy:
https://policies.google.com/privacy?hl=en

Click here to read Google’s cookie policy:
https://policies.google.com/technologies/cookies?hl=en

Click here to object on all domains of Google:
https://tools.google.com/dlpage/gaoptout?hl=de

Name Purpose Expires
_ga ID used to identify users 2 years
_gid ID used to identify users for 24 hours after last activity 24 hours
_gat Used to monitor number of Google Analytics server requests when using Google Tag Manager 1 minute
AMP_TOKEN Contains a token code that is used to read out a Client ID from the AMP Client ID Service. By matching this ID with that of Google Analytics, users can be matched when switching between AMP content and non-AMP content. 30 seconds to 1 year
_gac_[property-id] Contains information related to marketing campaigns of the user. These are shared with Google AdWords / Google Ads when the Google Ads and Google Analytics accounts are linked together. 90 days
__utma ID used to identify users and sessions 2 years from set/update
__utmt Used to monitor number of Google Analytics server requests 10 minutes
__utmb Used to distinguish new sessions and visits. This cookie is set when the GA.js javascript library is loaded and there is no existing __utmb cookie. The cookie is updated every time data is sent to the Google Analytics server. 30 mins from set/update
__utmc Used to distinguish new sessions and visits. This cookie is set when the GA.js javascript library is loaded and there is no existing __utmb cookie. The cookie is updated every time data is sent to the Google Analytics server. Session
__utmz Contains information about the traffic source or campaign that directed user to the website. The cookie is set when the GA.js javascript is loaded and updated when data is sent to the Google Anaytics server 6 months from set/update
__utmv Contains custom information set by the web developer via the _setCustomVar method in Google Analytics. This cookie is updated every time new data is sent to the Google Analytics server. 2 years from set/update
_gaexp Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in. 90 days
_opt_awcid Used for campaigns mapped to Google Ads Customer IDs. (Only set if Google Optimize is used) 24 hours
_opt_awmid Used for campaigns mapped to Google Ads Campaign IDs. (Only set if Google Optimize is used) 24 hours
_opt_awgid Used for campaigns mapped to Google Ads Ad Group IDs (Only set if Google Optimize is used) 24 hours
_opt_awkid Used for campaigns mapped to Google Ads Criterion IDs (Only set if Google Optimize is used) 24 hours
_opt_utmc Stores the last utm_campaign query parameter. (Only set if Google Optimize is used) 24 hours
_opt_expid This cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that’s being redirected. (Only set if Google Optimize is used) 10 seconds

We use Google Analytics 4 to analyze and improve the use of our website.

Google Analytics 4 is a web analytics and tracking service provided by Google LLC (“Google”). Google Analytics 4 may use so-called “cookies” if we activate the cookie function. In addition, Google Analytics 4 uses a standard anonymized user and client ID generated by our website or app as well as Google signals to identify users.

The anonymized user ID is assigned to a logged-in user after the user has been uniquely identified beforehand. With the help of the user ID, users can be identified regardless of the device they are using. For example, if users access the website or app via both smartphones and tablets, we can analyze the user paths using the user ID in a holistic overview of the data.

The client ID is a unique, randomly generated string that acts as a pseudo-anonymized identifier and anonymously identifies a browser instance. It is stored in the browser cookies so that subsequent calls to the same website can be assigned to the same user.

Google signals are session data from websites and apps that Google links to users who are logged into their Google account and have activated personalized advertising. Linking data to these logged-in users enables cross-device reporting, cross-device remarketing, and the export of cross-device usage results (known as “conversions”) to Google Ads.

The data processed by Google Analytics 4 is personal data within the meaning of Art. 4 (1) GDPR. Google Analytics 4 collects personal data in the form of user characteristics and event data, among other things. The latter are automatically recorded events (user activities, number of sessions, clicks on ads, which ads are viewed, removal or deletion of credentials, crashes of websites or apps, completion or cancellation of subscriptions, clicks on links, scrolling behavior, ends of videos viewed, etc.), events optimized for analytics (number of sessions, clicks on ads, which ads are viewed, removal or deletion of credentials, crashes of websites or apps, completion or cancellation of subscriptions, clicks on links, scrolling behavior, ends of videos viewed, etc.), events optimized for analytics (page views, scrolls, actuation of external links, website searches, playing videos, file downloads, etc.), recommended (purchase process on the website, travel offers, games), and custom events (events that are neither automatically captured nor recommended). Session data is also collected, such as multiple page views, events (see above), social interactions, and e-commerce transactions.

User properties are attributes of the users who interact with your app or website. They are used to describe user segments such as language preference or geographic location. Some user properties are automatically logged in Google Analytics 4.

The information generated by the cookie, the user ID and Google signals about your use of this website is usually transmitted to a Google server in the USA and stored there. In case of activation of IP anonymization, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google uses this information to evaluate your use of the website, to compile reports on website activity, to make a forecast regarding your future web behavior and to provide other services to the website operator related to website and Internet use. User ID data collected in one website or app cannot be shared or combined with data from another website or app. Data about devices and activities from different sessions on a website or app, on the other hand, can be merged and combined using the User ID or Google signals. Collecting and combining the data is likely to create usage profiles about you.

The legal basis for the processing of data using Google Analytics 4 is your express consent pursuant to Art. 6 (1) lit. a GDPR.

You can revoke your consent to the processing of your personal data through the use of Google Analytics 4 at any time by changing your cookie settings accordingly. In addition, you can also notify us of your revocation by post, by telephone at +49 40 288 01-3290, by e-mail to datenschutz@gge-germany.de or by fax (+49 40 288 01-3497).

You may also refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout   

We use Google Analytics with the extension “_anonymizeIp()”. This shortens the IP addresses (so-called IP masking).

Name Purpose Expires
_ga Used to distinguish users 2 years
_ga Used to distinguish users 24 hours
_ga_[container-id] Used to persist session state 2 years
_gac_gb_[container-id] Contains campaign related information 90 days

We also use Google Consent Mode. This is an application that can be implemented in other Google products, such as Google Ads, Universalt Analytics and Google Analytics 4 (Universal and Google Analytics 4 hereinafter: “Google Analytics”). Google Consent Mode allows us to consider the refusal or granting of your consent regarding the use of Google Ads and Google Analytics across websites and devices, so that you do not have to make your decision again for each of the websites we operate, regardless of the end device. Google Consent Mode does not replace a consent manager or layer, so you can consent or object to the use of cookies unchanged via our cookie banner. The application transmits your decision to Google.

If you do not consent to the use of Google Ads and Google Analytics, Google will nevertheless receive the analysis and advertising data related to the function of the aforementioned applications and will only share them in aggregated form.

Google is an EU-US Privacy Shield certified company www.privacyshield.gov/EU-US-Framework. On this basis, data transfer to the USA was considered permissible under data protection law. The ECJ declared the EU-US Privacy Shield to be inadmissible, as US security and law enforcement agencies can collect personal data from EU citizens on an unrestricted basis and across the board. Moreover, there are no effective legal remedies available against such data access. Consequently, there is currently no legally secure basis for a data transfer of your personal data to the USA.

Information about Google:
Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

More information on Google’s terms of use:
www.google.com/analytics/terms/de.html   

More information about Google’s privacy policy:
www.google.com/intl/de/analytics/privacyoverview.html

On our website we use the Google Tag Manager of the company Google Inc. if you have consented accordingly in the Consent Manager. Google Inc. has its European headquarters in: Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland. Google Tag Manager is used by us to provide you with a good user experience on our website and to be able to customize our offer. We do this by embedding sections of code (tags) into the source code of our website. The tags are managed via the Tag Manager. This allows us to track user behavior via various functions on our website and thus to customize our offer. According to its own statements, Google does not combine the data collected within the framework of the Tag Manager with your personal data, which may be stored by Google. Google acts as a processor for us with regard to the Tag Manager tool and has contractually guaranteed compliance with data protection in accordance with European standards.

In any case, your IP address is collected via a separate cookie set by Google Tag Manager. Information is also collected about the hardware and software you use, such as which operating system and which browser you use and its version. Furthermore, data is collected about your website visits, the language set on your system and the type of screen and its resolution. Finally, the support of scripting languages and the fonts of installed browser plug-ins. Depending on which other tracking services are used by us and managed via the Tag Manager (e.g. Google Analytics or Facebook Pixel), your IP address will be transmitted to servers managed by Google or Facebook, most of which are located in the USA, in addition to other data. After the discontinuation of the EU-US Privacy Shield, a data transfer to the USA can at best be based on standard contractual clauses issued by the EU Commission and further guarantees. Although the transfer of personal data takes place on the basis of standard contractual clauses, this does not exclude the possibility that the US security authorities, which are equipped with comprehensive powers, can access your personal data at any time and without any reason. This applies even if the servers are located in Europe. You have no effective legal remedy against this.

The legal basis for the processing of your data is also in this respect Art. 6 para. 1 p. 1 lit. a GDPR, i.e. the integration only takes place after your consent.

The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation. The easiest way to revoke is via our Consent Manager or via the following functions: a) by setting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving third-party ads; b) by setting your browser to block cookies from the domain “www.googleadservices.com”, www.google.de/settings/ads, deleting this setting when you delete your cookies; c) by disabling interest-based ads from the vendors that are part of the “About Ads” self-regulatory campaign at the link www.aboutads.info/choices, deleting this setting when you delete your cookies; d) by permanently disabling them in your Firefox, Internetexplorer or Google Chrome browsers at the link www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

For more information about Google’s privacy practices, please visit:
www.google.com/intl/de/policies/privacy
services.google.com/sitestats/en.html

Our website uses the Mouseflow service provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. This is an analysis tool that allows us to create the visitor’s use of our website based on the movements and clicks of the computer mouse controlled by you.

The following data is collected in this process:

  • Click Path
  • Viewed content
  • Geographical location
  • Location information
  • IP address (anonymized only)
  • Mouse movements
  • Operating system information
  • Visited pages including page content
  • Usage data
  • Time spent on a page
  • Scrolling activity
  • Browser information
  • Referrer URL
  • Visitor type (first-time visitor/return visitor)
  • Screen resolution
  • Language

For this purpose, the service uses cookies, JavaScript codes or tracking pixels that are stored on your browser and thus on your end device (computer, smartphone or tablet). On this basis, the movements and clicks of the computer mouse you use on our website are tracked, in particular through session replays/records, heat maps, funnel and form analyses, and feedback campaigns. The “Session Replay” is the first stage of the analysis. Here, the entire visit can be replayed, filtered and segmented to highlight any problems that may occur. The second stage is the heat map. Similar to a thermal imaging camera, heavily trafficked areas are highlighted in color. Funnel analysis, on the other hand, shows the percentage of users who decide to proceed to the next step and ultimately conversion. In addition to this, form data can be analyzed. This works in a similar way to heat maps.

We can see which windows or buttons you have clicked on and how far you have scrolled on the website. In addition, the above-mentioned technical data is also collected. For this purpose, pseudonymous usage profiles are temporarily created. The movements of your computer mouse are summarized in a log. 

The evaluation of the data serves us to improve our web offer and the user-friendliness of our website. We would also like to optimize the surfing experience on our website for you.

The legal basis for the processing is your express consent pursuant to Art. 6 (1) p. 1 lit. a GDPR, which you can revoke at any time in the cookie settings.

Mouseflow acts as a processor for us with regard to data processing on a corresponding contractual basis.

According to Mousflow’s own statements, the data collected in the European Economic Area (“EEA”), including personal data, is stored exclusively on servers in the EU and is not transferred to a country outside the EEA. Accordingly, a transfer of the data to third parties only takes place within the EEA. To whom the data is specifically passed on is not apparent to us, as Mouseflow does not provide any precise information in this regard.

If the data is not already deleted when the purpose for which it was collected ceases to apply, it will be deleted after 1-12 months, depending on the type of contract we have concluded with Mouseflow. 

Click here to read the privacy policy of the data processor:
https://mouseflow.com/privacy/

Click here to read the cookie policy of the data processor:
https://support.mouseflow.com/support/solutions/articles/44001550895-what-is-your-cookie-policy-

Click here to object on all domains of the processing company:
https://mouseflow.com/opt-out/

Name Purpose Expires
*_mf Functionality unknown Session

We use the CMP of the company Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany (contact@usercentrics.com) on our websites. The CMP is used by us to document and manage your consent, declared by an opt-in, to the processing of your personal data by technically non-essential services. As a controller, we are required by law to account for the granting of consents as well. We must therefore be able to prove your consent, which constitutes its own personal data. Consent data includes the date and time of your visit or your consent or withdrawal, as well as device information. We obtain this information by retrieving it from the local storage provided in your browser for this purpose.

Usercentrics acts as a processor for us on a contractual basis. The contractual agreement provides, among other things, that Usercentrics undertakes to comply with data protection, which includes securing your personal data (consent data) through appropriate technical and organizational measures – in particular by means of encryption technologies.

The legal basis for storing your consent is Art. 6 para. 1 lit. c GDPR in conjunction with Art. 5 para. 1 lit. a, para. 2, Art. 7 para. 1 GDPR and Art. 6 para. 1 lit. f GDPR, whereby compelling reasons can be raised against an objection (Art. 21 GDPR) on your part. Such a compelling reason arises, for example, from the above-mentioned accountability obligation to which we are subject by law. Consent pursuant to Section 25 (1) of the German Teleservices Data Protection Act (“TTDSG”) is not required, as the exception of Section 25 (2) No. 2 of the TTDSG applies in this respect.

Your consent data is stored on Google cloud servers located in the EU/EEA and stored for a period of 3 years for regulatory auditing purposes. Although the transfer of personal data to Google is based on standard contractual clauses, this does not exclude the possibility that the US authorities, which are equipped with extensive powers, can access your personal data at any time and without any reason. This applies even if the servers are located in Europe. As a U.S. company, Google may also be required to transfer personal data of EU citizens to the U.S. authorities that is located on servers in the EU or the EEA. There are no effective legal remedies available to you against this.

Further information on the subject of data protection can be found here:
https://usercentrics.com/privacy-policy/

Name Purpose Expires
uc_tcf Local storage to provide the service and to save your data protection settings persistent
uc_settings Local storage to provide the service and to save your data protection settings persistent
uc_user_interaction Local storage to provide the service and to save your data protection settings persistent
uc_cross_domain_data_[x]_tcf Local storage to provide the service and to save your data protection settings persistent
uc_cross_domain_data_[x] Local storage to provide the service and to save your data protection settings persistent
uc_cross_domain_data_[x] Local storage to provide the service and to save your data protection settings Session

We have embedded YouTube videos of the company Google LLC (Mountain View, California, USA) in our online offer, which are stored on www.YouTube.com and can be played directly from our website. By simply visiting our website – before you click on an embedded video – YouTube processes personal data by setting cookies. Thus, the information is transmitted that you have called up a corresponding sub-page of our website. In addition, log files are transmitted.

The following data are to be mentioned:

  • Device information
  • IP address
  • Referrer URL
  • Videos viewed

This is done regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of personalized advertising, market research and/or needs-based design of its own website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

The legal basis for the processing is your express consent pursuant to Art. 6 (1) a GDPR, which you can withdraw at any time in the cookie settings.

The data transmitted to Google LLC via the YouTube video is predominantly stored on servers managed by Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) in the European Economic Area (EEA). However, it cannot be ruled out that your personal data may also be stored on servers located outside the EEA in the USA. After the EU-US Privacy Shield has ceased to apply, a transfer of data to the USA can at best be based on standard contractual clauses and further guarantees issued by the EU Commission. Although the transfer of personal data is based on standard contractual clauses, this does not rule out the possibility that the U.S. security authorities, which have extensive powers, can access your personal data at any time and without any reason. This applies even if the servers are located in Europe. As a U.S. company, Google may also be required to transfer personal data of EU citizens to the U.S. security authorities that is located on servers in the EU or the EEA. There are no effective legal remedies available to you against this.

For more information on the purpose and scope of data collection and processing by YouTube, please refer to Google’s privacy policy. There you will also find further information about your rights and settings options to protect your privacy:
https://www.google.de/intl/de/policies/privacy.

Name Purpose Expires
yt-remote-device-id Youtube saves the user’s video playback settings for embedded videos in this local storage element. Persistent
yt-remote-connected-devices Youtube saves the user’s video playback settings for embedded videos in this local storage element. Persistent
yt-player-headers-readable Youtube saves the user’s video playback settings for embedded videos in this local storage element. Persistent
yt-player-bandaid-host Youtube saves the user’s video playback settings for embedded videos in this local storage element. Persistent
yt-remote-session-app YouTube saves the user’s video playback settings for embedded videos in this session storage element. Session
yt-remote-cast-installed YouTube saves the user’s video playback settings for embedded videos in this session storage element. Session
yt-remote-session-name YouTube saves the user’s video playback settings for embedded videos in this session storage element. Session
yt-remote-cast-available YouTube saves the user’s video playback settings for embedded videos in this session storage element. Session
yt-remote-fast-check-period YouTube saves the user’s video playback settings for embedded videos in this session storage element. Session
Withdrawal option and overview

You can revoke your consent to the use of cookies that are not technically necessary at any time via the privacy settings link in the footer at www.coursflorent.de. In addition, you will receive an overview of the tools and cookies used by us.

C. Online Events Data Protection Notice

With this data protection notice, we inform you (in the following text also referred to as “user” or “data subject”) in a general way about the data processing within the framework of our online events.

Galileo Global Education Germany GmbH or Macromedia GmbH collects, processes and uses your personal data in compliance with the guidelines of the General Data Protection Regulation (“GDPR”) as well as the Federal Data Protection Act (“BDSG”).

(1) The data controllers are:

Galileo Global Education Germany GmbH and Macromedia GmbH, Sandstraße 9, 80335 Munich, respectively.

The data protection officers for Macromedia GmbH and Galileo Global Education Germany GmbH can be reached via e-mail at datenschutz@gge-germany.de.

(2) Categories of personal data

Personal data is information that can be used to find out personal or factual circumstances about you, such as name, address, telephone number or e-mail address. Information with which we cannot establish a connection to you is generally not personal data.

The following categories of data are processed by us as part of the execution of the online events (hereinafter the “Data”):

  • Inventory data (e.g. Names, addresses, functions, place of birth, country of birth, date of birth, organisational affiliation, etc.);
  • Contact details (e.g. E-mail, telephone/fax number etc.);
  • Content data (e.g. Text entries, image files, videos etc.);
  • Study related data (e.g. Certificates, CV, courses, exams)
  • Meeting metadata (e.g. participant IP addresses, device/hardware information)

Your personal data will only be used for the purpose of participating in online events, for example

  • Events for applicants and students such as
    Sales presentations (presentation of the university and the courses offered), Introduction days (information on the start of studies for all first semesters), International Days (information regarding the semester abroad),
  • Career Days (information about internships and career opportunities), Completion (Closing ceremonies for Bachelor’s and Master’s graduates)
  • Teaching events such as
    Symposia (e.g. international expert discussions on various current topics of teaching),
  • Corporate events such as
    cross-location teaching events (e.g. Faculty council meetings) Christmas parties and other celebrations.

Your personal data will be used or processed exclusively for the purposes of contract execution, compliance with legal regulations, as well as for consulting and support purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b) of the GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

(4) Recipients or categories of recipients of personal data

To the extent that we disclose data during processing to other persons and companies, such as web hosts, processors, or third parties, send it to them or otherwise grant them access to the data, this shall be done on the basis of a legal authorisation (e.g. When a transfer of data to a third party is necessary for the fulfilment of a contract in accordance with Art. 6 para. 1 lit. b GDPR), if the persons concerned have agreed to this, or a legal obligation provides for this. In particular, this includes companies, partner universities and event participants.

(5) Cooperation with data processors

As with any larger company, we also use external domestic and foreign service providers (e.g. for IT, telecommunications, sales, marketing) to handle our business transactions.

If your personal data is passed on by us to our subsidiaries or passed on to us by our subsidiaries (for example for advertising purposes), this is done on the basis of existing order processing relationships.

(6) Transmission to third parties

Personal data will be transmitted to third parties if

  • according to Art. 6 para. 1 sentence 1 letter a) of the GDPR, the data subject has expressly consented to this,
  • the disclosure thereof is necessary for the establishment, exercise or defence of legal claims pursuant to Art. 6 para. 1 sentence 1 letter f) of the GDPR, and there is no reason to believe that the data subject has an overriding legitimate interest in not disclosing his or her data,
  • there is a legal obligation to transmit data in accordance with Art. 6 para. 1 sentence 1 letter c) of the GDPR, and/or
  • this is necessary for the fulfilment of a contractual relationship with the data subject in accordance with Art. 6 para. 1 sentence 1 letter b) of the GDPR.

In other cases, personal data will not be transferred to third parties.

(7) Transmission to third countries

We do not transmit your data to third countries. If we transmit data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) in the context of the use of third-party services or disclosure, or transfer of data to third parties, this only takes place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process data, or allow the data to be processed, in a third country only in the event of the existence of the specific conditions of Art. 44 et seq. GDPR i.e. the processing takes place, for example, on the basis of specific guarantees such as the officially recognised establishment of one of the EU compliant data protection levels or compliance with official recognised special contractual obligations (so-called “standard contractual clauses”).

(8) Duration of retention of personal data

The criterion for the duration of storage of personal data is the respective statutory retention period. After the expiry of the deadline the corresponding data is deleted provided it is no longer necessary for achieving the purpose, fulfillment of the contract or contract initiation.

(9) Your rights

As a data subject, you have the following rights:

  • pursuant to Art. 7 para. 3 of the GDPR, to revoke your one-time-only consent you have granted to us at any time.
  • pursuant to Art. 15 of the GDPR, to request information about your personal data processed by us. In particular, you can request to be informed about the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, or will be disclosed, the source of the data, if it was not collected by us, as well as the existence of automated decision-making including profiling and, where appropriate, meaningful information about the details;
  • pursuant to art. 16 of the GDPR, to request immediate correction of incorrect data, or completion of your personal data stored by us;
  • pursuant to art. 17 of the GDPR, to request the erasure of your personal data stored with us insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or assertion, exercise of defence of legal claims;
  • pursuant to art. 18 of the GDPR, to request e restriction of the processing of your personal data insofar as you dispute the accuracy of the data, the processing is unlawful, but you reject its deletion and we no longer require the data, you, however, require it for the assertion, exercise, or defence of legal claims or in the event that you have filed an objection to the processing in accordance with art. 21 of the GDPR;
  • pursuant to art. 20 of the GDPR, if the conditions exist, you can request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or request their transmission to another controller and
  • pursuant to art. 77 of the GDPR, you can lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority assigned to your usual place of residence or work, or to our place of business.

The restrictions of §§ 34 and 35 of the Federal Data Protection Act (BDSG) apply to the right of access

and the right of deletion. Processing would be necessary even after objection in accordance with art. 21 of the GDPR if we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or if the processing is carried out for the purposes of asserting, exercising or defending legal claims.

To exercise the rights described above, please contact our business address or our Data Protection Officer in writing at the following email: datenschutz@gge-germany.de

(10) Right to objection

If your personal data are processed based on legitimate interests in accordance with Art. 6 para. 1 p. 1 lit. f. GDPR, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation.

If you would like to exercise your right of objection it is sufficient to send an e-mail to datenschutz@gge-germany.de.

(11) Hopin

To carry out our online events (see point 3), we use the online platform of the company Hopin Ltd, 5 Churchill Place, 10th Floor, London, E14 5HU; e-mail: privacy@hopin.to.

Hopin events are structured in such a way that you can participate virtually in an event /trade fair.

Depending on the event, we activate different functions:

  1. Reception: This is the virtual foyer of the event. Here you will find general information about the process of the virtual event. In addition you have a direct view of the current programme item.
  2. Stage: This is where the events that we live-stream take place. In the program, these are the events that take place on the “stage“. As a participant, you can interact with the speaker via the chat. However, you may not go on stage yourself, or actively turn on your camera and audio.
  3. Sessions: The sessions of the event are listed here. You can actively join sessions and share your audio/video (optional) or chat with other session participants. Some sessions may be recorded (audio + video only).
  4. Networking: Meet other participants. You will be matched at random and can chat with each other for up to 3 minutes.
  5. Chat: The side menu, incl. the chat is always active. There are two different chat areas as soon as you join the stage, a session or an exhibition area. On the one hand there is a chat for the respective area in which you currently find yourself. On the other hand there is the global event chat which is constantly visible for event participants. You can jump between the chat areas at your leisure.
  6. Attendance: The number displayed next to the green dot shows how many guests are currently attending the event.
  7. Notifications: If you receive a new notification a red dot will appear next to the “bell” icon.
  8. Profile: This is where you can personalise your profile. Fill in the information in order to share your “business card” with other attendees. Feel free to upload a photo so that the virtual event is a little more personal.
  9. Chat function: You can have private video and text chats with other participants. These are not audible and visible to other participants. To do this search for the corresponding name in the participant overview and click on that person. A private 1:1 chat window will open with the button “invite to video call”. A link will appear in the chat window which must be clicked by both participants. A private video call window will open. If you are contacted by other participants via private message a red dot will appear next to the “envelope” icon. Note: The link which was created for a 1:1 video chat can also be sent to other participants. This way 5 participants can talk with one another separately from the public sessions. This room is not audible and visible to other participants.
  10. Expo: Companies introduce themselves during the Expo. You can receive general information; often the booth is “live” and you can contact the booth representative via chat or audio/video function.

In order to participate in our events via Hopin you must create a user account for the online platform used. A user account is necessary in order to participate in virtual conferences/events. This information is necessary to properly conduct the digital conference/event. Data which you provide us with as part of your participation in the online event will not be forwarded to Hopin (cf. Items 5 -8 of these instructions). Hopin independently processes your data. According to Hopin the following personal data is requested as part of the registration process:

  • first name
  • last name
  • email address.

When you log in to your user account for the purpose of participating in online events, Hopin collects additional personal data. This also includes usage data, marketing and communication data, analysis data and technical data of your terminal equipment (PC, smartphone, tablet). In particular, Hopin collects personal data through the use of cookies and similar technologies also from third party providers such as Google Analytics, etc.. This applies in particular to analytics data and data that Hopin transmits to third parties for advertising purposes.

Hopin also relies on the fulfillment of a contract or a legitimate interest with regard to the collection of data for marketing and analysis purposes. This is not permitted under current European law, as only your consent can legitimize such processing.

The third-party service providers used by Hopin store your personal data, among other things, on servers primarily in the USA (e.g., Google’s AWS cloud or the payment service provider Stripe). Hopin also states that it transfers personal data to countries outside of your residence, including the European region, as part of the provision of its services. However, according to its own statement, it does so only after ensuring that an appropriate level of protection is in place. I.e. the third country transfer takes place only on the basis of an adequacy decision of the EU Commission, standard contractual clauses or other guarantees. Please note that even in the case of a data transfer to the USA, the agreement of standard contractual clauses of the EU Commission cannot, in case of doubt, prevent US security authorities from gaining access to your personal data without effective legal remedies being available to you. There is also no adequacy decision for the USA.

Hopin states that it will retain your personal data for as long as necessary for the purpose for which it was collected. In addition, the data will be stored if it is necessary for the fulfillment of legal obligations such as tax or accounting obligations or for legal prosecution or defense.

You can delete or manage your Hopin account independently at any time. The Hopin terms of use apply: https://hopin.com/terms
The Hopin Data protection notice can be found here: https://hopin.com/privacy

(12) Integration of third-party content

On the event platform you will find so-called hyperlinks to websites of other providers. When activating these links you will be forwarded from our website directly to the websites of other providers. You will be able to recognise this by seeing the change in the URL, among other things.

We cannot accept any responsibility for the handling of your data by these providers on these external websites because we have no influence on these providers handle your personal data. Please inform yourself about this directly on the websites of the respective provider.

Withdrawal option and overview

You can revoke your consent to the use of cookies that are not technically necessary at any time via the privacy settings link in the footer at www.coursflorent.de. In addition, you will receive an overview of the tools and cookies used by us.