If your personal data is processed, you are a “data subject” within the meaning of the GDPR, which may entitle you to the rights described below. If you assert rights against OPEN MIND as the controller, we recommend that you address them using the following contact details:
OPEN MIND Technologies AG
Argelsrieder Feld 5
82234 Wessling, Germany
datenschutz[at]openmind-tech.com
1. Right to information
In accordance with Art. 15 GDPR, you can request confirmation from us as to whether personal data concerning you is being processed by us and request information on the extent to which we process your data.
2. Right to rectification
If personal data concerning you is incorrect or incomplete, you have a right to rectification and/or completion in accordance with Art. 16 GDPR.
3. Right to erasure
If the legal requirements of Art. 17 GDPR are met, you can demand that we erase your data if we process it unlawfully or if processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, for example, in case of statutory retention obligations.
Irrespective of exercising your right to erasure, we will erase your data immediately and completely to fulfill our statutory erasure obligations once the purpose of processing no longer applies, provided that there is no legal or statutory retention period to the contrary.
4. Right to restriction of processing
In the cases defined in Art. 18 GDPR, you can request that we restrict the processing of your data. If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
5. Right to data portability
In accordance with Art. 20 GDPR, you have the right to have data provided by you, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
6. Right to object
If we process your data on the basis of a legitimate interest within the meaning of point (f) of Art. 6(1) GDPR, you can object to this data processing at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions (see Art. 21 GDPR). If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be used for the purpose of direct marketing. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.
7. Right to revoke the declaration of consent under data protection law
Some data processing operations are only possible with your express consent within the meaning of point (a) of Art. 6(1) GDPR or Section 25(1) of the Telecommunications and Telemedia Data Protection Act (TTDSG). You can withdraw your consent you have already given at any time with future effect. However, the lawfulness of data processing based on consent before its withdrawal remains unaffected by the withdrawal. Please note that even after consent has been withdrawn, it may still be possible to process the data concerned in whole or in part on the basis of other legal provisions.
8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR (Art. 77 GDPR in conjunction with Section 19 BDSG). A list of data protection officers and their contact details can be found under the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for us at our company headquarters:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 27
E-mail: poststelle@lda.bayern.de
III. What personal data is processed and from what sources does this data originate?
1. Origin of the personal data
We mainly process the data that we receive directly from data subjects in the course of initiating a business relationship or in the course of the business relationship (see also Part C).
In addition, we process data that we have legitimately received from other companies in our corporate group or from partner companies or locally responsible companies integrated into our sales system with which we have a long-term business relationship (see https://www.openmind-tech.com/de/open-mind/partner/ueberblick.html), insofar as this is necessary for the provision of our services or for the fulfillment of the contract with you.
In individual cases, we also process data that we have permissibly received or acquired from other third parties such as credit agencies, creditor protection associations, or public authorities, or that we have permissibly taken, received, or acquired from publicly accessible sources (such as telephone directories, company registers, the press, Internet, or other media).
We process data through our website that we receive during your visit to the website or that you actively provide to us when using the website, for example, when using our contact form. Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (Internet browser, operating system, or time of the page impression, for example). This data is collected automatically as soon as you enter our website. See Part B for details.
2. Categories of personal data
Personal data regularly processed by us includes personal master data/contact details, such as first and last name, address, e-mail address, telephone number, fax number, and position in the company.
We also process the following other personal data, depending on the order/service:
• Information about the nature and content of our business relationship, such as contract data, order data, sales and document data, customer and supplier history, consulting documents
• Financial status information (such as credit rating data)
• Advertising and sales data
• Documentation data (such as consultation records, data from service calls or support cases)
• Information from your electronic communication with us (such as IP address, login data)
• Other data that we have received from you in the course of our business relationship (for example, in customer consultations)
• Documentation of declarations of consent
• Photos taken at public events
IV. For what purposes and on what legal basis is the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) in the respective current version, in particular on the following bases:
1. Fulfillment of (pre-)contractual obligations (point (b) of Art. 6(1) GDPR)
Personal data is processed based on point (b) of Art. 6(1) GDPR for the fulfillment of contractual obligations of OPEN MIND, in particular in connection with the sale and distribution of our goods and services as well as all activities customary in the industry that are required for the operation or administration of OPEN MIND (such as customer administration). The data may also be processed at a pre-contractual level in the context of initiating business with OPEN MIND, or in the course of other contractual relationships with OPEN MIND.
Thus, point (b) of Art. 6(1) GDPR is the legal basis, for example, in the following cases:
• Creating and maintaining a customer account
• Maintaining files for customers/prospects or our database of customers/prospects
• Offer and sale of OPEN MIND software products
• Offer and implementation of our services (training and education services, for example)
Details on the purpose of this data processing can be found in the respective contract documents and business terms and conditions.
2. Protection of legitimate interests (point (f) of Art. 6(1) GDPR)
Based on a weighing of interests, data may be processed beyond the actual fulfillment of the contract to protect the legitimate interests of OPEN MIND or third parties. This is permissible unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail. Data processing to safeguard legitimate interests exists, for example, in the following cases:
• Transfer of data to companies affiliated with us (see https://www.openmind-tech.com/de/open-mind/partner/ueberblick.html)
• Consultation of and data exchange with credit agencies and creditor protection associations to obtain creditworthiness data, and maintaining a Group-wide creditworthiness database to identify financial default risks for specific business transactions
• Execution of payment transactions via external service providers
• Use of debt collection services and lawyers to collect receivables and/or legally enforce them
• Assertion of other legal claims and defense in legal disputes
• Advertising or marketing
• Market and opinion surveys
• Image and sound recordings at public events (such as trade fairs, open house, workshops, industry events)
• Business management and further development of our services
• Maintaining databases on customers/prospects and service providers to improve our offers
• Carrying out a risk assessment (due diligence) as part of corporate restructuring or a company acquisition or sale, where applicable
• IT security and safeguarding the IT operations of our company
• Measures for building and plant safety
3. Fulfillment of legal obligations (point (c) of Art. 6(1) GDPR)
Processing of your data may in part be necessary for compliance with various legal obligations and requirements to which we are subject, for example, under the German Commercial Code or the German Fiscal Code.
4. Consent (point (a) of Art. 6(1) GDPR)
If you have given us your consent to process your data in individual cases, the data will be processed in accordance with the purposes specified in the declaration of consent and to the extent agreed therein. Any consent given, for instance for the sending of a newsletter, can be withdrawn at any time with future effect. Please contact us for this purpose using the contact details provided in Part A., Section I or II. Please note that processing that took place before the withdrawal is not affected by the withdrawal and that data processing may still be possible, at least in part, on the basis of other legal provisions.
In this case, we will make use of your data for the following purposes:
• Quality assurance: To make continuous improvements to our services and products, we carry out surveys that focus on your satisfaction with and experiences arising from the contractual relationship.
• General and personalized advertising by e-mail, fax, or telephone.
• If you have given us a corresponding SEPA direct debit mandate, we will use your bank details. We will use the SEPA direct debit mandate to collect outstanding amounts in accordance with the contractual agreements.
V. Who receives my data?
At OPEN MIND, your data is provided to those employees or organizational units that require the data to fulfill our contractual and legal obligations or to process or pursue our legitimate interests.
Your data will be used to initiate a contractual relationship and for contract fulfillment (provision of a service or sale of goods, for example) in accordance with sentence 1, point (b) of Art. 6(1) GDPR and/or – depending on the nature of the specific contractual relationship – on the basis of our legitimate interests pursuant to sentence 1, point (f) of Art. 6(1) GDPR, provided in particular to companies that we employ regularly in connection with the provision of our services or for contract fulfillment. This concerns the following recipients or categories of recipients:
• IT service providers (such as e-mail service providers, web hosting companies), in particular Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany (web hosting)
• Affiliated companies and partner companies (see https://www.openmind-tech.com/de/open-mind/partner/ueberblick.html)
• Communication providers (telephone/fax providers)
• Payment service providers
• Shipping and logistics service providers
If we use a service provider in the sense of a processor according to Art. 28 GDPR, we nevertheless remain responsible for the protection of your data. Where required by law, processors are contractually obliged by means of a data processing agreement to treat your data confidentially and to process it only within the scope of the provision of services. The processors engaged by us will receive your data if they require the data to perform their respective services.
Your data will only be transmitted to state institutions and authorities or collected for this purpose within the framework of mandatory national legislation or if you instruct us to do so.
VI. How long will my data be stored?
Your personal data will be used only for the purpose for which you provided it to us, or for the processing of which you have given us your consent, and will be stored until this specific purpose has been fulfilled. After the purpose has been completely fulfilled, or when you ask us to erase your data, your data will only be stored for as long as necessary due to statutory limitation periods or retention periods (in particular under tax and commercial law). However, the data will be erased at the latest after the end of all limitation/retention periods, unless you have expressly consented to further or other use. You can also assert rights during the retention periods, such as the blocking of your data. See Part A., Section II.
Your data will be erased or blocked by us as soon as the purpose of storage no longer applies or you request that we erase your data.
As a matter of principle, we process and in particular store your data only until the end of the business relationship or until the end of the applicable guarantee, warranty, and limitation periods. For example, the limitation period according to Section 195 ff. of the German Civil Code (BGB) is generally three years, but in certain cases up to thirty years. It may also be necessary to retain data until the legally binding conclusion of any legal disputes in which the data is required as evidence.
Furthermore, we are subject to statutory documentation and retention periods (for example, under the German Commercial Code (e.g. Section 257 HGB), the German Money Laundering Act, or the German Fiscal Code (e.g. Section 147 AO)). The retention and documentation periods specified there are two to ten years. For example, we have to continue storing your data after the termination of a contract for a period up to the completion of the tax audit for the last calendar year in which you were our customer.
VII. Is personal data transferred to a third country?
As part of our processing operations, personal data may also be transferred in certain business transactions or areas of activity to locations in what are called third countries, outside the EU or the EEA, that have not yet been certified by the EU Commission as having an adequate level of data protection, such as the USA. If such a data transfer should become necessary in individual cases, this will only take place on the basis of an adequacy decision by the European Commission, standard contractual clauses, suitable guarantees for compliance with data protection, or your express consent.
Our affiliated companies and partners in third countries can be found in the overview under this link https://www.openmind-tech.com/de/open-mind/partner/ueberblick.html.
B. Use of our Online Presences
In principle, you can visit our website and use it for informational purposes without having to provide any personal details (for example, registering, placing orders, or otherwise providing information about yourself).
In this case, we process personal data of our users only to the extent necessary to provide a functional website and our content and services, or to the extent that cookies used on the website transmit personal information to us when the website is visited. For information on our cookies that are used by us, see Part B, Section II.
Furthermore, the processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for objective reasons and processing the data is permitted by law.
I. Delivery of the Website and Creation of Log Files
Description of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer, which your Internet browser automatically transmits to us or our web host (referred to as log files). These server log files contain IP addresses or other data that permit assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user switches contains personal data. The following information is collected and stored by us or our hosting provider (our servers are hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany):
• Information about the browser type and version used
• The user’s operating system
• The user’s Internet service provider
• Date and time of access
• Websites from which the user’s system accesses our website
• Websites that are accessed by the user’s system via our website.
This data is not stored together with other personal data of the user.
Legal Basis and Purpose of Data Processing
The legal basis for the temporary storage of data and log files is point (f) of Art. 6(1) GDPR. This information is also required to provide the service in accordance with Section 25(2), no. 2 of the Telecommunications and Telemedia Data Protection Act (TTDSG).
Temporary storage of the IP address by the system is necessary so the website can be delivered to the user’s computer. For this purpose, the user’s IP address has to remain stored for the duration of the session.
Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our IT systems. We have engaged the company Hetzner on the basis of Art. 28 GDPR to ensure that our users’ personal data is only processed in accordance with our instructions and in compliance with the GDPR.
Duration of Storage/Possibility of Objection and Removal
The data will be erased as soon as it is no longer required for the purpose for which it was collected. When data is collected for delivery of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after 24 hours at the latest. Storage beyond this time is possible. In this case, the IP addresses of the users are deleted or anonymized so that assignment to the accessing client is no longer possible. After 24 hours, anonymized data is available from our provider for 3 months.
The collection of data for delivery of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
II. Cookies and similar technologies
1. Use of cookies
Description of Data Processing
Our website uses cookies or similar procedures and collects, processes, and uses usage data (such as access times, websites accessed) or meta and communication data (IP address, device information). Cookies are text files with a characteristic string of characters that are stored in the Internet browser or by the Internet browser on the user’s computer system. They permit unique identification of the browser when the website is accessed again. When a user accesses a website, a cookie may be stored on the user’s operating system. A cookie contains a characteristic string of characters. These cookies are used to make a website more user-friendly, effective, and secure. When you visit a website with an integrated cookie, the data you enter is stored exclusively in the cookie on your computer. In this case, data is only transmitted to the servers of our website when a page request is made.
Some cookies are deleted after the end of the browser session when your browser is closed (session cookies). These cookies are technically necessary, for example, so that you can log in to the application and remain logged in across pages during your visit to our website.
Other cookies remain on your device for a specified period of time and permit us to recognize your browser the next time you visit our website (persistent or protocol cookies). These cookies are used to offer you optimal user guidance, to “recognize” you, and to present you with a website that is as varied as possible, with new content, when you visit the website repeatedly.
Cookies that originate from partner companies or third parties can be used, for example, to collect information for advertising, user-defined content, or statistics (“third-party cookies”). If we do not identify cookies as originating from third-party providers, the cookies originate from our website (“first-party cookies”). We will inform you separately about third-party cookies or tracking technologies used by us in the following sections of our privacy policy.
For websites operated with Adobe Flash, Flash cookies are stored as data elements of websites on your computer. Flash cookies have no time limit.
We use cookies, for example, to personalize content and advertisements, to offer functions for social media, and to analyze access to our website. We also share information about your use of our website with our social media, advertising, and analytics partners. Our partners may combine this information with other data that you have provided to them or that they have collected as part of your use of the website.
By law, we may store cookies on your device if they are strictly necessary for the operation of this website. We need your permission for all other types of cookies.
The following cookies are used on the platform to make the website more user-friendly:
| Name of the cookie/technology |
Usage |
Storage duration |
Cookie type |
Domain |
| PHPSESSID |
This cookie stores your current session in
relation to PHP applications and thus ensures that all functions of this
website, which are based on the PHP programming language, can be fully
displayed. |
End of session |
Essential |
www.learning.openmind-tech.com |
| support_pdf |
This cookie indicates whether the client supports native PDF
preview |
End of session |
Essential |
www.learning.openmind-tech.com |
| c_request |
A URL used to serve
deep linking requests for returning users |
5 minutes |
Essential |
www.learning.openmind-tech.com |
| CartID |
This cookie saves the shopping cart in order to link this
with the user |
1 week |
Essential |
www.learning.openmind-tech.com |
| select_language |
Saves the information of the website
language selected by the user |
End of session |
Essential |
www.learning.openmind-tech.com |
| ef_submit_users |
A URL that stores the user’s preference for a
returning URL when a user is created |
End of session |
Essential |
www.learning.openmind-tech.com |
| ef_user |
Contains a hash code that is used to implement the optional
“Remember Me” operations for returning
users |
End of session |
Essential |
www.learning.openmind-tech.com |
| bypass_skill_test |
An integer that stores the user’s preference in
in relation to the time of the skill gap test |
1 day
|
Essential |
www.learning.openmind-tech.com |
| MyCoursesPersonalization |
Saves the expanded/collapsed state of the
“My courses” list for a user |
End of session |
Essential |
www.learning.openmind-tech.com |
| cookieTableRows |
These cookies are set by the client (not the server)
and contain information about the user’s system settings |
End of session |
Essential |
www.learning.openmind-tech.com |
| Collapsed |
These cookies are set by the client (not the server)
and contain information about the user’s system settings |
End of session |
Essential |
www.learning.openmind-tech.com |
| Navbar_hidden |
These cookies are set by the client (not the server)
and contain information about the user’s system settings |
End of session |
Essential |
www.learning.openmind-tech.com |
| side_hidden |
These cookies are set by the client (not the server)
and contain information about the user’s system settings |
End of session |
Essential |
www.learning.openmind-tech.com |
| Theme_page_id |
These cookies are set by the client (not the server)
and contain information about the user’s system settings |
End of session |
Essential |
www.learning.openmind-tech.com |
| announcement |
A Boolean value that specifies whether a user wants to hide an
announcement. Set by the client |
End of session |
Essential |
www.learning.openmind-tech.com |
| cookie_old_browser_main |
A Boolean value used to display a message to the
user suggesting they update their browser version
if an old, not fully supported browser version is
detected |
1 month |
Essential |
www.learning.openmind-tech.com |
| SimpleSAMLAuthToken |
These cookies are used as part of the system’s
SAML authentication process, which allows users
to remain logged in and permits the system to track unique
login sessions |
End of session |
Essential |
www.learning.openmind-tech.com |
| SimpleSAMLSessionID |
These cookies are used as part of the system’s
SAML authentication process, which allows users to stay logged in
and permits the system to track unique login
sessions |
End of session |
Essential |
www.learning.openmind-tech.com |
| new_features |
Determines whether a message should be displayed,
to inform the administrators when a new function is added to the
system |
1 month |
Essential |
www.learning.openmind-tech.com |
| CloudFront-Key-Pair-Id |
These cookies are used by TalentLibrary
as part of the authentication process |
3 hours |
Essential |
www.learning.openmind-tech.com |
| CloudFront-Policy |
These cookies are used by TalentLibrary
as part of the authentication process |
3 hours |
Essential |
www.learning.openmind-tech.com |
| CloudFront-Signature |
|
3 hours |
Essential |
www.learning.openmind-tech.com |
Legal Basis and Purpose of Data Processing
The legal basis for the processing of personal data using cookies is point (f) of Art. 6(1) GDPR to safeguard our legitimate interests in the best possible functionality and security of the website as well as a customer-friendly and effective design of the site visit, unless we ask you for your consent in accordance with point (a) of Art. 6(1) GDPR and/or Section 25(1) of the Telecommunications and Telemedia Data Protection Act (TTDSG). If this is not the case, the information is required to provide the service in accordance with Section 25(2), no. 2 of the Telecommunications and Telemedia Data Protection Act (TTDSG).
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. This requires the browser to be recognized even after a page change.
Duration of Storage/Possibility of Objection and Removal
Cookies are stored on the user’s computer and transmitted by it to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be automated. For example, you can object to the use of cookies for online marketing purposes using a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/ or generally at http://optout.aboutads.info. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
III. Further Information on the Processes, Plugins, and Tools Used to Design the Website
1. SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
2. YouTube
Description of Data Processing
From time to time, we use content and services provided by YouTube LLC, 901 Cherry Ave., San Bruno, California, CA 94066, United States (hereinafter: “YouTube”) to embed video content on our website using a plugin. YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, a subsidiary of Alphabet Inc., ibid (hereinafter: “Google”). If you want to play the embedded videos using this plugin (by clicking the play button), your IP address will be sent to YouTube, because YouTube cannot send the video content to your browser without the IP address. The IP address is therefore required for playback. The YouTube server is also informed which subpage of our website you have visited. If you are logged on to your YouTube account as a YouTube member, you also allow YouTube to assign your usage behavior directly to your personal profile when you play our videos. Further information on data processing by YouTube can be found in the applicable YouTube privacy policy: https://policies.google.com/privacy?hl=de&gl=en
Legal Basis and Purpose of Data Processing
The use of Facebook Connect is based on our legitimate interests in accordance with point (f) of Art. 6(1) GDPR to make video content available on our website.
Duration of Storage/Possibility of Objection and Removal
To prevent this assignment, log out of your YouTube profile before playing our video content.
3. jsDelivr CDN
Description of Data Processing
jsDelivr is a content delivery network (CDN) of the provider ProspectOne, Krolewska 65A/1, 30-801, Krakow, Poland. A CDN enables JavaScript, CSS, and other web resources to be hosted and distributed. With the help of the CDN, the content of our online presence, in particular large media files such as graphics or scripts, can be delivered faster with the help of regionally distributed servers connected via the Internet, even during peak loads.
The browser you are using has to connect to the CDN servers for this purpose. As a result, jsDelivr is informed that our website has been accessed via your IP address. jsDelivr may also automatically collect additional information when you access the services. This includes the browser type, operating system, time spent on the website, and pages viewed. This data can be used for statistical purposes and to improve the CDN.
Further information on data processing by jsDelivr can be found in jsDelivr’s privacy policy: https://www.jsdelivr.com/privacy-policy-jsdelivr-net/
Legal Basis and Purpose of Data Processing
The use of jsDelivr is based on our legitimate interests in the secure and efficient delivery, analysis, and optimization of our website in accordance with point (f) of Art. 6(1) GDPR.
Duration of Storage/Possibility of Objection and Removal
jsDelivr stores the data collected for as long as necessary to deliver the service provided by jsDelivr. You can prevent data transmission by using a JavaScript blocker. However, please note this means that the website can no longer be made available with the previous performance and content (in particular, the loading speed would be slower).
IV. Online presences in social networks and on platforms
Description of Data Processing
OPEN MIND maintains further online presences in social networks or industry networks (LinkedIn, Twitter, Facebook, XING, Instagram, IndustryArea) (hereinafter also referred to as “SN”) and on platforms (such as YouTube) and links to them from our website. Clicking the respective buttons (recognizable by the respective logos of the social networks or platforms) will take you to the respective online presence of the SN. The purpose of these online presences is to communicate with customers, interested parties, and users that are active there, and to inform them about our services.
When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Legal Basis and Purpose of Data Processing
Unless otherwise stated in our privacy policy, we process user data on the basis of our legitimate interests in effective information of users and communication in accordance with point (f) of Art. 6(1) GDPR, only if they communicate with us within the social networks and platforms (for example, if users write posts on our online presences or send us messages).
Social networks maintain servers in the USA in some cases and your data may be forwarded to those servers. Details are provided in the list below.
Duration of Storage/Possibility of Objection and Removal
If you are a member of one of the SNs on which we maintain online presences and do not want the SN to collect data about you through our account and link it to your data with the SN, you must log out of your SN before visiting our presence. For a detailed description of the respective processing, information on the duration of data storage by the respective SN, and the opt-out options, we refer to the following linked information from the providers.
With regard to requests for information and the assertion of user rights, please note that these can be asserted most effectively with the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. Please contact us if you still need help.
Facebook
We maintain a Facebook company page (“fan page”) on the SN of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Facebook Ireland is jointly responsible with us for the collection of data from visitors to our fan page, which is why we have concluded an agreement on the joint processing of personal data with Facebook within the meaning of Art. 26 GDPR, as well as additional data processing terms and conditions:
“Controller Addendum:” https://www.facebook.com/legal/controller_addendum
“Data Processing Terms and Conditions:” https://www.facebook.com/legal/terms/dataprocessing/update
We are responsible for providing data subjects with at least the above and following information on joint responsibility with Facebook. The information from Facebook required in accordance with points (a) and (b) of Art. 13(1) GDPR can be found in the Facebook Ireland privacy policy at https://www.facebook.com/about/privacy.
Facebook Inc., Menlo Park, California, USA (hereinafter: Facebook Inc.) also collects and uses what are known as page insights for analysis purposes. Page insights is a summary of data that allows both us and Facebook Inc. to obtain information about how our users interact with our site. Page insights may be based on personal data collected in connection with our users’ visits or interactions on our site. For this purpose, we have concluded an addendum for controllers (“Controller Addendum,” see above) with Facebook, which regulates in particular which security measures are implemented by Facebook in the context of page insights and how Facebook responds to user requests. The purposes for which the collection and transfer of personal data constituting joint processing are carried out are set out in detail in the terms of use referenced in the above Controller Addendum.
The data collected when you visit our “fan page” otherwise includes information about the types of content that users view or interact with, or the actions they take (see “Your activity and information that you provide” in the Facebook privacy policy: https://www.facebook.com/policy), as well as information about the devices used by users (such as IP addresses, operating system, browser type, language settings, cookie data) described in detail under “App, browser and device information” in the Facebook privacy policy: https://www.facebook.com/policy).
However, by maintaining the Facebook company page, we share responsibility for the page insight and have agreed with Facebook Ireland that Facebook Ireland is responsible for fulfilling the rights of data subjects in accordance with Articles 15-20 GDPR with regard to the personal data stored by Facebook Ireland after joint processing. We therefore have an obligation to report to Facebook if we receive data protection inquiries about page insights. Please note that we forward requests regarding page insights to Facebook Ireland. In addition, please refer to the information on your rights as a data subject in section A. For more information on how Facebook Ireland processes personal data, including the legal basis on which Facebook Ireland relies and the options for exercising data subject rights against Facebook Ireland, please refer to Facebook Ireland’s privacy policy at https://www.facebook.com/about/privacy
The evaluation of the data collected through page insights is used to improve our online presences and for advertising purposes. We maintain our Facebook fan page for the purpose of communication and straightforward channeling of contact requests from Facebook users. The collection and further processing of this data is in our legitimate interest and in the legitimate interest of Facebook Inc. in accordance with Art. 6(1) GDPR.
Please note that we cannot switch the page insights technology on and off. We therefore have to forward the majority of such requests to Facebook Ireland, unless we have collected data ourselves. If you do not want Facebook Inc. to collect your data, we ask you not to use our Facebook company page and/or to configure your browser to prevent the use of cookies and/or to log out of Facebook while you are using our site.
Privacy policy
https://www.facebook.com/about/privacy/,
https://www.facebook.com/legal/terms/information_about_page_insights_data
Opt-out
https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com,
Instagram
We link to our online presence on Instagram with a button on our website. Instagram is an audiovisual platform that allows users to share photos and videos and also redistribute such data on other social networks.
The provider of Instagram in Europe is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: “Meta Platforms Ireland”), a subsidiary of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (hereinafter: “Meta Platforms USA”).
If you click the link button, you will be automatically redirected to our online presence on Instagram. The use of the interactive functions provided by Instagram on the basis of Instagram’s terms of use (such as commenting or rating) is the user’s own responsibility. When you visit our Instagram account, Instagram collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. Since Instagram stores information about the devices of its users (for example, as part of the “login notification” function) when creating a user account, Instagram may be able to assign IP addresses to individual users. If you are currently logged in to Instagram with an existing Instagram user account, a cookie with your Instagram ID is stored on your device. Instagram may therefore know that you have visited this page and understand how you have used it. This also applies to all other Instagram pages. Instagram plugins integrated into websites also allow Instagram to record your visits to these websites and assign them to your Instagram profile. Instagram can use this data to offer you customized content or advertising. Meta Platforms Ireland is solely responsible for this data processing. Meta Platforms Ireland does not conclusively and clearly state how it uses the data from visits to Instagram pages for its own purposes, to what extent activities are assigned to individual users, how long Meta Platforms Ireland stores this data, and whether data from a visit to our Instagram website is passed on to third parties, and this is not known to us. We have no influence on the data processing operations carried out by Instagram under its own responsibility.
However, in addition to Meta Platforms Ireland, we are also jointly responsible for the collection of data from visitors to our website on Instagram, as far as the collection of “page insights” data is concerned. This is anonymized data that enables the operator to view statistical evaluations regarding the use of the fan page. For the owner of an Instagram account, this function is an integral part of the user agreement with Meta Platforms Ireland. This means that we cannot unilaterally decide whether the page insights are collected or not. Further information on the “page insights” function and the use of cookies as well as the setting options can be found at:
https://www.facebook.com/legal/terms/information_about_page_insights_data
https://www.facebook.com/policies/cookies
We have therefore concluded an agreement on the joint processing of personal data with Meta Platforms Ireland within the meaning of Art. 26 GDPR, as well as additional data processing terms and conditions:
“Controller Addendum:” https://www.facebook.com/legal/controller_addendum
“Data Processing Terms and Conditions:” https://www.facebook.com/legal/terms/dataprocessing/update
We are only responsible for providing data subjects with at least the above and following information on joint controllership with Meta Platforms Ireland. The information required according to points (a) and (b) of Art. 13(1) GDPR from Meta Platforms Ireland can be found in Instagram’s privacy policy at https://www.instagram.com/legal/privacy/.
We have agreed with Meta Platforms Ireland that Meta Platforms Ireland is responsible for fulfilling the rights of data subjects under Articles 15-20 GDPR with regard to the personal data stored by Meta Platforms Ireland after joint processing. We therefore have an obligation to notify Meta Platforms Ireland if we receive data protection inquiries about page insights. Please note that we forward requests regarding page insights to Meta Platforms Ireland. In addition, please refer to the information on your rights as a data subject in section A.
As the operator of the Instagram account, we at most receive statistical information about the use of our Instagram account as part of our contractual agreements with Meta Platforms Ireland on the basis of our legitimate interests (point (f) of Art. 6(1) GDPR).
If you do not want information to be transmitted to Meta Platforms Ireland, the transmission can be partially prevented by logging out of your Instagram user account, deactivating the “stay logged in” function, deleting the cookies on your device, and closing and restarting your browser. Information that can be used to directly identify you is deleted in this way. This allows you to use our online presence on Instagram without revealing your Instagram ID. When you access interactive functions of the online presence (like, comment, messages, and others), an Instagram login screen appears. Once you have logged in, Meta Platforms Ireland will once again recognize you as a specific user. Please note that the page insights function can also be used to collect personal data from people who do not have a profile on Facebook or Instagram.
According to Meta Platforms Ireland, the IP address collected from you is anonymized (for “German” IP addresses) and erased after 90 days.
Privacy policy/opt-out:
In Instagram’s privacy policy and the help section, you will find further information on how to contact Meta Platforms Ireland and on opting out as well as the setting options for advertisements:
https://help.instagram.com/155833707900388
https://www.instagram.com/about/legal/privacy/.
LinkedIn
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-out:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out,
YouTube
YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland
Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
Opt-out: https://adssettings.google.com/authenticated
V. Links to websites of other providers
Our online presences may contain links to other websites. We have no influence whatsoever on the content and design of the offers of other providers. The statements in this privacy policy therefore do not apply to external providers whose offers or content we merely link to.
If you are redirected to other sites via links from our online presences, please inform yourself there about the respective handling of your data.
VI. Active Use of Our Website
1. E-mail Contact
Description of Data Processing
When users contact us via the e-mail address provided, the user’s personal data transmitted with the e-mail is stored.
Legal Basis and Purpose of Data Processing
If the contact form request or the e-mail contact is aimed at the conclusion of a contract, or if it takes place in the context of the execution of an already concluded contract, the legal basis for processing is point (b) of Art. 6(1) GDPR. Otherwise the legal basis for the processing of data transmitted in the course of sending an e-mail is point (f) of Art. 6(1) GDPR for the purpose of a timely, uncomplicated conversation and handling the respective contact request.
Other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our IT systems.
Duration of Storage/Possibility of Objection and Removal
The data will be erased as soon as it is no longer required for the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified and no legal requirements necessitate continued storage.
2. Registration for the OPEN MIND Learning Platform
Description of Data Processing
You can register for learning units from our course catalog on our website. The access data required for registration will be stored by us when a corresponding user account is created. The following personal data is provided by the user for this purpose:
The access data required for logging in (e-mail address and password) is stored by us when a corresponding user account is created.
For technical reasons, a limited amount of data (connection data) is collected each time the learning platform and its content are accessed. This data is technically necessary in order to establish and execute a connection between the customer’s device and our servers. Furthermore, this data is required to maintain the session after a login and to prevent unauthorized access to this session. As part of each registration process and the use of the learning platform, we or our the hosting service provider store the IP address and the time of the respective user action (timestamp), Internet service provider, web browser and operating system used and/or the respective version information, language settings, referrer URL, and the name of the accessed website.
We process and use the data collected in this context for the purpose of providing learning content and learning units.
Legal Basis and Purpose of Data Processing
The legal basis for the processing of data sent in the course of submitting an electronic registration, since the intent is the conclusion of a contract, is point (b) of Art. 6(1) GDPR, otherwise point (f) of Art. 6(1) GDPR.
We process personal data from the registration form in the course of processing the respective registration and to provide the selected learning content.
Duration of Storage/Possibility of Objection and Removal
The data will be erased as soon as it is no longer required for the purpose for which it was collected. For the personal data from the learning platform, this is usually the case when the user terminates their user account for the learning platform, or at the latest when no legal requirements necessitate continued storage.
Miscellaneous
Due to the further development of our website or our offers and due to changed legal or official requirements, it may become necessary to amend this privacy policy. You can access the respective current privacy policy on our website at any time and print it out if required.