Data Protection Declaration
Our aim is to provide you with services, for which you can be sure that the personal information you submit will be treated in the strictest confidence and used for dedicated purposes, and that it is always you who makes decisions on data disclosure and transfer to third parties. You entrust us with your personal information, and we reliably protect it in compliance with legal requirements.
Here, we will provide you with detailed information about what data we collect and store on which occasion, why we do it and how this data is processed. In this web application, your personal information and personal data will be collected, stored and used with the utmost care and integrity.
Registered office of the company:
Central email address: firstname.lastname@example.org
Prof. Dr. Franz Egle (Chairman)
Prof. Dr. Joachim Thomas (Deputy)
Prof. Dr. Klaus Zierer
Board of directors:
Dr. Christoph Wesselmann (Chairman), email@example.com
Ralf Bultschnieder, MBA and Dipl. Economics, firstname.lastname@example.org
HRB 163211 B
IBAN: DE33 1009 0000 2518 3210 08
Tax office for corporations IV Berlin:
Tax number 30/366/32436
VAT Identification number DE 815533417
Data protection officer
The Data Protection Officer (person responsible for data processing) is
Phone: +49 341 217 17 94
Every data subject can directly contact our data protection officer at any time and ask him any questions as well as make suggestions regarding data protection.
Purposes of data processing
The purpose of data processing is execution of the following tasks by the Controller: technical realisation and support of this web application with the goal of enabling video telephony activities.
Legal basis for data processing
The legal basis for data processing, in case the user registers voluntarily on their own initiative, is provided by Art. 6 (1) letter a GDPR - consent of the data subject to the processing of their personal data for one or more specific purposes. In this case, the data that is collected is the data that is required so that one can use the offered services in a personal user account. A user must give their first and last names (for the purposes of addressing them), an e-mail address (identifying feature enabling support, e.g. in case of a forgotten password), and create a password (which is necessary to log in to the user account). This data will not be published under any circumstances and will not be passed on to third parties. By registering, you agree that all this information will be included in our database.
Types of personal data collected
Core data including contact information (e. g. last name, first name, telephone number, email address, username and password), statistical evaluations of the learning success.
Categories of data subjects
The persons whose data is processed include language students/trainees, teachers as well as webpage visitors.
Storage of IP addresses
The IP addresses transmitted by web browsers are stored strictly for the purpose of detecting, limiting and eliminating attacks on these web pages for a maximum period of seven days. After this period, the IP addresses will be deleted or anonymised. The legal basis for the storage of IP addresses is Art. 6 (1) sentence 1 letter. f GDPR.
Storage of access data
Each time a file is requested from this internet page, access data is stored. Each data record consists of:
-the name of the file
-the date and time of the request
-the amount of data transferred
-the access status (data transfer, data not found etc.)
-a description of the type of web browser used
The stored data is analysed exclusively for statistical purposes. Their transfer to third parties, even in form of extracts, does not take place.
Only after clicking on the preview image will the third-party content be loaded. The third-party provider is informed that you have called up our site and receives the usage data that is technically required in this context. We have no influence on further data processing by the third-party provider. By clicking on the thumbnail, you give us the consent to load the content from the third-party provider.
The embedding takes place based on your consent in accordance with Art. 6 (1) sentence 1 letter a GDPR, if you have previously given your consent by clicking on the preview image.
Google / YouTube (USA) has an adequate level of data protection (Privacy Shield Agreement (Art. 45 (1) GDPR)). If you have clicked on a preview image, the content of the third-party provider is loaded immediately. If you do not want this to happen, please do not click on the thumbnails.
Video conferences are held using BigBlueButton technology (www.bigbluebutton.org, open source) and are end-to end encrypted. Uploaded data, chat histories, audios, videos, emojis as well as all recordings are automatically and irrevocably deleted after the session. Joining the video conference rooms is only possible after the moderator's approval, otherwise you will end up in the waiting room as an invited participant. Knowing the link to the video conference is not sufficient for participation.
Use of the collected data
We need you to give us your personal data in cases mentioned above so that we can provide you with certain services. We only collect the data necessary for the fulfillment of specific purposes. You can be sure that the data is only used for the purpose for which it is meant to be used.
We use technical and organisational security measures to protect your data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.
All personal data is completely encrypted on the AWS servers and the key is only available to the data controller. The full encryption of the EBS (Elastic Block Storage) is used using the KMS (Key Management Service) with CMK (Customer Master Keys). Encryption method is AES-256. The level of data protection is thus brought into line with that in the EU despite the use of an American service provider (AWS).
Your rights as a user
When processing your personal data, the GDPR grants you as a website user the following rights:
1. The right to information (Art. 15 GDPR):
You have the right to obtain confirmation as to whether your personal data is being processed; if this is the case, you have the right to access this personal data and the information specified in Art. 15 GDPR.
2. The right to rectification and erasure (Art. 16 and 17 GDPR):
You have the right to request the immediate rectification of your inaccurate personal data and, if necessary, the completion of the incomplete personal data.
You also have the right to request that your personal data be deleted immediately if one of the grounds listed in Art. 17 GDPR applies, e.g. if the data is no longer needed for the purposes for which it was collected.
3. The right to restriction of processing (Art. 18 GDPR):
You have the right to demand the restriction of processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you have lodged an objection to processing of your personal data in accordance with Art. 21 GDPR or for the duration of any examination as to whether our legitimate interests outweigh your interests as a data subject.
4. Right to data portability (Art. 20 GDPR):
In certain cases, which are listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request that this data be transmitted to a third party.
5. Right to object (Art. 21 GDPR):
If data is collected based on Art. 6 (1) sentence 1 letter f GDPR (for the performance of a task carried out in the public interest) or based on Art. 6 (1) sentence 1 letter e GDPR (in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are compelling reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
6. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR):
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you is done in breach of data protection regulations. The right to lodge a complaint can be asserted before a supervisory authority in the EU member state of your place of residence, your place of work or the place of the suspected infringement.
Duration of the personal data storage
The personal data will only be stored in a form that enables the identification of data subjects as long it is required for the aforementioned purposes.
Automated profiling or decision-making
We do not use neither automated decision-making nor profiling.
Data Protection Declaration download: