Privacy Notes

Thank you for visiting the Haufe Group website. The protection of your personal data is very important to us. With this data protection declaration, we would like to inform you about how we handle your personal data when you visit our website and about your rights.

I. Who are we and how can you contact us?

We, the

Haufe Service Centre GmbH
Munzinger Straße 9
79111 Freiburg
Germany

are responsible for protecting your personal data as the controller within the meaning of the EU General Data Protection Regulation (hereinafter referred to as "GDPR"). If you have any questions about data processing, your rights or the privacy policy, please do not hesitate to contact our data protection officer:

E-mail: dsb@haufe-lexware.com

II. What data is processed when you visit our website?

In the following, we will inform you about which data is collected when you visit our website, the purposes for which it is processed, the legal basis for data processing, the options you have to control the collection and processing of the data yourself and when the data is deleted.

Logfiles

Purpose of the processing	Delivery of the website Functionality of the website Statistical findings Tracing unauthorised access Securing the IT systems
Legal basis (according to Art. 6 / 9 GDPR)	Security of the systems Legitimate interests (Art. 6 para. 1 f GDPR)
If known: Duration of data storage	Deletion after the purposes have been achieved Logfiles: after 90 days at the latest Longer storage in the event of malicious behaviour
If applicable, origin of the data (if not collected directly from the data subject)	Automatic transmission by browser
Categories of personal data, if applicable	IP address Website from which you came Web pages you visit Pages you click on Time of the page view Name of the Internet service provider Browser type and version Operating system of the end device Date and duration of the visit

Cookies

We use cookies on this website; these are small text files that are stored on your computer via your internet browser (e.g. Google Chrome, Safari, Firefox, Edge). These cookies are used for various purposes: Many cookies are technically necessary to provide you with certain website functions (e.g. shopping cart functions, saving your login information), other cookies are used for the security of your data or the website and some cookies can be used to analyze your user behavior. The latter cookies may contain a so-called cookie ID - a unique identifier consisting of a character string that enables websites and servers to be assigned to the storing browser.
Cookies that are necessary to carry out the transmission of a message via a public telecommunications network and cookies that are absolutely necessary to provide you with an expressly requested function are referred to as "technically necessary cookies" and may be set without your explicit consent (Section 25 (2) TDDDG). All other cookies are subject to consent (Section 25 (1) TDDDG); where applicable, this is regulated by our consent management platform.
We use cookies in part only for the duration of your visit to the website, in part for a predefined period and in part permanently. You can delete all these cookies manually or automatically at any time via your web browser.
It is possible to use our website (although possibly not to its full extent) without cookies. Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser so that it notifies you as soon as cookies are sent.

Web tracking technologies - managed with Usercentrics

To manage all cookies, website and tracking technologies that require consent or opt-out in a privacy-compliant manner, we use the Consent Management Platform of Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, with which we have integrated the following services:

III General data processing

Anonymisation

Purpose of the processing	Creation of anonymous user profiles to improve our marketing strategies using various anonymisation methods (method depends on the case)
Legal basis (according to Art. 6 / 9 GDPR)	Art. 6 para. 4 GDPR in conjunction with. Art. 6 para. 1 f GDPR Art. 6 para. 1 b GDPR

Investigation and prosecution of criminal offences

Purpose of the processing	The investigation and clarification of criminal offences.The forwarding of data to law enforcement authorities.The seizure of evidence.Co-operation with judicial authorities.
Legal basis (according to Art. 6 / 9 GDPR)	Legal obligation (Art. 6 para. 1 c GDPR) Legitimate interests (Art. 6 para. 1 f GDPR)
Recipient (if applicable)	Law enforcement authoritiesjudicial authoritiesLawyers and other legal representatives
If known: Duration of data storage	Deletion after fulfilment of the purposes
If applicable, origin of the data (if not collected directly from the data subject)	The following data is automatically transmitted and processed by the browser: the website from which access is made, websites accessed, click paths created, the time the page was accessed, the name of the internet service provider, the browser type and version, the operating system of the end device and the date and duration of the visit.
Categories of personal data, if applicable	Master data (e.g. name, address, date of birth) Contact data (e.g. telephone number, e-mail address) Data on the offence (e.g. time of offence, place of offence, description of offence) Communication data (e.g. minutes of conversations or e-mails)

User account

Purpose of the processing	Data processing is carried out to provide the "Learning environment" user account and the shop functions. For example, documents relating to the products booked are available in the learning environment.Mobile or landline numbers are used, for example, to inform you of possible changes to booked seminars by text message.
Legal basis (according to Art. 6 / 9 GDPR)	when registering for a newsletter based on your consent in accordance with Art. 6 a) GDPR Processing of the contract pursuant to Art. 6 I b GDPR
Recipient (if applicable)	within the Haufe Group and to support and hosting service providers
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data processing generally takes place in European data centres. Data may also be transferred to the USA as part of maintenance and support measures. In order to ensure adequate data protection in such cases, Amazon Web Services has undertaken to comply with a level of data protection in accordance with EU law using the corresponding EU standard contractual clauses.
If known: Duration of data storage	We store your data for as long as we need it for the specific processing purpose, for warranty purposes or to fulfil statutory retention periods.
Categories of personal data, if applicable	A user account (learning environment) is created when booking a seminar, registering for the newsletter or registering on the website. The following data is processed: Name, salutation, title, company address, telephone number (landline/mobile), e-mail address, customer number, subscription history, and any other data that you provide us with in the optional fields.

Existing customer marketing

Purpose of the processing	Providing information about products and services that may be of interest.Coordination of support service providers.
Legal basis (according to Art. 6 / 9 GDPR)	Legitimate interests (Art. 6 para. 1 f GDPR)
Recipient (if applicable)	Personal data is transferred within the Haufe Group and to support and hosting service providers.
If known: Duration of data storage	Storage for as long as is necessary for the processing purpose and to fulfil statutory retention periods or until you object to the processing.
Categories of personal data, if applicable	Contact data (e.g. name, e-mail address, telephone number), purchase history, product interests and communication history.

Competitions and free catalogues, magazines and trade fair tickets

Purpose of the processing	Allocation of the prize, dispatch of the prize or requested free catalogue, magazine or trade fair tickets. If applicable, distribution of data on social media channels (Facebook, Instagram, LinkedIn). Future offers according to interest
Legal basis (according to Art. 6 / 9 GDPR)	Art. 6 para. 1 a GDPR (consent) Art. 6 para. 1 f GDPR (legitimate interest)
Recipient (if applicable)	within the Haufe Group and to support and hosting service providers
If known: Duration of data storage	Storage as long as necessary for the specific processing purpose
Categories of personal data, if applicable	Data from the online contact forms provided for this purpose, e.g. name, address data

Invoicing via e-bill

Purpose of the processing	This data is collected and processed for the purpose of creating and sending the e-invoice and to fulfil our legal obligations.
Legal basis (according to Art. 6 / 9 GDPR)	Art. 6 para. 1 lit. c GDPR (fulfilment of a legal obligation) in conjunction with §§ 14 para. 1 sentence 5, para. 2 sentence 2 no. 1 UstG. Art. 6 para. 1 lit. b GDPR (fulfilment of a contract)
Recipient (if applicable)	Personal data is transmitted to a service provider for technical support of the application. An order processing contract has been concluded with this service provider.
If known: Duration of data storage	Personal data is stored for the duration of the statutory retention periods. After these periods have expired, the data will be deleted, provided there are no further statutory retention obligations.
Categories of personal data, if applicable	We collect and process the following personal data as part of the creation and sending of e-invoices: Name and address of the invoice recipient E-mail address of the invoice recipient Invoice number Service description

IV. What rights do you have and how can you exercise them?

Further rights of data subjects

In addition, in accordance with Articles 15 to 21 and 77 of the EU General Data Protection Regulation (GDPR), you are entitled to the following data subject rights if the legal requirements are met:

1. information:

You can request at any time that we provide you with information about which of your personal data we process and how, and that we provide you with a copy of the personal data we have stored about you, Art. 15 GDPR.

2nd correction:

You may request the rectification of inaccurate personal data and the completion of incomplete personal data, Art. 16 GDPR.

3. cancellation:

For the deletion of personal data: Please note that data that we require for the performance and execution of contracts and for the assertion, exercise and defence of legal claims as well as data for which there are statutory, regulatory or contractual retention obligations are exempt from erasure, Art. 17 GDPR.

4. restriction of processing:

Under certain circumstances, you can request the restriction of processing, e.g. if you believe that your data is incorrect, if the processing is unlawful or if you have objected to the data processing. This means that your data may only be processed to a very limited extent without your consent, e.g. for the establishment, exercise or defence of legal claims or for the protection of the rights of other natural or legal persons, Art. 18 GDPR.

5. objection to data processing:

You have the option to object to data processing for direct marketing purposes at any time. You can also object to data processing based on a legitimate interest at any time if there are special reasons, Art. 21 GDPR.

6. data portability:

You have the right to receive the data that you have provided to us and that we process on the basis of consent or to fulfil a contract in a commonly used, machine-readable format and, where technically feasible, to request the direct transfer of this data to third parties, Art. 20 GDPR.

Contact channels

You can exercise your rights via the following contact channels:

Haufe Akademie GmbH & Co. KG
Munzinger Straße 9
79111 Freiburg
Germany

Website: https://www.haufe-akademie.de

You can revoke your consent to data processing by cookies and tracking technologies by making the appropriate settings in your browser or by using the opt-out options described.

You can revoke your consent to receive the newsletter at any time by clicking on the corresponding link in each newsletter.

Right to lodge a complaint with a supervisory authority

If, for example, you believe that our data processing is unlawful or that we have not granted the rights described above to the necessary extent, you have the right to lodge a complaint with the competent data protection supervisory authority, Art. 77 GDPR. The supervisory authority responsible for our head office is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
poststelle@lfdi.bwl.de

V. What data is processed when registering for individual specific offers?

If necessary, in deviation from or in addition to the above-mentioned general information, you will find details below on the individual data processing within the scope of our offers.

Cookies

Web tracking technologies - managed with Usercentrics

Actee/ActeeChange

Purpose of the processing	Simulated learning games and tools for training in the areas of organisation and management development, change communication and change processes.
Legal basis (according to Art. 6 / 9 GDPR)	The legal basis is the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b. GDPR.
Recipient (if applicable)	This is an application from a third-party provider. The participant's personal data is passed on to this provider for the purpose of implementing the training programme.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If known: Duration of data storage	Deletion of personal data immediately after the purpose no longer applies.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	IP address, personal e-mail address, first name/last name, contact details, account number/password

BeRealtimeBoard, Inc. dba Miro

Purpose of the processing	We process this data in order to fulfil our contractual services through the use of an online whiteboard.
Legal basis (according to Art. 6 / 9 GDPR)	Art. 6 para. 1 lit. B GDPR
Recipient (if applicable)	This is an application from a third-party provider. The participant's personal data is passed on to this provider for the purpose of implementing the training programme.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	The provision of the contractually agreed data processing takes place exclusively in a member state of the European Union or in another state party to the Agreement on the European Economic Area. In the context of maintenance and support measures, data may theoretically also be transferred to the third country USA. In order to ensure an adequate level of protection in accordance with EU law in these cases as well, Realtime Board Inc. dba Miro has been obliged to comply with a level of data protection in accordance with EU law using the corresponding EU standard contractual clauses.
If known: Duration of data storage	MIRO deletes personal data immediately after the end of a participation. Personal data will only be stored for as long as is necessary to fulfil the purposes pursued.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	First name and surname, e-mail addresses, IP address, browsing time

BigMarker

Purpose of the processing	Processing of event data from the event and webinar platform for online training, online product training or other virtual event formats
Legal basis (according to Art. 6 / 9 GDPR)	Implementation of pre-contractual and contractual measures (Art. 6 para. 1 b GDPR) Informed consent (Art. 6 para. 1 a)
Recipient (if applicable)	Privacy Policy of BigMarker: https://get.bigmarker.com/legal/privacy-policy
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Suitable guarantees have been agreed with the service provider of the BigMarker event platform in accordance with Art. 44 et seq. GDPR have been agreed. In addition, the contractually agreed data processing takes place exclusively in a member state of the European Union or in another state party to the Agreement on the European Economic Area, as the data is stored in European data centres.
If known: Duration of data storage	Data relating to the respective events will generally be deleted 90 days after the end of the event.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	We use BigMarker as an event and webinar platform. Depending on the event, personal data of the event participants is either transferred by us to BigMarker or entered by the participants themselves during the registration process. The following personal data may be required:Name, email address, IP address.Please note that your data will be processed when you participate in our event in accordance with BigMarker's privacy policy.

blink.it GmbH & Co. KG

Purpose of the processing	We use blink.it for selected products to enable a highly interactive exchange between participants on specific topics.
Legal basis (according to Art. 6 / 9 GDPR)	Contract fulfilment within the meaning of Art. 6 para. 1 lit. b. GDPR)
Recipient (if applicable)	This is an application from a third-party provider. The participant's personal data is passed on to this provider for the purpose of implementing the training programme.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	The software application, server and operating software as well as other system components of the blink.it app are operated in a data centre of a third-party provider (Amazon Web Services, Inc. (AWS)). The data is stored and processed on German territory. The AWS region used for the processing of all data transmitted by the customer is exclusively Frankfurt am Main.Data transfer to the USA in the course of support activities is not envisaged, but cannot be completely ruled out. In order to ensure an adequate level of protection in accordance with EU law in such cases as well, AWS has undertaken to comply with a level of data protection in accordance with EU law using the corresponding EU standard contractual clauses.
If known: Duration of data storage	Data will be deleted from blink.it six months after the end of the event. They then remain in the recycle bin for a further seven days and are then irretrievably removed from the platform.This data then remains stored in the application for a period of 30 days to enable a possible recovery. After this period, the data will also be completely and irrevocably deleted.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	IP address, Personal Email, First name/ last name, Contact details, Browsing Time

Digital learning platform test access

Purpose of the processing	Provision, processing and use of digital training and further education offers of the processor for testing purposes
Legal basis (according to Art. 6 / 9 GDPR)	Art. 6 para. 1 lit. b GDPR
Recipient (if applicable)	Software from a third-party provider based in Germany. In support cases, there is a possibility that this provider may gain access to your personal data.
If known: Duration of data storage	Open registration processes (double opt-in) are automatically deleted after 30 days.Test accounts are inactive for 30 days after creation. These are irretrievably deleted 90 days later.
Categories of personal data, if applicable	Title, form of address, first name, surname, company, e-mail address, preferred learner language, learning outcomes, learning progress

Digital learning platform for the delivery of eLearnings

Purpose of the processing	Provision of digital learning content
Legal basis (according to Art. 6 / 9 GDPR)	Art. 6 para. 1 lit. b GDPR
Recipient (if applicable)	Hostserver GmbH, noris network AG, other companies within the Haufe Group to ensure efficient co-operation within the group of companies
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	No
If known: Duration of data storage	The deletion of the data in the learning platform takes place after the purpose no longer applies. If the employer is the contractual partner, the deletion may be carried out on the instructions of the controller.
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity	No
Consequences of non-compliance (in case of failure to provide the required data)	Not specified
If applicable, existence of an automated decision-making process	No
If applicable, origin of the data (if not collected directly from the data subject)	Direct survey
Change of purpose if necessary	Not known
Categories of personal data, if applicable	Title, form of address, first name, surname, email address, learning history, preferred learning language, company affiliation

Real-time feedback Kahoot

Purpose of the processing	The service is used to make our training events more interactive. We provide our events with links to quizzes in which learners can participate voluntarily.
Legal basis (according to Art. 6 / 9 GDPR)	Contract fulfilment according to (Art. 6 para. 1 lit. b GDPR
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Since Kahoot! uses a service provider or sub-processor, a transfer of the data collected and processed in Kahoot! cannot be ruled out. In order to ensure adequate data protection in such cases, Kahoot! has undertaken to comply with a level of data protection in accordance with EU law by using EU standard contractual clauses.
If known: Duration of data storage	The data is stored by Kahoot! for a maximum period of three years. The collection and processing of data can be prevented by deactivating the setting of cookies. This may limit the functionality of the websites under certain circumstances.Further information on the analysis services can be found on the Kahoot! website: https://trust.kahoot.com/privacy-policy/
Categories of personal data, if applicable	Name or user name (optional), answers to the quiz questions, IP address, device information (e.g. device type, operating system)

Real-time feedback Mentimeter

Purpose of the processing	"Mentimeter" is a voting and brainstorming tool and offers a wide range of interactive options. The application can be used to create multimedia collections of material, for example in the form of a word cloud, without much effort. Surveys can be created with the application and people with a corresponding link or QR code can vote and give feedback. You can find more information on data protection and the data processed by Mentimeter at: https://www.mentimeter.com/privacy. We use the tool to interactively involve our customers.
Legal basis (according to Art. 6 / 9 GDPR)	The use of Mentimeter by customers is voluntary. Mentimeter acts as an independent controller (https://www.mentimeter.com/dpa-statement). In doing so, the customer agrees to the applicable terms of use of Mentimeter https://mentimeter.com/terms.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Mentimeter is hosted on Amazon Web Services (AWS). Data transfer to the USA as part of support activities is not planned, but cannot be completely ruled out. For these cases, AWS has been obliged by Mentimeter to comply with a level of data protection in accordance with EU law using the corresponding EU standard contractual clauses.
If known: Duration of data storage	These result from the provider's general terms of use and data protection provisions.https://mentimeter.com/terms https://www.mentimeter.com/privacy

Real-time feedback Slido

Purpose of the processing	With the help of this tool, participants of the live event can actively take part in the event.We use the survey solution from Sli.do s.r.o., Vajnorská 100/A, 831 04 Bratislava, Slovakia (European Union). Slido is used on the website as a processor for the purpose of surveys during a live event. This involves collecting data on the use of the service.
Legal basis (according to Art. 6 / 9 GDPR)	Slido is used if a corresponding consent has been obtained. This consent is obtained when using the service via the cookie banner, in accordance with Art. 6 para. 1 lit. a GDPR
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Slido is hosted on Amazon Web Services (AWS). Data transfer to the USA in the context of support activities is not envisaged, but cannot be completely ruled out. In order to ensure adequate data protection in such cases, Slido has obliged AWS to comply with a level of data protection in accordance with EU law using the corresponding EU standard contractual clauses.
If known: Duration of data storage	The data is stored by Slido for a maximum period of three years. The collection and processing of data can be prevented by deactivating the setting of cookies. This may limit the functionality of the websites under certain circumstances. Cross-device tracking can be deactivated via the following link: https://www.slido.com/cookie-policyFurther information on the analytics services can be found on the Slido website: https://www.slido.com/cookie-policy

Individual coaching

Purpose of the processing	Making appointments and carrying out booked individual coaching sessions
Legal basis (according to Art. 6 / 9 GDPR)	Protection of legitimate interests (Art. 6 para. 1 f) Consent for special categories of personal data disclosed by the coachee in the free text field or other voluntary information. Fulfilment of a contract (Art. 6 para. 1 b)
Recipient (if applicable)	Internal recipient: Haufe Akademie GmbH & Co. KG (matching and administrative processes).External recipients: Selected coaches who receive personal data in order to carry out the coaching. Service providers may also receive access to data if they act as processors.Customer recipients: The client's person placing the order receives access and access to a dashboard containing an overview of the coaching measures booked.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	No
If known: Duration of data storage	Duration of the contractual relationship and statutory retention periods
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity	No
Consequences of non-compliance (in case of failure to provide the required data)	No individual coaching possible
If applicable, existence of an automated decision-making process	No
If applicable, origin of the data (if not collected directly from the data subject)	Direct survey by the coachee
Change of purpose if necessary	Not known
Categories of personal data, if applicable	First name, surname Contact details, such as e-mail addresses Company name and invoice data Booked packages and servicesRelevant information on the coaching services booked, such as Previous coaching experience Coaching concerns and personal focus areas Industry specifics Personal preferences regarding the coaches Personal preferences regarding organisation and implementation Optional information

Creation of Open Badges

Purpose of the processing	Creation and permanent provision of digital certificates (badges)
Legal basis (according to Art. 6 / 9 GDPR)	Art. 6 para. 1 lit. a GDPR
Recipient (if applicable)	Amazon Web Services EMEA SARL
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	The data is generally processed in European data centres. Data may also be transferred to the USA as part of maintenance and support measures. In order to be able to guarantee adequate protection of your data in these cases as well, we have obliged Amazon Web Services to comply with a level of data protection in accordance with EU law using the corresponding EU standard contractual clauses.
If known: Duration of data storage	As long as an active account exists
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity	No
Consequences of non-compliance (in case of failure to provide the required data)	No badge creation possible
If applicable, existence of an automated decision-making process	No
If applicable, origin of the data (if not collected directly from the data subject)	Direct collection by the user
Change of purpose if necessary	Not known
Categories of personal data, if applicable	First name, surname, email address, seminar and badge ID, IP address, time of badge retrieval

Eudemos GmbH & Co. KG

Purpose of the processing	We use the services of our partner to conduct employee risk and health surveys as well as 360-degree feedback, data analytics, results reporting and the provision of a digital work environment for the delivery of survey results (reports) to Haufe customers.
Legal basis (according to Art. 6 / 9 GDPR)	Contract fulfilment within the meaning of Art. 6 para. 1 lit. b. GDPR
Recipient (if applicable)	Please note that this is an application from a third-party provider. The participant's personal data will be passed on to this provider in order to carry out the training programme.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Eudemos uses servers, operating software and other system components from a third-party data centre (Amazon Web Services, Inc. (AWS)) to provide the surveys and reports. The data is stored and processed on German territory. The AWS region used for the processing of all data transmitted by the customer is exclusively Frankfurt am Main.An Azure O365 data centre in Ireland is used to conduct the surveys with the participants. Data transfer to the USA as part of support activities is not planned, but cannot be completely ruled out. In order to ensure an adequate level of protection in accordance with EU law in such cases as well, AWS has undertaken to comply with a level of data protection in accordance with EU law using the corresponding EU standard contractual clauses.
If known: Duration of data storage	Cancellation directly after project completion on instruction.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	Surname, first name, e-mail address, IP address, organisational unit (optional)

EVA - Evaluation tool

Purpose of the processing	We utilise the results of the evaluation for the purpose of continuous product improvement.
Legal basis (according to Art. 6 / 9 GDPR)	Consent pursuant to Art. 6 para. 1 lit. a GDPR
If known: Duration of data storage	The data is stored in EVA for a period of six years, after which it is deleted.
Categories of personal data, if applicable	The feedback questionnaires, which are analysed using the EVA system, are used to gain insights into participant satisfaction with the events. This includes information on the event location, the person organising the event and anonymised data such as participant IDs and the answers from the questionnaire.

Google Maps

Purpose of the processing	To determine geographical data, we use Google Maps services to enable a suitable selection of coaches in your area - especially in the event that a personal meeting is desired. If you enter a city name in the search mask, the AutoCompletionService and the GeoCodeService from Google Maps are used.
Legal basis (according to Art. 6 / 9 GDPR)	Contract fulfilment pursuant to Art. 6 para. 1 lit. B GDPR
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Google Maps is a map service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. When using Google Maps, information about the use of this website, including the IP address, may be transmitted to Google in the USA.Further information on data collection and the processing and use of data by Google and on the rights and setting options for protecting privacy is available in Google's data protection information (https://policies.google.com/privacy?hl=de).
If known: Duration of data storage	The storage period and the further use of the data by Google can be found in Google's data protection information at https://policies.google.com/privacy?hl=de.
Categories of personal data, if applicable	Date and time of the visit to the website in question, Internet address or URL of the website accessed, IP address

Hogan Assessments

Purpose of the processing	Competence profiling on behalf of the customer
Legal basis (according to Art. 6 / 9 GDPR)	Art. 9 para. 2 lit. a GDPR Art. 6 para. 1 lit. b GDPR
Recipient (if applicable)	Hogan Assessment Systems, USA
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Yes, USA with EU standard contractual clauses
If known: Duration of data storage	Research and anonymisation after completion
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity	No
Consequences of non-compliance (in case of failure to provide the required data)	Not specified
If applicable, existence of an automated decision-making process	Yes, automatic evaluation
If applicable, origin of the data (if not collected directly from the data subject)	Input from the user
Change of purpose if necessary	All test data is stored anonymously and securely in the data centre for research purposes, without any subsequent reference to the test participant.
Categories of personal data, if applicable	Test answers, statistical data

INSIGHTS MDI®

Purpose of the processing	Competence Profiling
Legal basis (according to Art. 6 / 9 GDPR)	Art. 6 para. 1 lit. b GDPR
Recipient (if applicable)	INSIGHTS MDI International®, Netherlands
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	No
If known: Duration of data storage	Research and anonymisation
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity	No
Consequences of non-compliance (in case of failure to provide the required data)	Not specified
If applicable, existence of an automated decision-making process	Yes, automatic evaluation
If applicable, origin of the data (if not collected directly from the data subject)	Direct survey
Change of purpose if necessary	Not known
Categories of personal data, if applicable	E-mail address, gender, job title, organisation, test answers

AI consultant

Purpose of the processing	Provision of advice: The data you enter is used to recommend suitable training programmes from our product portfolio. Your input is processed automatically using an AI model from Azure OpenAI to generate customised training recommendations.Quality improvement: Anonymised input and output data is analysed in order to continuously develop and optimise the AI advisor.
Legal basis (according to Art. 6 / 9 GDPR)	Informed consent (Art. 6 para. 1 a)
Recipient (if applicable)	none
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If known: Duration of data storage	The input and output data is stored anonymised in our system and automatically deleted after a maximum of one year. Sessions expire after eight hours. IP addresses are only processed for the technical provision of the service and are not stored permanently.
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity	none
Consequences of non-compliance (in case of failure to provide the required data)	none
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none

Contact form

Purpose of processing	Processing and, if necessary, answering the request of the form sender
Legal basis (according to Art. 6 / 9 GDPR)	Protection of legitimate interests (Art. 6 para. 1 f) Implementation of pre-contractual measures (Art. 6 para. 1 b)
Recipient (if applicable)	The data will not be passed on to third parties and/or to a third country.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If known: Duration of data storage	See General deadlines for data deletion
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity	There is no obligation.
Consequences of non-compliance (in case of failure to provide the required data)	none
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
If applicable, origin of the data (if not collected directly from the data subject)	The data originates from the person concerned.
Where applicable, categories of personal data (if not collected directly from the data subject).	Data and categories requested in the respective form.
Change of purpose if necessary	none

Customer surveys with Customer Voice

Purpose of the processing	You have the opportunity to provide feedback on our products downstream. As part of these surveys, we process your details and responses anonymously. We process your personal data if you explicitly consent to the use of this data.Your feedback is primarily used to continuously develop and improve products. In addition, the data will be used for advertising purposes if you have given your consent.
Legal basis (according to Art. 6 / 9 GDPR)	Consent pursuant to Art. 6 para. 1 lit. a GDPR
Recipient (if applicable)	We use online services from Haufe Lexware GmbH and Co. KG and Microsoft Corporation (Customer Voice) to conduct feedback.
If known: Duration of data storage	The feedback data will be deleted by us after 3 years at the latest.
Categories of personal data, if applicable	Company (optional), name (optional), e-mail address (optional), telephone number (optional)

Customer surveys with Microsoft Forms

Purpose of the processing	For the purposes of online surveys, we use the "Forms" tool from the provider Microsoft Ireland Operations Ltd. based in Leopardstown, Dublin, D18 P521, Ireland. Forms processes the information provided by users solely for the purpose of analysing the survey on our behalf and, unless personal data such as names or email addresses are requested, stores them anonymously, i.e. in particular without the IP address of the user. If personal data (e.g. name, address, company, etc.) is also requested as part of the survey in addition to the topic of the survey, we will point out separately in the survey that this is additional, voluntary information that we collect and use.We use forms to design and optimise our products and services in line with requirements.
Legal basis (according to Art. 6 / 9 GDPR)	Informed consent (Art. 6 para. 1 a)
Recipient (if applicable)	none
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If known: Duration of data storage	We store your data for as long as we need it for the specific processing purpose, for warranty purposes or to fulfil statutory retention periods.
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity	none
Consequences of non-compliance (in case of failure to provide the required data)	none
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none

Customer surveys with Netigate

Purpose of the processing	We use Netigate to design and optimise our products and services in line with requirements.
Legal basis (according to Art. 6 / 9 GDPR)	Informed consent (Art. 6 para. 1 a)
Recipient (if applicable)	none
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If known: Duration of data storage	Surveys with personal data are automatically deleted after 13 months.
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity	none
Consequences of non-compliance (in case of failure to provide the required data)	none
Change of purpose if necessary	none
Categories of personal data, if applicable	Netigate processes the information provided by users solely for the purpose of evaluating the survey on our behalf and, unless personal data such as names or e-mail addresses are requested, stores them anonymously, i.e. in particular without the IP address of the user. If personal data (e.g. name, address, company, etc.) is also requested as part of the survey in addition to the topic of the survey, we point out separately in the survey that this is additional, voluntary information that we collect and use.

LSI analysis

Purpose of the processing	Competence Profiling
Legal basis (according to Art. 6 / 9 GDPR)	Art. 6 para. 1 lit. b GDPR
Recipient (if applicable)	Life Performer AG, Switzerland
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Yes, Switzerland with adequacy decision by the EU Commission
If known: Duration of data storage	Research and anonymisation
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity	No
Consequences of non-compliance (in case of failure to provide the required data)	Not specified
If applicable, existence of an automated decision-making process	Yes, automatic evaluation
If applicable, origin of the data (if not collected directly from the data subject)	Direct survey
Change of purpose if necessary	Not known
Categories of personal data, if applicable	Test answers, IP address, statistical data

Metaverse EVOLVIA from RAVE.SPACE GmbH

Purpose of the processing	RAVE.SPACE GmbH, Köpenickerstraße 7, 10997 Berlin-Kreuzberg, offers Web3 browser-based metaverse solutions.On our websites we offer the possibility to enter and use a web-based virtual space.Names can be freely chosen to represent and identify users, which are then transmitted to our server. Chat messages are sent to our server for communication within the application. IP addresses are transmitted to establish a voice chat connection via the third-party provider Agora.
Legal basis (according to Art. 6 / 9 GDPR)	Fulfilment of a contract (Art. 6 para. 1 b)
Recipient (if applicable)	An external service provider with whom a contract has been concluded in accordance with Art. 28 GDPR is used to provide the Virtual Space. Both the service provider and its subcontractors potentially have access to the processed personal data.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	We do not transfer any personal data to third countries. However, when using the software, data may be transferred to third countries through the use of subcontractors by our service provider.
If known: Duration of data storage	IP address, user name and chat messages are only processed on our server for the duration of use and are not stored beyond that.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	User name Chat messages IP address

Microsoft Bing Universal Event Tracking

Purpose of the processing	UET makes it possible to track activities on the websites if they have been accessed via ads from Bing Ads and helps to optimise the offer.
Legal basis (according to Art. 6 / 9 GDPR)	Consent (Art. 6 para. 1 lit. a GDPR)
If known: Duration of data storage	The data is stored by Microsoft for a maximum period of 180 days.

Mielke Company - Mielke Platform

Purpose of the processing	We utilise the services of our partner for the implementation and support of GPM/IPMA training courses for employees. Furthermore, for experience-orientated skills development with practical benefits. Agile approaches, project management with IPMA Level D certificate, project management with university certificate, project management, social skills.
Legal basis (according to Art. 6 / 9 GDPR)	The legal basis is the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b. GDPR).
Recipient (if applicable)	Please note that this is an application from a third-party provider. The participant's personal data will be passed on to this provider in order to carry out the training programme.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If known: Duration of data storage	Deletion directly after project completion on instruction.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	Surname, first name, e-mail address, IP address, organisational unit (optional)

Mozaik App, Picture Framing GmbH

Purpose of the processing	This app enables trainers/speakers to create short introduction videos of themselves.
Legal basis (according to Art. 6 / 9 GDPR)	We process the data on the basis of your consent. Art. 6 para. 1 lit. a GDPR.
Recipient (if applicable)	Please note that this is a third-party application. The trainers' personal data will be passed on to this provider in order to implement the offer.All necessary contracts in accordance with Art. 28 para. 3 GDPR have been concluded with the third-party provider.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If known: Duration of data storage	The files are stored on Ionos servers (German company with German server location) (long-term storage). During the creation process, the video files are also processed temporarily on Hetzner servers (German company with German server location) (during rendering).The Mozaik app deletes all data immediately after the end of the recording.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Categories of personal data, if applicable	IP address, browsing time, personal e-mail address, first name/last name, photos/videos, genderFurther information can be found at:https://www.mozaik-app.de/privacy

MS teams

Purpose of the processing	We use MS teams for selected products in order to be able to play out topic-related webinars.
Legal basis (according to Art. 6 / 9 GDPR)	Contract fulfilment within the meaning of Art. 6 para. 1 lit. b. GDPR
Recipient (if applicable)	This is an application from a third-party provider. The participant's personal data is passed on to this provider for the purpose of implementing the training programme.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	The provision of the contractually agreed data processing takes place exclusively in a member state of the European Union or in another state party to the Agreement on the European Economic Area. In the context of maintenance and support measures, data may theoretically also be transferred to the third country USA. In order to ensure an adequate level of protection in accordance with EU law in these cases, Microsoft has been obliged to comply with a comparable level of data protection by means of corresponding EU standard contractual clauses.
If known: Duration of data storage	Teams splits the data that is generated in a team between different services: Group conversations (which are displayed in Outlook via Exchange Online) and the group calendar are forwarded to Exchange Online. Meetings that are created are forwarded to Exchange Online. The chat in a team is stored on the Skype for Business server. Meeting recordings are transferred to Microsoft Streams, which means that they are stored in Microsoft Azure. Documents and the SharePoint Wiki end up in the site collection in SharePoint. File attachments in a chat and attachments to tasks from Planner are also transferred to SharePoint. All data is subject to the deletion policies of the corresponding services. As an administrator, you can set up the retention policies for teams for chat and channel messages and proactively determine whether the data should be retained, deleted or retained for a certain period of time and then deleted.
Categories of personal data, if applicable	IP address, personal e-mail, first name/surname, audio and video recordings. In the context of audio and video recordings, it is ensured that no special categories of personal data (e.g. health data) are processed.

OKR (Object Key Result)

Purpose of the processing	Haufe OKR is used in some events to illustrate this. Haufe OKR enables the definition of medium-term strategic goals at company level and the creation and tracking of goals at team level.Provided consent has been given via the relevant consent boxes, the data collected can be used for quality, functionality and marketing purposes.
Legal basis (according to Art. 6 / 9 GDPR)	Data processing is carried out for the fulfilment of the contract in accordance with Art. 6 para. 1 lit. b GDPR optionally on the basis of consent granted in accordance with Art. 6 para. 1 lit. a GDPR
Recipient (if applicable)	Please note that this is an application from a third-party provider. The participant's personal data will be passed on to this provider in order to carry out the training programme.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Suitable guarantees have been agreed with the service provider of the OKR platform in accordance with Art. 44 et seq. GDPR have been agreed. The contractually agreed data processing takes place exclusively in a member state of the European Union or in another state party to the Agreement on the European Economic Area, as the data is stored in European data centres.
If known: Duration of data storage	The data will be deleted once the purpose of processing no longer applies.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	IP address

Online chat or forum for participants

Purpose of the processing	As part of participation in certain events, the voluntary use of an online chat or forum offers the opportunity to actively engage in dialogue with speakers or other participants within the selected group.The online chat can be accessed via the event page in the personal learning environment at the times specified there.An external service provider is used to provide the online chat, which has access to the data collected in the process. Contracts have been concluded with this service provider in accordance with Art. 28 GDPR to ensure that the data is handled in compliance with data protection regulations.
Legal basis (according to Art. 6 / 9 GDPR)	Fulfilment of a contract (Art. 6 para. 1 b)
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If known: Duration of data storage	Data and contributions will be deleted after the end of the respective event and will not be archived beyond that.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	Surname, first name, e-mail address, a Haufe user ID and the answers and posts made in the chat.

Plazz AG/Mobile Event App

Purpose of the processing	The Mobile Event App from plazz AG supports the planning and organisation of congress visits. With selected products, you can use the Mobile Event App to be accompanied virtually at selected congresses.
Legal basis (according to Art. 6 / 9 GDPR)	Contract fulfilment within the meaning of Art. 6 para. 1 lit. b. GDPR
Recipient (if applicable)	This is an application from a third-party provider. The participant's personal data is passed on to this provider for the purpose of implementing the training programme.All necessary contracts in accordance with Art. 28 para. 3 GDPR have been concluded with the third-party provider.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If known: Duration of data storage	plazz AG deletes all personal data three months after the purpose no longer applies.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	IP address, browsing time, e-mail address, first and last nameFurther information is available athttps://mobile-event-app.com/wp-content/uploads/2019/03/Datenschutzerkla%CC%88rung_Plazz-2019-1.pdf

Prokoda GmbH

Purpose of the processing	Provision of virtual desktops for IT training courses.
Legal basis (according to Art. 6 / 9 GDPR)	The legal basis is the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b. GDPR).
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	This is an application from a third-party provider. The participant's personal data is passed on to this provider for the purpose of implementing the training programme.
If known: Duration of data storage	All personal data is deleted when you leave the virtual desktop. No log data is stored.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	Surname, first name, e-mail address, IP address

Qualtrics

Purpose of the processing	Before the start of our seminars, there is the opportunity to communicate expectations, wishes and previous experience for certain products via a survey. We conduct surveys of this kind using the Qualtrics tool. We use your responses to enable our trainers to optimise the preparation of training sessions to meet the content-related needs and requirements of the participants. To this end, your responses are forwarded to the trainers at the event.As part of these surveys, we process your information and answers to the respective questionnaire in a non-anonymised form. We process your personal data if you explicitly consent to the use of this data.Data collected:- Surname, first name. This data can be assigned to the questionnaire via your user account in the learning environment.- Answer entries in the questionnaire
Legal basis (according to Art. 6 / 9 GDPR)	Informed consent (Art. 6 para. 1 a) Protection of legitimate interests (Art. 6 para. 1 f): To pass on the surname and first name from the learning environment to Qualtrics. The data will only be stored after consent has been given. Otherwise, the data will be deleted immediately.
Recipient (if applicable)	We forward the answers to the questionnaires to our trainers for the purpose of seminar preparation.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	The Qualtrics service transmits data to the USA. The provider ensures that the sufficient protective measures pursuant to Art. 44 et seq. GDPR are complied with. If and insofar as an adequacy decision within the meaning of Art. 45 GDPR exists and applies to the respective data export, we generally base this on it. If such a decision does not exist, a contract with standard data protection clauses of the European Commission (Art. 46 para. 2 letters c and d GDPR) has been concluded with the respective recipient.
If known: Duration of data storage	The data will be deleted once the purpose no longer applies.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	⁃ Surname, first name. This data can be assigned to the questionnaire via your user account in the learning environment.⁃ Answer entries in the questionnaire

SAFe® certification

Purpose of the processing	Data processing is carried out for the purpose of SAFe® certification of participants.
Legal basis (according to Art. 6 / 9 GDPR)	The transfer of personal data to the certification institute is based on Art. 6 para. 1 lit. b GDPR, insofar as it is necessary for the fulfilment of a contract and insofar as the participant has booked the seminar themselves. If the booking is made by third parties (e.g. employers), the transfer of data is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in being able to fulfil our contractual obligations.
Recipient (if applicable)	none
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Scaled Agile, Inc. is based in the USA. The data is processed in the USA, among other places. You can find more information in the privacy policy of the controller: https://scaledagile.com/privacy-policy/#noticetoEEA
If known: Duration of data storage	These result from the provider's general terms of use and data protection provisions:https://scaledagile.com/terms-of-use/https://scaledagile.com/privacy-policy/
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
If applicable, origin of the data (if not collected directly from the data subject)	The data usually originates from the data subject, but may also originate from third parties.

Seminar registration

Purpose of the processing	We process your data in order to be able to provide you with the relevant seminar. We keep lists of participants when you register for a seminar. These lists contain your surname, first name, telephone number for enquiries and e-mail address. The lists of participants are made available to the relevant on-site supervisors and trainers. We also use your data to send you promotional offers for similar seminars and products in the future.
Legal basis (according to Art. 6 / 9 GDPR)	Fulfilment of a contract (Art. 6 para. 1 b) Protection of legitimate interests (Art. 6 para. 1 f)
Recipient (if applicable)	none
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If known: Duration of data storage	We store your data for as long as we need it for the specific processing purpose, for warranty purposes or to fulfil statutory retention periods.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none

StackFuel GmbH

Purpose of the processing	We process this data in order to conduct online training courses on the StackFuel learning platform. The data is therefore absolutely necessary for the implementation.
Legal basis (according to Art. 6 / 9 GDPR)	Art. 6 para. 1 b EU-GDPR
Recipient (if applicable)	Stackfuel uses further sub-service providers, which are located in the USA and elsewhere. For all sub-processors, Stackfuel has established appropriate safeguards in accordance with Art. 44 et seq. GDPR to ensure that personal data is protected and data subjects' rights are safeguarded. These sub-processors are: Google [https://policies.google.com/privacy?hl=de&gl=de] Slack [https://slack.com/intl/de-de/legal] Pipedrive [https://www.pipedrive.com/en/privacy] LogmeIn [https://www.logmeininc.com/de/legal/privacy] Microsoft [https://privacy.microsoft.com/de-de]
If known: Duration of data storage	Stackfuel stores the data until the end of the training, but for no longer than 30 days after the end of the training. At the end or cancellation of a training course, Stackfuel deletes all available data, provided that there are no legal or contractual retention periods to the contrary.
Change of purpose if necessary	A learning platform from StackFuel GmbH, Alte Schönhauser Str. 38, 10119 Berlin, Germany, is used to provide digital learning content for data science training courses. The transmission and processing of the data required to conduct the training is carried out in a secure manner. StackFuel works with other sub-service providers located in the USA and elsewhere. For all subcontractors, suitable guarantees in accordance with Art. 44 ff. GDPR to ensure the protection of personal data and the exercise of data subjects' rights. The data collected in particular includes: First name and surname of the participant E-mail address and telephone number of the participant Seminar ID

TaskCards Web App

Purpose of the processing	This data is processed for the fulfilment of contractual services through the use of a digital pinboard. The TaskCards pinboard is a digital tool for creating and storing interactive posts that are available both online and offline. Authorised users and guests with access tokens can create content independently by using functions such as pen tools, text input, form tools and the integration of multimedia content. Logged-in users can save the content they have created in the personal "My pinboards" area within TaskCards.
Legal basis (according to Art. 6 / 9 GDPR)	Data processing is carried out for the fulfilment of the contract in accordance with Art. 6 para. 1 lit. b GDPR
Recipient (if applicable)	Please note that this is an application from a third-party provider. The participant's personal data will be passed on to this provider in order to carry out the training programme.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If known: Duration of data storage	Account deletion at the end of the contract Pin deletion 7 days
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	First name and surname Email addresses IP address Browsing time

Techcast - Conference platform

Purpose of the processing	Techcast is used to broadcast online year-end meetings.
Legal basis (according to Art. 6 / 9 GDPR)	The legal basis is the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b. GDPR).
Recipient (if applicable)	Please note that this is an application from a third-party provider. The participant's personal data will be passed on to this provider in order to carry out the training programme.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If known: Duration of data storage	No storage, data is lost as soon as it is no longer required.
Categories of personal data, if applicable	IP address, browsing time, potential cookies

Appointment bookings via Microsoft Bookings

Purpose of the processing	The "Bookings" tool is used to arrange appointments directly with a consultant, coach and/or trainer and to organise the appointment process efficiently.
Legal basis (according to Art. 6 / 9 GDPR)	Implementation of pre-contractual and contractual measures that are carried out on request (Art. 6 para. 1 lit. b GDPR)
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Microsoft also processes personal data in the USA. EU standard contracts have been concluded with Microsoft for Office 365 in order to guarantee an appropriate level of data protection. The EU standard contractual clauses can be viewed athttps://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32021D0914can be accessed.
If known: Duration of data storage	Personal data will be deleted after fulfilment of the purpose.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	Microsoft 365 and Microsoft Bookings, a service provided by Microsoft Ireland Operations, Ltd, are used to book appointments. The data entered during the booking process is processed by Microsoft Bookings. The following personal data may be collected: Name First name Email address Address (optional) Telephone number and notes (optional) Appointment and booking information Microsoft Bookings is part of the Office 365 cloud application. Microsoft reserves the right to process customer data for its own business purposes. This may pose a data protection risk. In order to ensure a minimum level of data protection, corresponding data protection agreements and EU standard contractual clauses have been concluded with Microsoft Ireland. We have no influence on data processing by Microsoft. Insofar as Microsoft Bookings processes personal data in the context of its own legitimate business operations, Microsoft acts as an independent data controller and is therefore itself responsible for compliance with applicable data protection laws. Further information on the purpose and scope of data collection and processing by Microsoft Bookings is available in Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement There you will also find information on your rights in this regard.

Transfer coaching, individual training and practical coaching

Purpose of the processing	Registration and contract processing: registration for coaching or training, communication, and organisational processing (including invoicing)Implementation and organisational processing: appointment management, implementation of online coaching sessions, and communication with the coach. We work with freelance coaches to organise the training sessions. We pass on your data to the respective coach to arrange appointments.Feedback and quality control: Contact for the evaluation of the training or coaching programme
Legal basis (according to Art. 6 / 9 GDPR)	Art. 6 para. 1 b EU GDPR or, in the case of booking via a customer, Art. 6 para. 1 f EU GDPR
Recipient (if applicable)	Freelance trainers or coaches. Service providers may also receive access to data if they act as processors.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	No
If known: Duration of data storage	The data will be deleted once the purpose no longer applies.
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity	No
Consequences of non-compliance (in case of failure to provide the required data)	Appointment and realisation not possible
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
If applicable, origin of the data (if not collected directly from the data subject)	Direct survey
Change of purpose if necessary	none
Categories of personal data, if applicable	First name, surname, contact details such as e-mail address and telephone number, company name and billing details, booked packages and services

TriCAT GmbH

Purpose of the processing	We use TriCAT for selected products in order to be able to play out topic-related webinars.
Legal basis (according to Art. 6 / 9 GDPR)	The legal basis is the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b. GDPR.
Recipient (if applicable)	This is an application from a third-party provider. The participant's personal data is passed on to this provider for the purpose of implementing the training programme. All necessary contracts in accordance with Art. 28 para. 3 GDPR have been concluded with the third-party provider.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	TriCAT is hosted on Amazon Web Services (AWS). Data transfer to the USA in the context of support activities is not planned, but cannot be completely ruled out. In order to ensure an adequate level of protection in accordance with EU law in such cases, TriCAT has committed itself together with AWS to comply with a level of data protection in accordance with EU law using the corresponding EU standard contractual clauses.
If known: Duration of data storage	All personal data that can be deleted directly after the session is manually removed from the platform.TriCAT itself deletes all chats after the end of the session, session documents are deleted after 8 weeks.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	The following personal data is processed when you log in: IP address, browsing time, cookie information, personal e-mail address, first name/last name, audio and video recordingsFurther information can be found at: https://www.tricat.net/datenschutzerklarung/

Userlike chat tool

Purpose of the processing	Userlike is a chat tool. If you wish to communicate with us via Userlike, the following personal data will be processed:- E-mail address- First name- Last nameYour data will only be processed in Germany. The Userlike chat tool is hosted in the Hetzner Online GmbH data centre.We process this data if you wish to contact us directly about certain products. Userlike serves as a chat communication tool between you and individual departments to get quick answers to questions about products.
Legal basis (pursuant to Art. 6 / 9 GDPR)	Informed consent (Art. 6 para. 1 a)
Recipient, if applicable (in case of forwarding)	none
If applicable, intention of onward transfer to a third country or international organisation (incl. information on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If known: Duration of data storage	Your data will be stored for 90 days and then automatically deleted.In addition, you can revoke your consent informally at any time with effect for the future. In this case, we will also delete the relevant data immediately.
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity	none
Consequences of non-compliance (failure to provide the required data)	none
Existence of automated decision-making, if applicable	In this context, we do not use automated decision-making.
Change of purpose, if applicable	none

Zoom Video Communication

Purpose of the processing	Wir nutzen bei ausgewählten Produkten Zoom, um themenbezogene Webinare ausspielen zu können.
Legal basis (according to Art. 6 / 9 GDPR)	Contract fulfilment within the meaning of Art. 6 para. 1 lit. b. GDPR
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	For users located in the European Economic Area (EEA) and personal data is transferred outside the EEA, zoom ensures: to process it in a territory that has been determined by the European Commission to provide an adequate level of protection for personal data or to have implemented appropriate safeguards to protect the personal data. This includes the transfer in accordance with the applicable transfer mechanisms, the standard contractual clause of the European Commission. In the context of maintenance and support measures, data may theoretically also be transferred to the third country USA. In order to be able to guarantee adequate data protection in these cases as well, zoom has undertaken to comply with a level of data protection corresponding to EU law by using the corresponding EU standard contractual clauses.
If known: Duration of data storage	Zoom stores collected personal data for as long as necessary for the purposes specified by zoom, unless a longer retention period is required by law. The criteria subject to the provisions of the retention periods include: The period during which an ongoing business relationship is maintained and the services are provided by zoom (e.g. as long as an account with zoom exists or the services of zoom are used) The legal obligation to retain the data (e.g. certain laws require that records of your transactions be kept for a certain period of time before they can be deleted) or A retention required with regard to the legal situation (e.g. in connection with applicable limitation periods, legal disputes or official investigations). You yourself as a customer can delete your own account.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	Zoom Meetings is a service that allows users to participate in online video conferences via a desktop or smartphone app, via a web interface, by telephone or via a conference room system. The following personal data is processed: IP address Personal email address First name/last name Sound and video recordings For more information, please visit: https://zoomgov.com/de-de/privacy.html\n

Four co-pilot

Purpose of the processing	Data processing is carried out by our customer service/support or by service providers commissioned by us exclusively for the purpose of processing your enquiry.
Legal basis (according to Art. 6 / 9 GDPR)	Fulfilment of a contract (Art. 6 para. 1 b) Where necessary, we process your data, possibly in anonymised form, beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. For example for- Better customer service,- Ensuring IT security and IT operations, e.g. transmission logs,- Examination and optimisation of procedures for needs analysis and direct customer contact,- Assertion of legal claims and defence in legal disputes,- Further development of services and products.
Recipient (if applicable)	Your personal data is transferred within the Haufe Group and to support and hosting service providers.
If known: Duration of data storage	We only process and store your personal data for as long as we need it to fulfil contractual or legal obligations. If there is no longer a legitimate interest, we will delete the data or, if this is not possible, block it.
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity	none
Consequences of non-compliance (in case of failure to provide the required data)	none
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none

VoiceBot

Purpose of the processing	The data is processed for processing the request within an existing contractual relationship with customers or for initiating a contract.The problem descriptions are partly used to improve the service; only pseudonymised data is used for this purpose. The session ID is not matched to the customer account.
Legal basis (according to Art. 6 / 9 GDPR)	Fulfilment of a contract (Art. 6 para. 1 b) Protection of legitimate interests (Art. 6 para. 1 f) Based on evaluations, the Haufe Group can identify the main areas of concern and thus optimise the VoiceBot.
Recipient (if applicable)	Some customer service and IT services are outsourced to service providers. The chatbot is provided by our processor, with whom we have concluded a data processing agreement. The service is supported by natural language understanding technologies. The data is processed on our processor's servers and is not passed on to third parties.
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If known: Duration of data storage	See General deadlines for data erasure
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none

Weglot

Purpose of the processing	Weglot is integrated on the client side via a JavaScript element and processes in particular the IP address of the website visitor in order to deliver the appropriate language version. The processing takes place exclusively for the purpose of providing our website in the user's preferred language.Data may also be transferred to countries outside the European Union. If necessary, this is done on the basis of suitable guarantees in accordance with Art. 46 GDPR (e.g. EU standard contractual clauses).Further information can be found in Weglot's privacy policy athttps://weglot.com/privacy/un
Legal basis (according to Art. 6 / 9 GDPR)	Protection of legitimate interests (Art. 6 para. 1 f)
Recipient (if applicable)	none
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)	Data transfer to a third country does not take place and is not planned.
If applicable, existence of an automated decision-making process	In this context, we do not use automated decision-making.
Change of purpose if necessary	none
Categories of personal data, if applicable	Weglot is integrated on the client side via a JavaScript element and processes in particular the IP address of the website visitor in order to deliver the appropriate language version.

Status: 22.1.2026

A brand of

Im Merkzettel gespeichert

Von Merkzettel entfernt

show wish list