Privacy notice

Thank you for visiting the Haufe Group website and for your interest in our range of services. The protection of your personal data is very important to us. With this data protection declaration, we would like to inform you about the handling of your personal data when visiting our websites and booking specific services and about your rights.

I. Who are we and how can you get in touch with us?

We, the

Haufe Service Center GmbH
A company of the Haufe Group
Munzinger Strasse 9
79111 Freiburg, Germany
E-Mail: service@haufe.de

is the body responsible for the protection of your data. Our data protection officer Raik Mickler will be happy to assist you. Should you have questions about data handling, your rights or about the privacy policy. You can contact him at dsb@haufe-lexware.com.

II. What data are processed in our online presences?

We wish to inform you here about the data collected during your visit at our online presences, for which purposes they are processed, on what legal basis the handling of your data takes place, what options you yourself have in controlling the collection and handling of the data and when data will be deleted.

 

A. Log-Files

 

Data collected

Upon visiting our websites, the following data is automatically transmitted by your browser:

  • your IP address
  • the website from which you are forwarded
  • websites, which you visit via our pages
  • the pages you look at as well as
  • what time you look at them
  • the name of your internet service provider
  • your browser type and its version
  • the operating system of your device
  • the date and duration of your visit.

Purposes of data processing:

The temporary storage of this data is necessary to enable delivery of the website to your computer and to ensure the functionality of the website. With the help of this data, we also gain statistical knowledge about how our websites are used. In addition, we collect the data in order to be able to track and prevent prohibited access to the web server, the misuse of the web pages and for ensuring the security of our information technology systems.

Legal basis:

We store this data temporarily on the basis of legitimate interests (Article 6, paragraph 1 f GDPR). Our legitimate interest lies in achieving the purposes described above.

Duration of storage and control options:

Data is deleted if it is no longer required for fulfilling its purpose. Log files are deleted at the latest after 90 days.

 

B. General information about cookies and targeting technologies

 

Data collected

When visiting our websites, so-called cookies are set. These are small text files, which are stored on your device. As a rule, cookies are assembled using a sequence of characters, the so-called cookie ID, with which your browser can be identified when calling up our websites again.

In addition, we use small elements of code, so-called tags, which we use to measure the behavior of our users and the success of advertising activities.

Depending on the type of cookies or tags various data is collected and then pseudonymized.

We use both our own cookies as well as cookies from other providers (third-party cookies). These third-party cookies are described below in section II C.

Purposes of data processing:

Technically necessary cookies enable the technical functionality of the website. Some features of our websites cannot be made available without the use of cookies.

Functionality cookies are designed to make our websites more user-friendly and to provide certain functionalities, such as cross-site shopping cart viewing, displaying the number of items in your shopping cart and how to save your credentials, so you can re-access them when returning to one of our websites.

Analysis cookies and tags enable us to generate aggregated statistics, such as the number of views, which areas of the web pages are most frequently viewed as well as location and the average duration of site visits. This allows us to improve the quality of our websites and content.

Advertising cookies and re-targeting technologies enable us to individually adapt the offers and the information we display. This will allow us to make our websites more interesting and to engage you on other websites with personalized, interest-based advertising.

Legal basis:

We use technically necessary cookies and functionality cookies on the basis of legitimate interests (Article 6, paragraph 1 f GDPR). Our legitimate interest lies in ensuring the functioning of our websites and their optimal usability.

We use analysis cookies and advertising cookies as well as tags and re targeting technologies based on legitimate interests (Article 6, paragraph 1 f GDPR, recital 47). Our legitimate interest lies in optimally tailoring our websites to the interests of our customers.

 

Duration of storage and control options:

Some of the cookies we use are automatically deleted after closing the browser (so-called session cookies). Others remain permanently on your device and allow us to recognize your browser (so-called persistent cookies).

You have full control over the use of cookies and can delete cookies in your browser, disable the storage of cookies altogether or select to accept certain cookies. Please use the help function of your browser to find out how to change these settings. This may limit the functionality of our websites.

 

C. Third-party cookie and tracking technologies

Necessary cookies (essential)

Usercentrics Consent Management Platform

Data Collected:

We use the consent management service Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany ("Usercentrics"). Usercentrics is used on the website as a processor for the purpose of consent management. The following data is collected: opt-in and opt-out data, referrer URL, user agent, user settings, consent ID, time of consent, consent type, template version, banner language.

Data Processing Purposes:

We use Usercentrics to comply with legal obligations of consent retention.

Legal basis:

We use Usercentrics to comply with our legal obligation, Art. 6 para. 1 p. 1 lit. c DSGVO.

Storage period and control options:

The consent data (consent and revocation of consent) is stored for three years. The data will then be deleted immediately. For more information, please see the Usercentrics privacy policy.

 

Wordpress

Data collected:

With respect to certain websites we use the Open-Source content management system "Wordpress", as well as plugins. Plugins are function-related extensions of the "Wordpress" software. The use of these plugins may result in the processing of personal data, such as the IP address of your connection.

Partially, some third-party cookie and tracking technologies are utilised. Here the above and II B. stated principles shall apply without restrictions.

Purposes of data processing:

We use plugins in particular for the following purposes:

  • For the protection against abusive comments ("Spam")
  • To find faulty links
  • To improve the loading speed of our mobile websites
  • Insofar as plug-ins are used for cookie and tracking technologies from third parties, the statement of purposes given under B. shall apply.

Legal basis:

We deploy Wordpress and the plugins used in each case based on legitimate interest. Our legitimate interest is to achieve the purposes stated above.

We use third-party cookie and tracking technologies for plug-ins, provided you have consented to them. You may withdraw your consent at any time in accordance with the procedures described above.

Storage time and control options:

We store your data for as long as we need it for the specific processing purpose.

You can prevent the collection and processing of data by social networks by adjusting your browser settings accordingly.

If you do not want social networks to match the data collected through our websites directly with your user profile, you must log out before visiting our websites.

Transfers to third countries:

We deploy, among others, the service provider Salesforce.com (salesforce.com EMEA Limited, Company No. 05094083, registered in England; Floor 26 Salesforce Tower, 110 Bishopsgate, EC2N 4AY London; UK) for the administration of your data.

In principle Data is processed in European data centres, data may also be transmitted to third countries such as the USA whilst undertaking maintenance and support measures. In order to ensure that your data is adequately protected in such cases, we have obligated the service provider Salesforce Inc. to adhere to a data protection level that complies with EU law, using the corresponding EU standard contractual clauses for the transfer of personal data to processors established in third countries.

 

Better Usability (statistics)

Econda:

 

Data collected:

We use solutions and technologies of econda GmbH, Eisenlohrstraße 43, 76135 Karlsruhe, Germany ("Econda"). Econda uses cookies to create cross-site pseudonymized user profiles. Data is collected, which allows the recognition of your browser. Your IP address is blurred immediately upon receipt to prevent any direct association with user profiles.

Purposes of data processing:

We use Econda for the appropriate design and optimization of our websites.

Legal basis:

We use Econda if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

Econda stores this data and it is deleted on a regular basis.

You can prevent the collection and handling of data by Econda by setting it accordingly in your browser or via this .

 

Google:

 

Data collected:

Google Analytics: Our websites use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies on your device that allow us to evaluate your use of our websites. Google collects, for example, data to uniquely identify your browser, information about when and how often you visited our websites, how long you have been on our websites, and how you interacted with our websites (more information can be found here [https://policies.google.com/technologies/types?hl=en]).

We have augmented Google Analytics with the code "get._anonymizeIP();". This results in Google shortening your IP address and enabling anonymous evaluation. The shortening of IP addresses takes place within the EU or the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US to be shortened there. The IP address sent to Google Analytics will not be merged with other Google data. The data determined with the help of cookies is usually transmitted to and stored on a Google server in the USA. Compliance with data protection standards and your rights is ensured through certification by Google under the EU-US Privacy Shield. Google only transmits data to third parties as long as consent has been given, it is required for legal reasons or third parties process this data on behalf of Google.

Google Remarketing and Double Click: We use Google Remarketing and Google Double Click. This technology uses cookies to evaluate how you use our website and to allow your browser to be recognized when you visit websites belonging to the Google advertising network. In addition to the Google Analytics cookies, the Google Analytics tracking code uses so-called DoubleClick cookies for this purpose. These collect data as to which third party websites on the Google display network you visited and which ads you clicked on. In addition, data from first-party cookies (e.g. Google Analytics cookies) and third-party cookies (e.g. Google cookie for display preferences) are linked. This allows us to evaluate the display of advertisements and your interaction with these ads.

Google AdWords Conversion Tracking: We use Google AdWords conversion tracking. With the aid of this technology, cookies are set when you interact with one of our ads, e.g. by clicking on it. Cookies help analyze what happens after you interact with an ad, such as whether you've purchased our product, viewed it from a mobile phone, downloaded our app, or signed up for a newsletter.

Google Tag Manager: The Google Tag Manager helps us set and manage tags. Your data is not collected and stored by this service.

Google reCAPTCHA: We use Google's reCAPTCHA service on some forms. With this, Google collects certain data to determine whether a person or machine is accessing our web pages, e.g. your IP address, your screen and window resolution, the language set in your browser, the time zone you are in, the user agent of the browser and installed browser plug-ins. We have augmented Google Analytics with the code "get._anonymizeIP();". This will cause Google to shorten your IP address. For more information on the shortening of your IP address, see the above explanation on Google Analytics.

Google Signals: In parts we also use the function Signals of Google Inc.’s. Google Signals recognizes single users across different devices (so called Cross Device Tracking). As a result we receive anonymized data in report form. The reports show patterns in user behavior.

The function is only activated, if you

  1. have a Google account,
  2. are logged in to this Google account while using the according Haufe Group websites,
  3. and have activated the option ‘Ads personalization’ in your Google account’s Ads Settings.

In case you do not want us to use Google Signals with your data you need to deactivate ‘Ads personalization’ in your Google Account.

Purposes of data processing:

Google Analytics: Google uses on our behalf the data collected through Google Analytics to evaluate the use of our websites, to compile reports on website activity and to provide other services related to website activity and internet usage.

Google Remarketing and Double Click: We use this technology to show you interest-based ads on other Google network sites. The advertisements refer to content that you have previously viewed on our websites.

Google AdWords Conversion Tracking: We use this technology to improve our offer.

Google Tag Manager: We use this service to create, display and manage tags on our website.

Google reCAPTCHA: We use this service to protect our technical systems by distinguishing whether an entry in one of our web forms is made by a human being or improperly via automation/by a machine.

Google Signals: We are using the technology to recognize users across different devices. Thus we are able to present you interest based advertisements.

YouTube: We use YouTube to embed product videos on our websites.

Legal basis:

We use the described Google products if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

We use Google reCAPTCHA on the basis of legitimate interests (Article 6, paragraph 1 f GDPR). Our legitimate interest is to prevent the misuse of our forms and to protect our technical systems.

Duration of storage and control options:

The data collected via the Google features is stored and then deleted on a regular basis.

You can prevent the storage of cookies via an appropriate setting in your browser.

You can also prevent Google from collecting and processing data by downloading and installing the browser add-on, which is available via the following link [https://tools.google.com/dlpage/gaoptout?hl=en].

Google Dynamic Remarketing and Double Click as well as Google AdWords Conversion Tracking:

This may limit the functionality of our websites.

For more information, see the Google Privacy Policy. https://policies.google.com/privacy?hl=en&gl=de].

 

INFOnline:

 

Data collected:

Our website uses the measuring method ("SZMnG") from INFOnline GmbH (https://www.INFOnline.de) to determine statistical indicators on the use of our offers. The aim of this measurement is to statistically determine the number of visits to our website, the number of website visitors and their surfing behavior - based on a uniform standard procedure - and thus to obtain comparable values ​​across the market. For all digital offers, which are members of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW – http://www.ivw.eu) or participate in the studies of the Arbeitsgemeinschaft Online-Forschung e.V. (AGOF - http://www.agof.de), user statistics on range of coverage are regularly processed by the GOF and the Arbeitsgemeinschaft Media-Analyse e.V. (agma - http://www.agma-mmc.de) and published as a number of „Unique Users“ and by the IVW with the number of “Page Impressions” and “Visits”. These ranges and statistics can be viewed on the respective websites.

 

1. Legal basis for processing


Measurement by means of the SZMnG measuring method from INFOnline GmbH is carried out with legitimate interest in accordance with article 6, paragraph 1, recital f) GDPR. The purpose of the processing of personal data is the production of statistics and the creation of user categories. The statistics are used to understand and prove the use of our offer. The user categories form the basis for an interest-oriented alignment of advertising material and advertising measures. A usage measurement, which ensures comparability with other market participants, is essential for the marketing of this website. Our legitimate interest stems from the economic usability of the findings resulting from the statistics and user categories as well as the market value of our website - also in direct comparison with website of other parties - which can be determined from the statistics. In addition, we have a legitimate interest in making the anonymized data of INFOnline, AGOF and IVW available for the purposes of market research (AGOF, agma) and for statistical purposes (INFOnline, IVW). Furthermore, we have a legitimate interest in providing the anonymized data of INFOnline for the further development and provision of advertising material in accordance with visitor’s interests.

2. Typ of data

INFOnline GmbH collects the following data, which, according to EU-GDPR, contains the following personal details:

  • IP address: Each device for transmitting data on the internet requires a unique address, the so-called IP address. The temporary storage of the IP address is technically necessary due to way in which the internet works. The IP addresses are shortened by 1 byte before any processing and are only used anonymously. There is no storage or further processing of the non-shortened IP addresses.
  • A randomly generated client identifier: range of coverage processing alternatively uses either a cookie with the identifier "ioam.com", a "Local Storage Object" or a signature created from various automatically transmitted information from your browser to recognize computer systems. This identifier is unique to a browser as long as the cookie or Local Storage Object is not deleted. A measurement of the data and subsequent assignment to the respective Client Identifier is therefore also possible if you access further websites, which also use the measuring method ("SZMnG") from INFOnline GmbH. The validity of the cookie is limited to a maximum of 1 year.

3. Use of data

 

The measurement procedure of INFOnline GmbH, which is used on this website, determines usage data. This is done to collect the performance values ​​of page impressions, visits and clients and to determine further key indicators (e.g. qualified clients). In addition, the measured data is used as follows:
· A so-called geo-localization, i.e. the assignment of a website visit to the location of that visit, takes place exclusively on the basis of the anonymized IP address and only on federal state / regional level. There is no possibility to draw conclusions as to the precise location of the user based upon the data provided.
· The usage data of a technical client (e.g. a browser on a device) is merged across web pages and stored in a database.
This information is used to estimate social- demographic data (age and gender) and passed on to the service providers of AGOF for further range processing. As part of the AGOF study, social characteristics are estimated on the basis of a random sample and divided into the following categories: age, gender, nationality, occupation, marital status, size of household, household income, place of residence, internet usage, online interests, location of use, user type.

4. Duration of data storage

INFOnline GmbH does not store the complete IP address. The shortened IP address is stored for a maximum of 60 days. The usage data in connection with the unique identifier are stored for a maximum of 6 months.

5. Forwarding of data

The IP address as well as the shortened IP address are not forwarded to any other party. For the creation of the AGOF study, data with client identifiers is forwarded to the following service providers of the AGOF:
· Kantar Deutschland GmbH (https://www.tns-infratest.com/)
· Ankordata GmbH & Co. KG (http://www.ankordata.de/homepage/)
· Interrogare GmbH (https://www.interrogare.de/)

 

3Q SDN Video Hosting

 

Data collected:

We have integrated the SaaS 3Q SDN platform on our website to enable video content to be displayed. 3Q SDN is a platform for processing video material with all the attendant services. The operating company of 3Q SDN is 3Q GmbH, Kurfürstendamm 102 10711, Berlin.
3Q places a cookie on your browser. This provides 3Q with insights as to how extensively our video offering is used. The personal data transferred to 3Q generally consists of: IP address – time stamp – URL – user agent plus data necessary for recording statistics. The prevailing data protection provisions of 3Q can be obtained from
https://www.3qsdn.com/de/datenschutz_und_richtlinien.

Purposes of data processing:

The 3Q platform collects data on the use of the audio-visual content offered by the data controller . We use 3Q to supply you with our learning materials and thus to comply with our contractual fulfilment obligations.

Legal basis:

We use 3Q to provide your seminar content by video, as set out in our contract offer. Data is thus processed on the basis of the contract concluded between us, Art. 6 Para. 1 lit. b of the GDPR.

Storage period:

Your data is only stored for as long as is necessary to fulfil the purpose. In addition to this, you can prevent cookies from being placed on your browser by making the appropriate settings in your browser. We would point out to you, however, that this can lead to problems with displaying content and that you may not be able to avail yourself of all the functions available on our website.

 

Opinary

We embed a survey tool from Opinary GmbH, Engeldamm 62-64, 10179 Berlin ("Opinary") on our pages. Using this service allows us to create and display online surveys.

Data collected:

Through the Opinary plugin, the following information of your website visit is retrieved: Cookie IDs and IP address.

The collected data is provided to us by Opinary in a pseudonymized and aggregated form.

Data Processing Purposes

We use Opinary to conduct online surveys.

Legal basis:

We use Opinary if you have consented to it. We obtain your consent when you call up our websites via the cookie banner, Art. 6 (1) lit. a DSGVO.

Storage period and control options:

The data is stored for a maximum of one year and then deleted.

For more information on data processing by Opinary, please visit https://opinary.com/datenschutz/

 

HIgh Quality Content (Functional)

Oracle:

Data Collected:

Eloqua: We use the service Eloqua from the supplier ORACLE Germany BV & Co. KG, Riesstrasse 25, 80992 Munich, Germany. Eloqua sets a permanent cookie on your browser on the respective registration website.

AddThis: We use the AddThis Plugin of Oracle America, Inc. ("Oracle"), 500 Oracle Parkway, Redwood Shores, CA 94065, USA. („AddThis“). When you launch a website using the AddThis plug-in, a cookie is set that pseudonymized data such as your IP address, surfing behavior, how often you use AddThis, and sends your location to Oracle in the United States. Oracle is certified under the EU-US Privacy Shield.

Purposes of data processing:

Eloqua: We use Eloqua to analyze the use of our web pages, so that we are able to continuously improve them.

AddThis: The plugin allows you to use and share interesting content from our websites.

Legal basis:

Eloqua: We use Eloqua if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

AddThis: We use AddThis if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

Eloqua: Eloqua stores this data and it is deleted on a regular basis. You can prevent the collection and processing of data by Eloqua via an appropriate setting in your browser or via this link [https://www.oracle.com/de/legal/privacy/privacy-choices.html].

For more information, see the Oracle Privacy Notice [https://www.oracle.com/de/legal/privacy/privacy-policy.html].

AddThis: AddThis stores your data and deletes it on a regular basis. You can prevent the collection and processing of data by AddThis via an appropriate setting in your browser or via this link [http://www.addthis.com/privacy/opt-out].

For more information, see the AddThis Privacy Notice [http://www.addthis.com/privacy].

PEGA:

Data collected:

We use solutions and technologies of Pegasystems Limited, 23 Forbury Road, Reading RG1 3JH, United Kingdom (PEGA). PEGA uses cookies to create cross-site pseudonymized user profiles. Data is collected, which allows the recognition of your browser. Your IP address is blurred immediately upon receipt to prevent any direct association with user profiles.
PEGA is used for the personalized product recommendation. The recording and playback takes place anonymously without personal reference.

Purposes of data processing:

We use PEGA for the appropriate design and optimization of our websites.

Legal basis:

We use PEGA if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

PEGA stores this data and it is deleted on a regular basis.

You can prevent the collection and handling of data by PEGA by setting it accordingly in your browser.

 

D. Wingify

 

Data collected:

Our web pages deploy the Visual Website Optimizer, an A/B test tool/web analysis service from Wingify, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India (hereinafter "Wingify"). Wingify deploys cookies to analyse your use of our Web sites. The information generated by the cookie about your use of this website and your IP address is transferred to a Wingify server in India and stored there. Further information on the cookies used can be found by clicking on this link [https://vwo.com/knowledge/what-are-the-cookies-stored-by-vwo/].

Purpose of Data Processing:

On our instructions, Wingify uses this information to evaluate your use of the website and to optimise our web pages based on this information.

Legal Basis:

We only use Wingify if you have agreed to it. We obtain your consent when you access our web pages using the cookie banner at the bottom of the web pages.

Storage duration and control options:

Wingify stores your data, which will be deleted regularly. You can prevent or delete the storage of cookies by adjusting your browser settings accordingly. You can also object to the collection by Wingify of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data in its entirety via the following link [https://vwo.com/opt-out/].

 

Quality Content (Marketing)

Plista:

 

Data collected:

We use the services of plista GmbH, Torstraße 33-35, 10119 Berlin through the agency Burda Media on the basis of our legitimate interests (i.e. our interest in the analysis, optimisation and economic operation of our online offering in the sense of Art. 6 Para. 1 lit. f. of the GDPR).
Plista is a tool that is employed in the provision of recommendation technology. Plista compares the interests of visitors to the website with each other and recommends favourites to other visitors with similar interests. Recommendations are generally made anonymously – this means that evaluations and click data are employed in an algorithm, while third parties are not able to either view or read out the information base. To enable plista to deliver to website visitors recommendations that fall within their respective areas of interest, plista merges the evaluation and click data into a user profile, which it then subjects to analysis. Plista requires anonymous data in order to provide this service. Anonymous data provides information on web pages retrieved, clicks made by a visitor to a website, and his reading habits; it is not personally identifiable.

Purposes of data processing:

Plista anonymously collects information for controlling advertising campaigns and measuring their success.

Legal basis:

Processing is on the basis of a legitimate interest.

Storage period:

Data is stored for no longer than 12 months. Means of prohibiting processing (opting out):
https://www.plista.com/de/about/opt-out/

Transfer to third countries:

None, however it may be possible through subcontractors of Plista.

 

Facebook:

 

Facebook-Pixel and Facebook Custom Audience (Remarketing)

Data collected:

On our website we deploy the so-called "Facebook pixel" of the company "Facebook" (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). The Facebook pixel enables us to classify the visitors to our website into specific target groups in order to be able to display corresponding advertisements ("ads") on Facebook. The data collected (e.g. IP addresses, information about the web browser, the location of the website, buttons clicked, pixel IDs if applicable and other features) cannot be viewed by us, but can only be used within the scope of the display of certain advertisements. Within the scope of using the Facebook pixel code, so-called cookies are also used.

If you have a Facebook account and are signed in, your visit to this website will be associated with your Facebook user account.

We also partly utilise the remarketing function "Custom Audiences" of the company "Facebook". This enables users of the Site to display interest-based ads ("Facebook Ads") when visiting Facebook or other websites that also use this method. In this respect, we pursue your interest in displaying advertisements that correspond to your interests in order to make our website more appealing to you.

In order to exchange the respective data, your browser automatically establishes a direct connection with the Facebook server. We have no control over the extent and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website of our website or clicked on an advertisement from us. If you are registered with a "Facebook" service, "Facebook" may assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible for the provider to trace and store your IP address and other identification features.

Insofar as you have consented to this, we may forward your telephone number or e-mail address to "Facebook" in order to be able to display advertisements corresponding to your interests.

  • To find out how Facebook pixel is deployed for advertising campaigns, please visit https://www.facebook.com/business/learn/facebook-ads-pixel.
  • For more information about Facebook's privacy policy, please visit https://www.facebook.com/policy.php.
  • For more information about Facebook's data processing practices, please visit https://www.facebook.com/about/privacy.

Purposes of data processing:

We employ these functions in order to be able to provide you with advertising offers corresponding to your interests.

Legal basis:

We process your data on the basis that you have consented to this or that we have a legitimate interest in processing the data pursuant to Art. 6 para. 1, sentence 1 (a) and (f) GDPR.

Storage duration and control options:

We store your data as long as we require it for the respective purpose (display of interest-based advertising) or provided you have not objected to the storage of your data or revoked your consent.

  • The deactivation of the function "Facebook Custom Audiences" is possible [here link to opt-out] for logged in users at https://www.facebook.com/settings/?tab=ads#_.
  • You can adjust your ad settings in Facebook at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen if you are logged in to Facebook.

 

LinkedIn Insights Tag:

 

Data collected:

On this website we use the LinkedIn Insight Tag. The LinkedIn Insight Tag creates a LinkedIn "Browser Cookie", which collects the following data:
· IP address,
· time stamp,
· page Activities,
· demographic data from LinkedIn, if the user is an active LinkedIn user.

Purposes of data processing:

We process your data to rate campaigns and gather information about website visitors who may have reached us through our LinkedIn campaigns.

Legal basis:

We process your data because you have consented to this or because we have a legitimate interest in processing the data, Art. 6 para. 1 sentence 1 lit. a. and f EU-GDPR.

Storage duration and control options:

We save your data as long as we need them for the respective purpose (campaign evaluation), as long as you have not objected to the storage of your data or have revoked your consent.
The collected data is encrypted. More information can be found here. Here you will find the LinkedIn privacy policy, as well the LinkedIn Opt-Out.

Lead Forms:

If you submit a so-called lead form on the LinkedIn website, we process your personal data in order to be able to provide the information you have requested. Subject to your consent, we will transfer the information you enter in the lead form to our customer database (CRM system) and link it to any other information you provide, in order to provide you with future offers that suit your preferences.
If you have consented to this, you may revoke the relevant use of your data at any time.
You may revoke your consent at any time:
1. In respect of your LinkedIn data within 90 days click here;
2. In respect of the data stored at Haufe at any time by email to dsb@haufe-lexware.com

 

Microsoft:

 

Data collected:

Bing Universal Event Tracking: We use Bing Universal Event Tracking ("UET"), a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Should you access our web pages through advertisements on Bing ads then a cookie is placed on your computer. In addition, a UET tag is integrated on our websites. This is a code used to store pseudonymized data about the use of the website in connection with the cookie. In combination with the pseudonymized data through the cookie, the tag tracks what actions you carry out on our websites after having clicked on a Bing ad. The items recorded are, amongst others, the amount of time that has been spent on the website, which areas of the website were accessed and via which advertisement you arrived at the website. In addition, Microsoft can track your usage behavior across multiple electronic devices through cross-device tracking. The information collected is transmitted to a Microsoft server in the United States. Microsoft is certified under the EU-US Privacy Shield.

Bing Webmaster Tools: The Bing Webmaster Tools from Microsoft store cookies and so-called beacons on your computer. Beacons or pixels are small invisible graphics that can be used to detect if a webpage has been accessed.

Purposes of data processing:

Bing Universal Event Tracking: UET allows us to track your activity on our websites when you visit them via advertisements from Bing Ads and enable us to improve our offer. Cross-device tracking allows Microsoft to show personalized ads.

Bing Webmaster Tools: Microsoft can provide its Bing services and optimize search results with the help of this tool.

Legal basis:

We use the described Google products if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

Data is stored by Microsoft for a maximum of 180 days. You can prevent the collection and processing of data by deactivating the setting of cookies. As a result, the functionality of the web pages may be restricted. You can disable cross-device tracking at the following link [https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-GB].

For more information on Bing analytics services, visit the Bing Ads website [https://help.bingads.microsoft.com/#apex/3/en/53056/2 ]. For more information about privacy at Microsoft and Bing, see the Microsoft Privacy Policy [ https://privacy.microsoft.com/en-us/privacystatement].

 

 

 

Social Plugins:

 

 

Data collected:

We use social plugins from the following social networks:

  • Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").
  • Twitter, which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (Twitter).
  • LinkedIn, which ist operated by LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA.
  • XING, which ist operated by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

When you visit a web page that contains such a plugin, your browser establishes a direct connection to the servers of the respective social network. This integration supplies the social network with data on which website you have visited, even if you do not own a user profile or aren’t currently logged in. If you are logged in, Facebook can assign the visit to your Facebook account. If you interact with the plugins, the corresponding information is transmitted to the social network and stored there. Your IP address is saved in shortened form. The data is transmitted from your browser directly to a server of the social network in the USA and stored there.

Purposes of data processing:

The social plugins allow you to share content of the websites in social networks.

Legal basis:

We use social plugins if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

You can prevent the collection and processing of data by the social networks via an appropriate setting in your browser.

If you do not wish for the social networks to directly match the data collected through our websites to your user profile, you must log out before visiting our websites. Further information can be found in the Privacy Policy of Facebook [https://www.facebook.com/about/privacy], Twitter [https://twitter.com/en/privacy].

III. What data is processed when registering for specific offers?

1. Hogan Assessments

We use the services of this third party in order to provide Hogan Assessments for competence profiling. The data entered in the online form is processed securely by the provider and is not accessible to any third party except the agency responsible for managing the test data. Your securely encrypted raw data is hosted in the US (AT&T Internet Data Center, 11830 Webb Chapel R, Dallas, TX 75234 United States of America). The hosting company uses the data solely for the provision of the services. This includes, in particular, maintenance and repair work. It cannot be ruled out that, in carrying out this work, employees of the hosting company or its subsidiaries and subcontractors may become aware of your (personal) data. Hogan Assessment Systems is very careful to ensure that you as a participant have secure and reliable access to the online platform.

As you fill in the questionnaires, your data is sent over the internet to a secure data center in the United States via an SSL-encrypted (128-bit) connection. Your answers to the questions are evaluated by means of defined evaluation algorithms. Your answers to the individual questions cannot be viewed by third parties at any time; your answers serve rather to make statistical statements in comparison to other people. Hogan reports are automatically generated within a few seconds and sent to Haufe Akademie. All test data is stored anonymously and securely in our data center for research purposes and any connection to the test participant cannot be subsequently established.

Hogan Assessment Systems guarantees that your personal data, which is processed on our behalf, can only be processed in accordance with the instructions of the client. We do our utmost to ensure that your information is kept strictly confidential and is only made available to persons who are authorized to access personal data in accordance with the privacy policy and legal framework. The test result is sent to the customers of the Haufe Akademie via a simple e-mail.

 

2. Profilingvalues

 

We use the services of this third party in order to provide profilingvalues for competence profiling. The data entered in the online form is processed securely by the provider and will not be accessible to any third party except the agency responsible for managing the test data. The hosting of your securely encrypted raw data takes place exclusively in Germany (ALL-INKL.COM, Neue Medien Münnich, Hauptstrasse 68, 02742 Friedersdorf, Germany). The hosting company uses the data solely for the provision of the services. This includes, in particular, maintenance and repair work. It cannot be ruled out that, in carrying out this work, employees of the hosting company or its subsidiaries and subcontractors may become aware of your (personal) data.

profilingvalues is very careful to ensure that you as a participant have secure and reliable access to the online platform.

Each time you access the contents of this website, the following data is stored:

  • name of the requested file
  • date and time of the request
  • transferred amount of data
  • error status
  • IP address of the requesting computer

The stored data is used exclusively for statistical purposes. The data is passed neither fully nor in part to third parties. A comparison with other databases does not take place.

Should there be the possibility of entering personal or business data (e-mail addresses, names, postal addresses) on our internet sites, the user discloses this information upon an entirely voluntary basis.

As you fill in the questionnaires, your data is sent via internet to a secure data center in Germany via an SSL-encrypted connection. Your answers to the questions and your ranked answers are evaluated by means of defined evaluation algorithms. Answers to the individual questions can never be viewed by third parties; your answers serve rather to make statistical statements in comparison to other people. profilingvalues ​​reports are generated automatically within a few seconds, so that the certified and authorized evaluation consultants can view them. All test data is stored anonymously and securely in our data center for research purposes without any connection to the test participant being able to subsequently be established.

proflingvalues guarantees that your personal data, which is processed on our behalf, can only be processed in accordance with the instructions of the client. We do our utmost to ensure that your information is kept strictly confidential and is only made available to persons who are authorized to access personal data in accordance with the privacy policy and legal framework. More information about the data center and the security certificates can be found at http://ssl.comodo.com. The test result is sent to the customers of the Haufe Akademie via e-mail.

 

3. LSI Analysis

 

We use the services of this third party in order to provide the LSI analysis for competence profiling. The data entered in the online form is processed securely by the provider and is not accessible to any third party except the agency responsible for managing the test data. Your secure encrypted raw data is hosted solely in Switzerland. The hosting company uses the data only for the provision of the services. This includes, in particular, maintenance and repair work. It cannot be ruled out that, in carrying out this work, employees of the hosting company or its subsidiaries and subcontractors may become aware of your (personal) data. Life Performer AG is very careful to ensure that you as a participant have secure and reliable access to the online platform.

Each time you access the contents of this website, the following data is stored:

  • name of the requested file
  • date and time of the request
  • transferred amount of data
  • error status
  • IP address of the requesting computer

The stored data is used exclusively for statistical purposes. The data is passed neither fully nor in part to third parties. A comparison with other databases does not take place.

As you fill in the questionnaires, your data is sent over the internet to a secure data center in Switzerland via an SSL-encrypted connection. Your answers to the questions are evaluated by means of defined evaluation algorithms. Your answers to the individual questions can never be viewed by third parties; your answers serve rather to make statistical statements in comparison to other people. LSI analysis reports are generated automatically within a few seconds so that the certified and authorized consultants can view them. All test data is stored anonymously and securely in our data center for research purposes without any connection to the test participant being able to subsequently be established.

Life Performer AG guarantees that your personal data, which is processed on our behalf, can only be processed in accordance with the instructions of the client. We do our utmost to ensure that your information is kept strictly confidential and is only made available to persons who are authorized to access personal data in accordance with the privacy policy and legal framework. The test result is sent to the customers of the Haufe Akademie via e-mail.

 

4. INSIGHTS MDI®

 

We use the services of this third party in order to provide INSIGHTS MDI® for competence profiling. The data entered in the online form is processed securely by the provider and is not accessible to any third party except the agency responsible for managing the test data. Your secure encrypted raw data is processed in the Netherlands (Interxion HQ, Tupolevlaan 24, 1119 NX Schiphol-Rijk, Netherlands). This ensures that the processing and storage of the data occurs exactly within the framework of European data protection law (is exactly the same as Dutch law).

INSIGHTS MDI® is very careful to ensure that you as a participant have secure and reliable access to the online platform.

All data entered via the European server will only be used for the purpose specified and agreed upon by you. We do not share information about you with third parties without your consent. Personal information entered for an analysis / report includes: e-mail address, gender (only for salutations in the report), position / job title and organization. The disclosure of this data by the user takes place on an entirely voluntary basis.

As you fill in the questionnaires, your data is sent over the internet to a secure data center in the Netherlands via an SSL-encrypted connection (see above). Your answers to the questions and your ranked answers are evaluated by means of defined evaluation algorithms. Your answers to the individual questions can never be viewed by third parties; your answers serve rather to make statistical statements in comparison to other people. INSIGHTS MDI® reports are generated automatically within a few seconds so that the certified and authorized reporting consultants can view them. All test data is stored anonymously and securely in our data center for research purposes without any connection to the test participant being able to subsequently be established.

INSIGHTS MDI® guarantees that your personal data, which is processed on our behalf, can only be processed in accordance with the instructions of the client. We do our utmost to ensure that your information is kept strictly confidential and is only made available to persons who are authorized to access personal data in accordance with the privacy policy and legal framework. More information about the data center and the security certificates can be found at https://www.interxion.com/Locations/amsterdam/

 

5. Magh und Boppert GmbH (digital learning content)

 

For the provision of digital learning content, we use a learning platform from Magh und Boppert GmbH, Schulze-Delitzsch-Str. 8, 33100 Paderborn, Germany.

The following data is processed in the learning platform:

  • given name
  • surname
  • e-mail address
  • learning history (completed courses, participation in events, feedbacks, achieved certifications)

The company Magh and Boppert GmbH is able to access your data in case of support queries.

Furthermore, the data is passed neither fully nor in part to third parties. A comparison with other databases does not take place.

The hosting of your data is carried out exclusively in Germany on behalf of the Haufe Akademie by the following external data center service providers:

Hostserver GmbH for the learning platform https://mylearning.haufe-akademie.de (Hostserver GmbH, Biegenstr. 20, 35037 Marburg, Germany).

noris network AG for the learning platform https://lernwelt.haufe-akademie.de (noris network AG, Thomas-Mann-Str 16-20, 90471 Nuremberg, Germany).

General information on third country transfers:

The provision of the contractually agreed data processing takes place exclusively in a member state of the European Union (european data centers) or in another contracting state of the Agreement on the European Economic Area. However, in the context of maintenance and support measures, there may also be transfers of data to the third country USA. We always ensure an adequate level of protection for the transfer of data by implementing appropriate protective measures in accordance with Art. 44 et seq. GDPR. For each of these third country transfers, a contract with standard data protection clauses of the European Commission (Art. 46 (2) (c) and (d) GDPR) has been concluded with the respective recipient.
 

 

6. Transfer Coaching

 

For the provision of transfer coaching we work together with freelance trainers. Once you have confirmed the booking of a transfer coaching we forward your registration and seminar data to the respective trainer so that he/she can make an appointment. The trainer, who is bound by a framework agreement to comply with the provisions of the BDSG (Bundesdatenschutzgesetz = German Federal Data Protection Act) as well as by a non-disclosure agreement, may only use this data for making an appointment and for performing the transfer coaching you have booked. This may include technical support services for the software and hardware used by the trainer. Within the scope of this service, you have the option of contacting the trainer by telephone or using web conferencing tools. The trainer carries the responsibility for both of these communication channels. Should you not agree with the use of web conferencing tools, please inform the trainer directly during your first talk.

 

7. Creation of open badges

 

Data collected:

Open Badges is a system of digital certificates or learning badges jointly developed by the Mozilla Foundation and the MacArthur Foundation. With respect to storage, we deploy solutions and technologies from Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg (AWS).
Collected data encompass in particular:

      • First name and surname of the badge recipient
      • E-mail address of the badge recipient
      • Seminar and Badge ID
      • IP address and timing of the user when retrieving a badge

Purposes of data processing:

We process these data in order to be able to create a badge for you and make it permanently available to you. The data is therefore essential for the allocation and permanent storage of badges as digital certificate equivalents for seminar graduates.

Legal basis:

We process the data on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Storage duration and control options:

We store your data as long as you have an active account with us. If you delete this account or if the account is closed for any other reason, we will delete all existing data, as long as there are no legal or contractual retention periods preventing deletion.
In addition, you can revoke your consent at any time informally with effect for the future. In such case, we will also delete the relevant data promptly.

Transfers to third countries:

The data is generally processed in European data processing centres. Within the scope of maintenance and support measures, data may also be transferred to the third country USA. In order to be able to guarantee an adequate protection of your data in these cases as well, we have obligated Amazon Web Services, using the corresponding EU standard contract clauses, to comply with a data protection level corresponding to EU law.

 

8. StackFuel GmbH

 

Data collected:

For the provision of digital learning content concerning data science trainings, we use a learning platform from StackFuel GmbH, Alte Schönhauser Str. 38, 10119 Berlin. The transmission and processing of the necessary data for the training is carried out safely. Stackfuel ensures for all secondary service providers through appropriate guarantees pursuant to Article 44 ff GDPR that your personal data are protected and that your rights of the person affected are fulfilled.

The secondary service providers are:
- Google https://policies.google.com/privacy?hl=de&gl=de
- Slack https://slack.com/intl/de-de/legal
- Pipedrive https://www.pipedrive.com/en/privacy
- LogmeIn https://www.logmeininc.com/de/legal/privacy
- Microsoft https://privacy.microsoft.com/de-de

In particular, collected data are:

    • Purposes of data processing:

      We process this data to perform online training in the learning platform of StackFuel. The data are therefore required for the implementation.

      Legal basis:

      We process your data in order to be able to fulfil our contractual obligation to you (Art. 6 (1) (b) EU GDPR).

      Storage duration and control options:

      Fuel stores your data as long as you have completed your training, but no later than 30 days after completing your training. If you terminate or cancel a training, StackFuel deletes all available data, as far as deletion does not conflict with any statutory or contractual retention periods.

      • First name and last name of the participant
      • E-mail address and telephone number of the participant
      • Seminar- ID

9. EVA - evaluation tool

 

Data collected:

We use the analyses of EVA, which are generated from the reporting of the feedback sheets in order to obtain insights into the satisfaction of event participants. In addition to the location and speaker of the event data such as participant IDs and your answers from the questionnaire are collected.

Purpose of data processing:

We use the results of the analyses for the purpose of continuous product improvement.

Legal basis:

We process the data in accordance with your consent. Art 6 para. 1 lit. a GDPR.

Storage duration and control options:

The data is stored in EVA for a period of six years, after which it is deleted.

 

10. Individual Coaching

 

We process the following personal data when you hire us for one-on-one coaching:

    • First name and surname
    • Contact details
    • Packages booked

of the orderer or coachee (=participant). Coachee and orderer do not necessarily have to be the same person.

The coachee then receives a link that takes the coachee to the Haufe coaching platform. There, the coachee presents his or her specific coaching request, which is then matched with suitable coaches. The Haufe Academy uses a matching questionnaire, which the coachee has to fill out. This serves to assign your coaching request to a suitable coach. In this process, it is possible that you disclose data to us that are special categories of personal data pursuant to Art. 9 (1) DSGVO. In this matching process, Haufe Akademie GmbH &Co. KG processes your data in accordance with the European DSGVO.

As a coachee, you will be informed again about this data processing before sending your specific request. Individual coaching sessions are usually conducted virtually. The execution of the actual coaching takes place in consultation with the respective coach via the means of communication offered by the coach. All communication channels are offered by the coach on his or her own responsibility. If you do not agree with the use of certain means of communication (Internet, telephone, or similar), please inform the coach directly when first contacting him.

Purpose of data processing:

This data processing is necessary to fulfill the contractual obligation to the client and to perform "matching" with suitable coaches for the coachee.
Information on special categories of personal data (Art. 9 (1) DSGVO) is basically voluntary. Insofar as personal data is required for a suitable "matching", it is essential for the contractually owed service and therefore necessary.

Legal basis:

We process your data in order to fulfill our contractual obligation to you (Art. 6 para.1 b EU-DSGVO). In addition, we process your data on the basis of legitimate interest (Art. 6 para. 1 f EU-DSGVO) in order to be able to provide you with similar interesting offers in the future.

Storage period:

The personal data of the coachee will be stored for the duration of the business relationship and deleted after the termination of the same, unless a deletion is opposed by legal or contractual retention periods.

 

11. Haufe eAcademy:

 

 

Data collected:

When you open an account with us, we ask you to provide us with the following data: first name and surname, e-mail address, invoice address (company address and where appropriate an additional e-mail address to be used for invoicing), and your individual, freely selectable password. In addition, you may upload a profile photo – which is of course voluntary – which will then be visible in the application.

After registration, you will receive a verification e-mail from us that serves on the one hand to confirm your identity and on the other to enable invoicing. The verification link remains active for two weeks.

Purposes of data processing:

We process this data first of all to create your account, to enable you to access the services offered and to enable us to implement the contract. On the other hand, we also process this data to enable you to create an appealing profile.

Legal basis:

If we require your data for the purposes of implementing the contract with you and making our services available to you or to perform pre-contractual measures on the basis of an enquiry from you, data processing will be based on Art. 6 Para. 1 lit. b of the GDPR. If you give information voluntarily to complete your profile, data processing will be on the basis of Art. 6 Para. 1 lit. a of the GDPR.

Storage period and control options:

We store your data for as long as you operate an account on our platform. You can delete your profile yourself at any time. You can also download your data at any time as a zip file.

If you delete your account, all the data held for your account will be irrevocably deleted. This includes any courses already purchased or implemented.

You can delete a profile photo that you have provided voluntarily and that we have saved with your consent yourself at any time, by clicking on ‘Delete Photo ’ in your profile. This constitutes withdrawal of consent on the basis of Art. 7 Para. 3 of the GDPR.

 

12. Coaching

 

Data collected:

You may also book coaching sessions on our website. If you do this, we pass on your data (first name, surname, log-in e-mail address and the parameters of your individual course project) to your selected coach. You are also able to voluntarily provide a telephone number when you make the booking, which we will then also pass on to the coach. He/she will then contact you personally to discuss your communication preferences. This is something over which we have no influence. We process no further data in this context.

Purpose of data processing:

We process your data to enable us to offer you the booked coaching sessions and to enable communication to take place between you and your coach.

Legal basis:

The processing of this data is on the basis of the contractual performance, Art. 6 Para. 1 lit. b of the GDPR.

Storage period:

We store your data for the duration of the contract and subsequently delete it, provided there are no legal retention requirements that oppose its deletion.

 

13. Userlike

 

Collected data:

Userlike is a chat tool. If you wish to communicate with us via Userlike, the following personal data will be processed:

  • Email address
  • First name
  • Last name

Your data will be processed exclusively in Germany. The chat tool Userlike is hosted in the data center Hetzner Online GmbH.<7p>

Purposes of data processing:

We process this data when you want to contact us directly for some products. Userlike serves as a chat communication tool between you and individual departments to quickly get questions about products answered.

Legal basis:

We process the data based on your consent. Art 6 paragraph 1 lit. a DSGVO.

Storage period and control options:

Your data will be stored for 90 days and then automatically deleted.
In addition, you can informally revoke your consent at any time with effect for the future. In this case we will also delete the data concerned immediately.

Transmission to third countries:

No data transfer to third countries.

 

14. VITERO

 

Collected data:

Vitero is a "virtual team room" tool for conducting virtual meetings and trainings.
The following data is collected:

  • First name and surname
  • E-mail addresses
  • IP address
  • Sound and image recordings (video recordings)

Purposes of the data processing:

We process this data in order to provide you with the contractual services through digital webinars.

Legal basis:

We process your data for the fulfilment of the contract according to art. 6 para. 1 lit. B DSGVO.

Storage period and control options:

Unless otherwise notified or indicated, Vitero will store your personal data only for as long as necessary to fulfill the purposes pursued.
In all other cases Vitero will delete your data, except for those that have to continue storing them in order to comply with legal retention obligations (e.g. under tax or commercial law). These data will then be deleted after the legal retention period has expired.

Note:

Please note that this is a third-party application. Personal data of the participant will be passed on to this third party for the purpose of implementing the training offer.

 

15. MS-Teams

 

Data collected:

MS-Teams belongs to the family of Microsoft 365 applications.
Teams enforces cross-team and organization-wide logins via Azure Active Directory. Data transfer is exclusively encrypted (in-transit) and when the data is stored, it is automatically encrypted (at-rest). As the files are stored in SharePoint, the encryption is carried out using the appropriate SharePoint mechanism.
The following personal data is processed:

  • IP address
  • Personal Email
  • First name/ last name
  • Sound and video recordings

Purposes of the data processing:

For selected products we use MS-Teams to run topic-related webinars.

Legal basis:

The legal basis constitutes the fulfilment of the contract in the sense of Art. 6 Par. 1 lit. b. DSGVO).

Storage duration and control options:

Teams divide the data, which are generated in a team, between different services:

  • Group conversations (which are displayed in Outlook via Exchange Online) and the group calendar are forwarded in Exchange Online.
  • Meetings that are created are forwarded to Exchange Online.
  • The chat in a team is stored on the Skype for Business servers.
  • Meeting recordings are transferred to Microsoft streams, which means that they are stored in Microsoft Azure.
  • Documents and the SharePoint Wiki end up in the site collection in SharePoint.
  • File attachments in a chat and attachments to tasks from Planner are also transferred to SharePoint.

All data is subject to the deletion guidelines of the corresponding services.
As an administrator, you can set up retention policies for teams for chat and channel messages and proactively determine whether the data should be retained, deleted or retained for a certain period of time and then deleted.

Third country transfer:

The provision of the contractually agreed data processing takes place exclusively in a member state of the European Union or in another state party to the Agreement on the European Economic Area. In the context of maintenance and support measures, data may theoretically also be transferred to the third country USA. In order to be able to guarantee adequate protection of your data in these cases as well, we have obligated Microsoft to maintain a level of data protection that complies with EU law by using the corresponding EU standard contract clauses.

 

16. BeRealtimeBoard, Inc. dba Miro

 

Collected data:

MIRO is an online collaboration whiteboard platform.

The following data is collected:

  • First name and surname
  • E-mail addresses
  • IP address
  • browsing time

Purposes of the data processing:

We process this data in order to fulfil the contractual services for you by using an online whiteboard.

Legal basis:

We process your data for the purpose of fulfilling the contract in accordance with Art. 6 Para. 1 letter B DSGVO.

Storage duration and control options:

MIRO deletes your personal data immediately after the end of a session. MIRO stores pbD only as long as it is necessary to fulfill the intended purposes.

Note:

Please note that this is a third-party application. Personal data of the participant will be passed on to this third party for the purpose of implementing the training offer.

 

17. Celemi:

Data collected:

AgileMove, Digital Apples & Oranges, Exploring is a platform-based transformational business and behavioral simulation exercise by Celemi.

The following personal data may be collected:

  • IP Address
  • Browsing Time
  • Username
  • Password (if any)
  • Language used

Purposes of data processing:

We process this data in order to fulfill the contractual services for you through the use of one of the simulation exercises.

Legal basis:

We process your data to fulfill the contract according to Art 6 (1) lit. B DSGVO.

Storage period:

Your personal data will only be stored for as long as necessary to fulfill the purposes pursued.

Third Party Transfer:

Some services of Celemi are hosted on Digital Ocean LLC 101 Avenue of the Americas New York, NY 10013, US. In the course of support activities, a data transfer to the USA is not foreseen but also cannot be excluded. In order to be able to guarantee adequate protection of your data for these cases as well, Celemi has obliged Digital Ocean to comply with a level of data protection corresponding to EU law using the relevant EU standard contractual clauses.

Notice:

Please note that this is a third-party application. Personal data of the participant will be passed on to this third party for the purpose of implementing the further training offer. All necessary contracts according to Art. 28 (3) DS-GVO have been concluded with the third-party provider.

 

18. blink.it GmbH & Co. KG

Is an application for designing digital learning content and online courses.

Collected data:

The following personal data is processed:

  • IP address
  • Personal Email
  • First name/ last name
  • Contact details
  • Browsing Time

Purposes of data processing:

We use blink.it for selected products in order to enable a high degree of interactive exchange between the participants on a topic-related basis.

Legal basis:

The legal basis represents the fulfillment of the contract within the meaning of Article 6 paragraph 1 lit. b. DSGVO).

Storage duration and control options:

Your data will be deleted by blink.it after 6 months after the end of the event. They remain in the trash for 7 days and are then irretrievably removed from the platform. In the application, they remain stored for another 30 days for possible recovery and are then also irretrievably deleted completely.

Third country transfer:

The software application, server and operating software and other System components of the blink.it App are stored in a third-party data center (Amazon Web Services, Inc. (AWS)). The data is stored and processed on German territory. AWS Region for the processing of all data provided by the customer transmitted data is exclusively Frankfurt/Main. In the course of support activities a data transfer to the USA is not planned but cannot be excluded. In order to be able to guarantee adequate protection of your data in these cases as well, AWS has committed itself to maintaining a level of data protection in line with EU law by using the corresponding EU standard contract clauses.

Note:

Please note that this is a third-party application. Personal data of the participant will be passed on to this third party for the purpose of implementing the training offer.

 

19. Actee/ ActeeChange:

 

Simulated learning games and tools for organizational and leadership development training, change communication, and change processes.

Data collected:

The following personal data is processed:

  • IP address
  • Personal mail address
  • First name/ Last name
  • Contact details
  • Account number/password

Data Processing Purposes:

We use ActeeChange on selected products to use learning games on change management/leadership development.

Legal basis:

The legal basis represents the performance of the contract in the sense of Art. 6 para. 1 lit. b. DSGVO.

Storage period and control options:

Deletion of personal data immediately after the purpose ceases to apply.

Note:

Please note that this is a third-party application. Personal data of the participant will be passed on to this third party for the purpose of implementing the training offer.

 

20. TriCAT Ltd.

Data collected:

Virtual 3D learning and working environment platform, 3D Academy & Classroom, to conduct meetings, trainings or coaching sessions in dedicated virtual rooms.

The following personal data is processed when you log in to Tricat's platform:

  • IP address, browsing time, cookie information.
  • Personal email
  • First name/ last name
  • Sound and video recordings

For more information, please visit: https://www.tricat.net/datenschutzerklarung/

Data processing purposes:

We use TriCAT for selected products to play out topic-related webinars.

Legal basis:

The legal basis represents the performance of the contract in the sense of Art. 6 para. 1 lit. b. DSGVO.

Storage period and control options:

All personal data that can be deleted directly after the session is manually removed from the platform. TriCAT itself deletes all chats after session end, session documents are deleted after 8 weeks.

Third Party Transfers:

TriCAT is hosted on Amazon Web Services (AWS). In the course of support activities, data transfer to the USA is not planned, but also cannot be ruled out. In order to be able to guarantee adequate protection of your data for these cases as well, TriCAT AWS has committed itself to compliance with a level of data protection corresponding to EU law using the relevant EU standard contractual clauses.

Notice:

Please note that this is a third-party application. Personal data of the participant will be passed on to this third party for the purpose of implementing the training offer. All required contracts according to Art. 28 (3) DS-GVO have been concluded with the third party provider.


21. Zoom Video Communication:

Collected Data:

Zoom Meetings is a service that allows users to participate in online video conferences through a desktop or smartphone app, via a web interface, by phone, or through a conference room system.

The following personal data is processed:

  • IP address
  • Personal email
  • First name/ last name
  • Audio and video recordings

For more information, please visit: https://zoomgov.com/de-de/privacy.html

Data processing purposes:

We use Zoom on selected products to play out themed webinars.

Legal basis:

The legal basis represents the fulfillment of a contract within the meaning of Art. 6 para. 1 lit. b. DSGVO).

Storage period and control options:

Zoom stores collected personal data for as long as necessary for the purposes stated by zoom, unless a longer retention period exists by law. The criteria subject to the provisions of the retention periods include:

  • The period of time for which an ongoing business relationship is maintained with them and for which zoom's services are provided to them (e.g., as long as you have an account with zoom or use zoom's services).
  • A legal obligation to retain the data (e.g., certain laws require that records of your transactions be kept for a certain period of time before they can be deleted); or
  • A legal requirement to retain the data (e.g., in connection with applicable statutes of limitations, litigation, or government investigations).

You yourself as a customer may delete your own accounts.

Third Party Transfers:

For users located in the European Economic Area (EEA) and personal data is transferred outside the EEA, zoom will ensure:

  • process them in an area that has been determined by the European Commission to provide an adequate level of protection for personal data; or
  • to have implemented appropriate safeguards to protect the personal data. This includes transfer in accordance with the applicable transfer mechanisms, the European Commission's standard contractual clause.
  • In the context of maintenance and support measures, there may theoretically also be transfers of data to the third country USA. In order to be able to guarantee adequate protection of the data in these cases as well, zoom has undertaken to comply with a level of data protection corresponding to EU law using the relevant EU standard contractual clauses.

 

22. Prokada Ltd.

Data collected:

The following personal data are processed:

  • Name,
  • first name,
  • E-mail address,
  • IP address.

Purposes of data processing:

Provision of virtual desktops for IT training.

Legal basis:

The legal basis is the performance of the contract in the sense of Art. 6 para. 1 lit. b. DSGVO).

Storage period and control options:

When leaving the virtual desktop, all personal data/data is deleted. No log data is retained.

Notice:

Please note that this is a third-party application. Personal data of the participant is passed on to this provider for the purpose of implementing the training offer.

 

23. Plazz AG/ Mobile Event App

Collected data:

The Mobile Event App of plazz AG supports you in planning and organizing congress visits.

The following personal data is processed if you decide to use the Mobile Event App:

  • IP Address
  • Browsing Time
  • Personal Email
  • First name/last name

For more information, please visit:

https://mobile-event-app.com/wp-content/uploads/2019/03/Datenschutzerkla%CC%88rungPlazz-2019-1.pdf

Data processing purposes:

You can use the Mobile Event App with selected products to be virtually accompanied at selected congresses.

Legal basis:

The legal basis represents the performance of the contract within the meaning of Art. 6 para. 1 lit. b. DSGVO).

Storage period and control options:

plazz AG deletes all personal data three months after the purpose ceases to apply.

Third country transfer:

None

Notice:

Please note that this is an application of a third-party provider. Personal data of the participant will be passed on to this provider for the purpose of implementing the training offer.

All necessary contracts according to Art. 28 (3) DS-GVO have been concluded with the third party provider.

 

24. Eudemos GmbH & Co. KG

Data collected:

The following personal data is processed:

  • Name,
  • first name,
  • mail address,
  • IP address,
  • organizational unit (optional).

Purposes of data processing:

We use the services of our partner to conduct employee:internal risk and health surveys as well as 360-degree feedback, data analytics, results reporting and the provision of a digital working environment for the delivery of survey results (reports) to Haufe customers.

Legal Basis:

The legal basis represents the performance of the contract within the meaning of Art. 6 para. 1 lit. b. DSGVO).

Storage period and control options:

Directly after project completion on instruction.

Third-party transfer:

Eudemos uses servers and operating software as well as other system components to provide the surveys and reports from a third-party data center (Amazon Web Services, Inc. (AWS)). The data is stored and processed on federal territory. AWS region for the processing of all data transmitted by the customer
transmitted data is exclusively Frankfurt/Main.

For the surveys with the participants themselves, a data center of Azur 0365 in Ireland is used.
In the course of support activities, data transfer to the USA is not planned but also cannot be ruled out. In order to be able to guarantee adequate protection of your data for these cases as well, AWS has committed itself to compliance with a level of data protection corresponding to EU law using the relevant EU standard contractual clauses.

Notice:

Please note that this is a third-party application. Personal data of the participant will be passed on to this third party for the purpose of implementing the training offer.

25. Mielke Company - Mielke Platform

Data collected:

The following personal data are processed:

  • Name,
  • first name,
  • mail address,
  • IP address,
  • organizational unit (optional).

Purposes of data processing:

We use the services of our partner for the implementation and monitoring of GPM/IPMA courses of employees:inside. Furthermore for experience-oriented competence development with practical benefits. Agile approaches, project management with IPMA Level D certificate, project management with university certificate, project management, social skills.

Legal basis:

The legal basis represents the fulfillment of the contract in the sense of Art. 6 para. 1 lit. b. DSGVO).

Storage period and control options:

Directly after project completion on instruction.

Third country transfer:

No third country reference.

Notice:

Please note that this is an application of a third-party provider. Personal data of the participant will be passed on to this provider for the purpose of implementing the training offer.

26. Techcast – Conferenz-Platform

Data collected:

The following personal data is processed:

  • IP Address,
  • Browsing Time,
  • Potential Cookies.

Data processing purposes:

Techcast is used to broadcast online annual meetings.

Legal basis:

The legal basis is the performance of the contract in the sense of Art. 6 para. 1 lit. b. DSGVO).

Storage period and control options:

No storage, data is lost directly after the end of the purpose.

Third country transfer:

No third country reference.

Notice:

Please note that this is an application of a third-party provider. Personal data of the participant will be passed on to this provider for the purpose of implementing the training offer.

 

IV. What data is processed when you contact us, order a newsletter, open a user account and purchase online products and services?

We wish to inform you below about the data which is collected and processed should you contact us, order a newsletter, open an account or purchase online products. We would also like to inform you as to what purpose and by whom they are handled, on which legal basis data processing takes place and when the data is deleted.

 

A. Collected data:

 

If you book a seminar, subscribe to a newsletter or register yourself on our website, we will create a user account (learning environment) for you. We process the following data:

  • Name
  • Salutation
  • Title
  • Company address
  • Phone number (landline/mobile)
  • E-mail address
  • Customer number
  • Reference histories
  • Other data you provide in the optional fields.

Purposes of the data processing

We process your data to provide you with the user account " Learning environment" and the functions of the shop. In your learning environment you will find, for example, the documents for the products you have booked.

We will use your mobile or landline number to inform you via SMS about any changes to your booked seminar.

Legal basis:

We process your data for processing the contract according to Art. 6 I b DSGVO, when registering a newsletter based on your consent according to Art. 6 a) DSGVO.

Storage period and control options:

We store your data for as long as we need it for the specific processing purpose, for warranty purposes or to comply with statutory retention periods.

Transfer to third countries:

The data is generally processed in European computer centres. In the context of maintenance and support measures, data may also be transferred to the third country USA. In order to be able to guarantee adequate protection of your data in these cases as well, we have obligated Amazon Web Services to comply with a level of data protection in accordance with EU law using the corresponding EU standard contract clauses.

 

B. Making contact

 

Data collected:

We collect and process the information you provide us with, such as your contact details, your name and your request when you contact us through a contact form or by e-mail. All data you submit to us is encrypted.

Purposes of data processing:

Data processing is carried out by our customer service or service providers commissioned by us exclusively on the basis of processing your enquiry.

Legal basis:

We process your data for the implementation of pre-contractual and contractual measures, which are based on your request (Article 6, paragraph 1 b GDPR)

Duration of storage:

We use the service provider salesforce.com (salesforce.com EMEA Limited, Company No. 05094083, registered in England; Floor 26 Salesforce Tower, 110 Bishopsgate, EC2N 4AY London; UK) to manage your data.

The contractually agreed data processing is performed exclusively in a member state of the European Union (high-security computer centre in Frankfurt am Main) or in another state party to the Agreement on the European Economic Area. Within the scope of maintenance and support measures, data may theoretically also be transferred to the third country USA. In order to be able to guarantee adequate protection of your data in these cases as well, we have obligated service providers headquartered outside the European Union and without the basis of an adequacy finding, using the corresponding EU standard contractual clauses, to comply with a level of data protection that complies with EU law.

B. 1 Avedo II GmbH

Data collected:

We pass the data you provide to us to our service provider for master data maintenance, questions about registration, booking of shopping carts to Avedo II GmbH.

Purpose of data processing:

We use the services of Avedo II GmbH, Ströer Dialog Group GmbH, Wilhelm-Becker-Str. 11a, 75179 Pforzheim for master data maintenance, questions about registration, booking of shopping carts and in other areas for customer support.

Legal basis:

The legal basis represents the fulfillment of the contract within the meaning of Art. 6 para. 1 lit. b. DSGVO.

Storage period:

Your personal data will be stored as long as you enter into contractual relationships with us. If your account is inactive for five years, your account will be deleted automatically. In customer support cases, no personal data is stored.

 

 

C. Seminar registration

 

Data collected:

We collect and process data provided by you in the course of seminar registration, for example your contact details, such as your name and address as well as information pertaining to the booked course subject, location, period and, if applicable, other circumstances of the respective seminar.

Purposes of data processing:

We process your data in order to be able to provide you with the corresponding seminar. We keep lists of participants when you register for a seminar. These contain your name, first name, if necessary your telephone number for inquiries and e-mail address. The lists of participants will be made available to the corresponding supervisors on site and the corresponding trainers. We also use your data to send you promotional offers for similar seminars and products in the future.

Legal basis:

We process your data in order to fulfil our contractual obligation towards you (Art. 6 para. 1 (b) GDPR). In addition, we process your data on the basis of legitimate interest (Art. 6 para. 1 (f) GDPR) in order to be able to submit similar interesting offers to you in the future.

Storage duration:

We store your data for as long as required for the specific processing purpose, to ensure compliance with statutory retention periods.

 

D. Customer surveys

 

Data collected:

For the purpose of online surveys, we use the services of the provider Netigate Deutschland GmbH, Untermainkai 27-28, 60329 Frankfurt am Main, Germany. Netigate processes on our behalf the information provided by users solely for the purpose of surveys. If personal data is requested, such as names or e-mail addresses, then these are made anonymous, as is the IP address of the user. If further such personal data is requested during a survey (e.g. name, address, company etc.) then we specifically point out during the survey that entering this information for statistical purposes is entirely voluntary on behalf of the user.

Purposes of data processing:

We use Netigate for the appropriate design and optimization of our websites.

Legal basis:

Netigate is used when you complete an according questionnaire. When submitting your answers, you give your consent.

Duration of storage:

Surveys containing personal data are deleted automatically after a period of 6 months.

 

D. 1 Feedback Management

Data collected:

In the case of our products, it is possible to provide feedback downstream. In the context of these surveys, we process your information and answers in anonymous form. We process your personal data if you explicitly agree to the use of this data. We use and collect the following data in the process:

  • Company (optional)
  • Name (optional)
  • E-mail address (optional)
  • Telephone number (optional)

We use online services of Haufe Lexware GmbH und Co. KG and Microsoft Corporation to conduct the feedbacks.

Purposes of processing:

We need and use your feedback primarily to continuously develop and improve our products. In addition, we use your data for advertising purposes, provided you have given us your consent to do so.

Legal basis:

We process the data on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO.

Storage period and control options:

The feedback data will be deleted by us after 3 years at the latest.

 

D. 2 Mentimeter

Collected Data:

"Mentimeter" is a voting, brainstorming tool and offers a variety of interactive possibilities. The application can be used to create multimedia collections of material, for example in the form of a word cloud, without much effort. Surveys can be created with the application and people with a corresponding link or QR code to it can vote and give feedback. For more information on data protection, data processed by Mentimeter, please visit: https://www.mentimeter.com/privacy

Purpose of data processing:

We use the tool to interactively engage our customers.

Legal basis:

The use of Mentimeter by customers is voluntary. Mentimeter thereby acts as an independent responsible party (https://www.mentimeter.com/dpa-statement). In doing so, the customer agrees to the applicable terms of use of Menimeter https://mentimeter.com/terms.

Storage period and control option:

These result from the general terms of use and data protection of the provider.

https://mentimeter.com/terms

https://www.mentimeter.com/privacy

Third Party Transfer:

Mentimeter is hosted on Amazon Web Services (AWS). In the course of support activities, a data transfer to the USA is not foreseen, but also cannot be excluded. In order to be able to guarantee adequate protection of your data in these cases as well, Mentimeter AWS has committed itself to compliance with a level of data protection corresponding to EU law using the relevant EU standard contractual clauses.

 

Sli.do:

Collected data:

We use the survey solution provided by Sli.do s.r.o., Vajnorská 100/A, 831 04 Bratislava, Slovakia (European Union). Slido is used on the website as a processor for the purpose of surveys during a live event. In this process, data on the use of the service is collected.

Purposes of processing:

With the help of this tool, participants of the live event can actively participate in the event.

Legal basis:

We use Slido if you have consented to it. We obtain your consent when using the service via the cookie banner, Art. 6 (1) lit. a DSGVO.

Storage period and control options:

The data is stored by Slido for a maximum period of 3 years. You can prevent the collection and processing of data by disabling the setting of cookies. This may limit the functionality of the websites under certain circumstances. You can deactivate cross-device tracking under the following link.

For more information on Slido's analytics services, please visit Slido's website.

Third Party Transfers:

Slido is hosted on Amazon Web Services (AWS). In the course of support activities, data transfer to the USA is not foreseen but also cannot be excluded. In order to be able to guarantee adequate protection of your data in these cases as well, Slido AWS has committed itself to compliance with a level of data protection corresponding to EU law using the relevant EU standard contractual clauses.

 

E. Newsletter

 

Data collected:

We collect and process the information you provide, such as your name and e-mail address, when you subscribe to our newsletter.

Newsletters containing Eloqua technologies use tracking technologies. These technologies are used to collect data on whether our emails are opened and which links you click on.

Purposes of data processing:

We process the data in order to send you the newsletter.

We use the data collected through Eloqua to find out which topics are of interest to you. We then use this information to improve the e-mails we send you and the services we provide as well as connecting them to existing tracking or profiling information.

Legal basis:

After registering for a topical newsletter, we process your data with your consent to inform you via electronic mail about the selected topics and also to advertise them. We work according to the double-opt-in principle, i.e. if you order a topical newsletter on our website, we will send you a confirmation e-mail with a registration link. It is only once you have clicked on this link that you are registered on our newsletter list.

We use Eloqua only with your consent.

If we have received your e-mail address in conjunction with the sale of a product, we use it to provide you with information on similar products on the basis of legitimate interests (Article 6 f GDPR). Our legitimate interest lies in advertising our products and services directly to you.

Duration of storage:

We store your data for as long as we need it for its specific purpose.

 

F. Raffles, free catalogues, magazines and trade fair tickets

 

Data collected:

If you take part in one of our prize raffles or request our free catalogues, magazines or trade fair tickets from us, we collect and process the data provided by you via our online contact forms provided for this purpose, such as your name and address datails.

Purpose of Data Processing:

We process the data provided by you in order to allocate the prize to the respective raffle and to be able to send you the prize or the requested free catalogue, magazine or trade fair ticket. If you participate in competitions on our social media channels, such as Facebook, Instagram or LinkedIn, your data may also be processed there. If necessary, we will use your data to send you offers in line with your interests.

Legal basis:

We process your data on the basis of legitimate interest (Art. 6 para. 1 (f) GDPR) or because you have consented to the corresponding processing of your data (Art. 6 para. 1 (a) GDPR).

Duration of storage:

We store your data for as long as required with respect to the specific processing purpose.

V. What rights do you have and how can you use them?

A. Revocation of consent

You may revoke any consent given for the processing of your personal data at any time with effect for the future. Please note that the revocation does not affect the legality of previous data processing and that it does not extend to such data processing, for which there is a legal reason for permission and which, therefore, can be processed without your consent.

 

B. Further rights for the party concerned

According to Articles 15 to 21 and 77 of the EU General Data Protection Regulation (GDPR) and, if legal prerequisites are met, you are entitled to the following:

Disclosure:

You may at any time demand that we disclose to you the personal data belonging to you that we handle as well as how it is processed and request that we provide you with a copy of the personal data stored (Article 15 GDPR).

Correction:

You may demand the correction of incorrect personal data and completion of incomplete personal data (Article 16 GDPR).

Deletion:

Regarding deletion of your personal data: Please note, that excluded from deletion is any data that we require for processing and fulfilling contracts, for the assertion, exercise and defense of legal claims and data for which statutory, regulatory or contractual retention requirements exist (Article 17 GDPR).

Restriction of use:

Under certain circumstances you may demand that we limit the processing of data, for example, if you are of the opinion that your data is incorrect, if processing it is illegal or you have filed an objection to the further processing of your data. This means that without your consent, your data may be processed only to a very limited extent, e.g. for the assertion, exercise and defense of legal claims or for the protection of the rights of other natural and legal persons (Article 18 GDPR).

Objection to processing of data:

You have the option at any time to object to the use of data for direct marketing purposes. In addition, if you have special reasons, you may at any time object to the data processing that takes place on the basis of a legitimate interest (Article 21 GDPR).

Data portability:

You have the right to receive a copy of any data you have provided to us and that we handle on the basis of your consent or to fulfil the contract. This is provided in a standard, machine-readable format and, as long as it is technically feasible, you may request direct transmission of this data to third parties (Article 20 GDPR).

C. Contact methods

You can exercise your rights through the following contact channels:

Haufe Group
Mr. Raik Mickler
Data Protection Officer
Munzinger Strasse 9
79115 Freiburg - Germany
E-Mail: dsb@haufe-lexware.com

You may withdraw your consent for the processing of data using cookies and tracking technologies via the appropriate settings in your browser or via the opt-out possibilities described in detail in section II C.

You may withdraw your consent for receiving newsletters at any time by clicking on the corresponding link in each newsletter.

D. Right of complaint to a regulatory authority

If, for example, you are of the opinion that our handling of data is unlawful or that we have not granted you your rights as described above to the necessary extent then you have the right to lodge a complaint with the responsible data protection regulatory body.

Version: May, 9th 2022