Privacy notice

Thank you for visiting the Haufe Group website and for your interest in our range of services. The protection of your personal data is very important to us. With this data protection declaration, we would like to inform you about the handling of your personal data when visiting our websites and booking specific services and about your rights.

I. Who are we and how can you get in touch with us?

We, the

Haufe Service Center GmbH
A company of the Haufe Group
Munzinger Strasse 9
79111 Freiburg, Germany
E-Mail: service@haufe.de

is the body responsible for the protection of your data. Our data protection officer Raik Mickler will be happy to assist you. Should you have questions about data handling, your rights or about the privacy policy. You can contact him at dsb@haufe-lexware.com.

II. What data are processed in our online presences?

We wish to inform you here about the data collected during your visit at our online presences, for which purposes they are processed, on what legal basis the handling of your data takes place, what options you yourself have in controlling the collection and handling of the data and when data will be deleted.

 

A. Log-Files

 

Data collected

Upon visiting our websites, the following data is automatically transmitted by your browser:

  • your IP address
  • the website from which you are forwarded
  • websites, which you visit via our pages
  • the pages you look at as well as
  • what time you look at them
  • the name of your internet service provider
  • your browser type and its version
  • the operating system of your device
  • the date and duration of your visit.

Purposes of data processing:

The temporary storage of this data is necessary to enable delivery of the website to your computer and to ensure the functionality of the website. With the help of this data, we also gain statistical knowledge about how our websites are used. In addition, we collect the data in order to be able to track and prevent prohibited access to the web server, the misuse of the web pages and for ensuring the security of our information technology systems.

Legal basis:

We store this data temporarily on the basis of legitimate interests (Article 6, paragraph 1 f GDPR). Our legitimate interest lies in achieving the purposes described above.

Duration of storage and control options:

Data is deleted if it is no longer required for fulfilling its purpose. Log files are deleted at the latest after 90 days.

 

B. General information about cookies and targeting technologies

 

Data collected

When visiting our websites, so-called cookies are set. These are small text files, which are stored on your device. As a rule, cookies are assembled using a sequence of characters, the so-called cookie ID, with which your browser can be identified when calling up our websites again.

In addition, we use small elements of code, so-called tags, which we use to measure the behavior of our users and the success of advertising activities.

Depending on the type of cookies or tags various data is collected and then pseudonymized.

We use both our own cookies as well as cookies from other providers (third-party cookies). These third-party cookies are described below in section II C.

Purposes of data processing:

Technically necessary cookies enable the technical functionality of the website. Some features of our websites cannot be made available without the use of cookies.

Functionality cookies are designed to make our websites more user-friendly and to provide certain functionalities, such as cross-site shopping cart viewing, displaying the number of items in your shopping cart and how to save your credentials, so you can re-access them when returning to one of our websites.

Analysis cookies and tags enable us to generate aggregated statistics, such as the number of views, which areas of the web pages are most frequently viewed as well as location and the average duration of site visits. This allows us to improve the quality of our websites and content.

Advertising cookies and re-targeting technologies enable us to individually adapt the offers and the information we display. This will allow us to make our websites more interesting and to engage you on other websites with personalized, interest-based advertising.

Legal basis:

We use technically necessary cookies and functionality cookies on the basis of legitimate interests (Article 6, paragraph 1 f GDPR). Our legitimate interest lies in ensuring the functioning of our websites and their optimal usability.

We use analysis cookies and advertising cookies as well as tags and re targeting technologies based on legitimate interests (Article 6, paragraph 1 f GDPR, recital 47). Our legitimate interest lies in optimally tailoring our websites to the interests of our customers.

 

Duration of storage and control options:

Some of the cookies we use are automatically deleted after closing the browser (so-called session cookies). Others remain permanently on your device and allow us to recognize your browser (so-called persistent cookies).

You have full control over the use of cookies and can delete cookies in your browser, disable the storage of cookies altogether or select to accept certain cookies. Please use the help function of your browser to find out how to change these settings. This may limit the functionality of our websites.

 

C. Third-party cookie and tracking technologies

Necessary cookies (essential)

Usercentrics Consent Management Platform

Data Collected:

We use the consent management service Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany ("Usercentrics"). Usercentrics is used on the website as a processor for the purpose of consent management. The following data is collected: opt-in and opt-out data, referrer URL, user agent, user settings, consent ID, time of consent, consent type, template version, banner language.

Data Processing Purposes:

We use Usercentrics to comply with legal obligations of consent retention.

Legal basis:

We use Usercentrics to comply with our legal obligation, Art. 6 para. 1 p. 1 lit. c DSGVO.

Storage period and control options:

The consent data (consent and revocation of consent) is stored for three years. The data will then be deleted immediately. For more information, please see the Usercentrics privacy policy.

 

Wordpress

Data collected:

With respect to certain websites we use the Open-Source content management system "Wordpress", as well as plugins. Plugins are function-related extensions of the "Wordpress" software. The use of these plugins may result in the processing of personal data, such as the IP address of your connection.

Partially, some third-party cookie and tracking technologies are utilised. Here the above and II B. stated principles shall apply without restrictions.

Purposes of data processing:

We use plugins in particular for the following purposes:

  • For the protection against abusive comments ("Spam")
  • To find faulty links
  • To improve the loading speed of our mobile websites
  • Insofar as plug-ins are used for cookie and tracking technologies from third parties, the statement of purposes given under B. shall apply.

Legal basis:

We deploy Wordpress and the plugins used in each case based on legitimate interest. Our legitimate interest is to achieve the purposes stated above.

We use third-party cookie and tracking technologies for plug-ins, provided you have consented to them. You may withdraw your consent at any time in accordance with the procedures described above.

Storage time and control options:

We store your data for as long as we need it for the specific processing purpose.

You can prevent the collection and processing of data by social networks by adjusting your browser settings accordingly.

If you do not want social networks to match the data collected through our websites directly with your user profile, you must log out before visiting our websites.

Transfers to third countries:

We deploy, among others, the service provider Salesforce.com (salesforce.com EMEA Limited, Company No. 05094083, registered in England; Floor 26 Salesforce Tower, 110 Bishopsgate, EC2N 4AY London; UK) for the administration of your data.

In principle Data is processed in European data centres, data may also be transmitted to third countries such as the USA whilst undertaking maintenance and support measures. In order to ensure that your data is adequately protected in such cases, we have obligated the service provider Salesforce Inc. to adhere to a data protection level that complies with EU law, using the corresponding EU standard contractual clauses for the transfer of personal data to processors established in third countries.

 

Better Usability (statistics)

Econda:

 

Data collected:

We use solutions and technologies of econda GmbH, Eisenlohrstraße 43, 76135 Karlsruhe, Germany ("Econda"). Econda uses cookies to create cross-site pseudonymized user profiles. Data is collected, which allows the recognition of your browser. Your IP address is blurred immediately upon receipt to prevent any direct association with user profiles.

Purposes of data processing:

We use Econda for the appropriate design and optimization of our websites.

Legal basis:

We use Econda if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

Econda stores this data and it is deleted on a regular basis.

You can prevent the collection and handling of data by Econda by setting it accordingly in your browser or via this .

 

Google:

 

Data collected:

Google Analytics: Our websites use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies on your device that allow us to evaluate your use of our websites. Google collects, for example, data to uniquely identify your browser, information about when and how often you visited our websites, how long you have been on our websites, and how you interacted with our websites (more information can be found here [https://policies.google.com/technologies/types?hl=en]).

We have augmented Google Analytics with the code "get._anonymizeIP();". This results in Google shortening your IP address and enabling anonymous evaluation. The shortening of IP addresses takes place within the EU or the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US to be shortened there. The IP address sent to Google Analytics will not be merged with other Google data. The data determined with the help of cookies is usually transmitted to and stored on a Google server in the USA. Compliance with data protection standards and your rights is ensured through certification by Google under the EU-US Privacy Shield. Google only transmits data to third parties as long as consent has been given, it is required for legal reasons or third parties process this data on behalf of Google.

Google Tag Manager: The Google Tag Manager helps us set and manage tags. Your data is not collected and stored by this service.

Google Signals: In parts we also use the function Signals of Google Inc.’s. Google Signals recognizes single users across different devices (so called Cross Device Tracking). As a result we receive anonymized data in report form. The reports show patterns in user behavior.

The function is only activated, if you

  1. have a Google account,
  2. are logged in to this Google account while using the according Haufe Group websites,
  3. and have activated the option ‘Ads personalization’ in your Google account’s Ads Settings.

In case you do not want us to use Google Signals with your data you need to deactivate ‘Ads personalization’ in your Google Account.

Purposes of data processing:

Google Analytics: Google uses on our behalf the data collected through Google Analytics to evaluate the use of our websites, to compile reports on website activity and to provide other services related to website activity and internet usage.

Google Tag Manager: We use this service to create, display and manage tags on our website.

Google Signals: We are using the technology to recognize users across different devices. Thus we are able to present you interest based advertisements.

YouTube: We use YouTube to embed product videos on our websites.

Legal basis:

We use the described Google products if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

The data collected via the Google features is stored and then deleted on a regular basis.

You can prevent the storage of cookies via an appropriate setting in your browser.

You can also prevent Google from collecting and processing data by downloading and installing the browser add-on, which is available via the following link [https://tools.google.com/dlpage/gaoptout?hl=en].

For more information, see the Google Privacy Policy. https://policies.google.com/privacy?hl=en&gl=de].

 

INFOnline:

 

Data collected:

Our website uses the measuring method ("SZMnG") from INFOnline GmbH (https://www.INFOnline.de) to determine statistical indicators on the use of our offers. The aim of this measurement is to statistically determine the number of visits to our website, the number of website visitors and their surfing behavior - based on a uniform standard procedure - and thus to obtain comparable values ​​across the market. For all digital offers, which are members of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW – http://www.ivw.eu) or participate in the studies of the Arbeitsgemeinschaft Online-Forschung e.V. (AGOF - http://www.agof.de), user statistics on range of coverage are regularly processed by the GOF and the Arbeitsgemeinschaft Media-Analyse e.V. (agma - http://www.agma-mmc.de) and published as a number of „Unique Users“ and by the IVW with the number of “Page Impressions” and “Visits”. These ranges and statistics can be viewed on the respective websites.

 

1. Legal basis for processing


Measurement by means of the SZMnG measuring method from INFOnline GmbH is carried out with legitimate interest in accordance with article 6, paragraph 1, recital f) GDPR. The purpose of the processing of personal data is the production of statistics and the creation of user categories. The statistics are used to understand and prove the use of our offer. The user categories form the basis for an interest-oriented alignment of advertising material and advertising measures. A usage measurement, which ensures comparability with other market participants, is essential for the marketing of this website. Our legitimate interest stems from the economic usability of the findings resulting from the statistics and user categories as well as the market value of our website - also in direct comparison with website of other parties - which can be determined from the statistics. In addition, we have a legitimate interest in making the anonymized data of INFOnline, AGOF and IVW available for the purposes of market research (AGOF, agma) and for statistical purposes (INFOnline, IVW). Furthermore, we have a legitimate interest in providing the anonymized data of INFOnline for the further development and provision of advertising material in accordance with visitor’s interests.

2. Typ of data

INFOnline GmbH collects the following data, which, according to EU-GDPR, contains the following personal details:

  • IP address: Each device for transmitting data on the internet requires a unique address, the so-called IP address. The temporary storage of the IP address is technically necessary due to way in which the internet works. The IP addresses are shortened by 1 byte before any processing and are only used anonymously. There is no storage or further processing of the non-shortened IP addresses.
  • A randomly generated client identifier: range of coverage processing alternatively uses either a cookie with the identifier "ioam.com", a "Local Storage Object" or a signature created from various automatically transmitted information from your browser to recognize computer systems. This identifier is unique to a browser as long as the cookie or Local Storage Object is not deleted. A measurement of the data and subsequent assignment to the respective Client Identifier is therefore also possible if you access further websites, which also use the measuring method ("SZMnG") from INFOnline GmbH. The validity of the cookie is limited to a maximum of 1 year.

3. Use of data

 

The measurement procedure of INFOnline GmbH, which is used on this website, determines usage data. This is done to collect the performance values ​​of page impressions, visits and clients and to determine further key indicators (e.g. qualified clients). In addition, the measured data is used as follows:
· A so-called geo-localization, i.e. the assignment of a website visit to the location of that visit, takes place exclusively on the basis of the anonymized IP address and only on federal state / regional level. There is no possibility to draw conclusions as to the precise location of the user based upon the data provided.
· The usage data of a technical client (e.g. a browser on a device) is merged across web pages and stored in a database.
This information is used to estimate social- demographic data (age and gender) and passed on to the service providers of AGOF for further range processing. As part of the AGOF study, social characteristics are estimated on the basis of a random sample and divided into the following categories: age, gender, nationality, occupation, marital status, size of household, household income, place of residence, internet usage, online interests, location of use, user type.

4. Duration of data storage

INFOnline GmbH does not store the complete IP address. The shortened IP address is stored for a maximum of 60 days. The usage data in connection with the unique identifier are stored for a maximum of 6 months.

5. Forwarding of data

The IP address as well as the shortened IP address are not forwarded to any other party. For the creation of the AGOF study, data with client identifiers is forwarded to the following service providers of the AGOF:
· Kantar Deutschland GmbH (https://www.tns-infratest.com/)
· Ankordata GmbH & Co. KG (http://www.ankordata.de/homepage/)
· Interrogare GmbH (https://www.interrogare.de/)

 

3Q SDN Video Hosting

 

Data collected:

We have integrated the SaaS 3Q SDN platform on our website to enable video content to be displayed. 3Q SDN is a platform for processing video material with all the attendant services. The operating company of 3Q SDN is 3Q GmbH, Kurfürstendamm 102 10711, Berlin.
3Q places a cookie on your browser. This provides 3Q with insights as to how extensively our video offering is used. The personal data transferred to 3Q generally consists of: IP address – time stamp – URL – user agent plus data necessary for recording statistics. The prevailing data protection provisions of 3Q can be obtained from
https://www.3qsdn.com/de/datenschutz_und_richtlinien.

Purposes of data processing:

The 3Q platform collects data on the use of the audio-visual content offered by the data controller . We use 3Q to supply you with our learning materials and thus to comply with our contractual fulfilment obligations.

Legal basis:

We use 3Q to provide your seminar content by video, as set out in our contract offer. Data is thus processed on the basis of the contract concluded between us, Art. 6 Para. 1 lit. b of the GDPR.

Storage period:

Your data is only stored for as long as is necessary to fulfil the purpose. In addition to this, you can prevent cookies from being placed on your browser by making the appropriate settings in your browser. We would point out to you, however, that this can lead to problems with displaying content and that you may not be able to avail yourself of all the functions available on our website.

 

Opinary

We embed a survey tool from Opinary GmbH, Engeldamm 62-64, 10179 Berlin ("Opinary") on our pages. Using this service allows us to create and display online surveys.

Data collected:

Through the Opinary plugin, the following information of your website visit is retrieved: Cookie IDs and IP address.

The collected data is provided to us by Opinary in a pseudonymized and aggregated form.

Data Processing Purposes

We use Opinary to conduct online surveys.

Legal basis:

We use Opinary if you have consented to it. We obtain your consent when you call up our websites via the cookie banner, Art. 6 (1) lit. a DSGVO.

Storage period and control options:

The data is stored for a maximum of one year and then deleted.

For more information on data processing by Opinary, please visit https://opinary.com/datenschutz/

Friendly CAPTCHA:

Data collected:

We use the Friendly CAPTCHA service for some forms. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.

Purposes of data processing:

We use this service to distinguish whether an entry in one of our web forms is made by a human or abusively automated/machine and thus to protect our technical systems. You can find more information on this at https://friendlycaptcha.com/legal/privacy-end-users/.

Legal basis for data processing:

We use Friendly CAPTCHA on the basis of legitimate interests (Art. 6 para. 1 f GDPR). Our legitimate interest lies in preventing the misuse of our forms and protecting our technical systems.

Storage duration and control options:

The data is deleted as soon as it is no longer required for the processing purposes.
You can prevent the storage of cookies by selecting the appropriate settings in your browser.

 

HIgh Quality Content (Functional)

Oracle:

Data Collected:

Eloqua: We use the service Eloqua from the supplier ORACLE Germany BV & Co. KG, Riesstrasse 25, 80992 Munich, Germany. Eloqua sets a permanent cookie on your browser on the respective registration website.

AddThis: We use the AddThis Plugin of Oracle America, Inc. ("Oracle"), 500 Oracle Parkway, Redwood Shores, CA 94065, USA. („AddThis“). When you launch a website using the AddThis plug-in, a cookie is set that pseudonymized data such as your IP address, surfing behavior, how often you use AddThis, and sends your location to Oracle in the United States. Oracle is certified under the EU-US Privacy Shield.

Purposes of data processing:

Eloqua: We use Eloqua to analyze the use of our web pages, so that we are able to continuously improve them.

AddThis: The plugin allows you to use and share interesting content from our websites.

Legal basis:

Eloqua: We use Eloqua if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

AddThis: We use AddThis if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

Eloqua: Eloqua stores this data and it is deleted on a regular basis. You can prevent the collection and processing of data by Eloqua via an appropriate setting in your browser or via this link [https://www.oracle.com/de/legal/privacy/privacy-choices.html].

For more information, see the Oracle Privacy Notice [https://www.oracle.com/de/legal/privacy/privacy-policy.html].

AddThis: AddThis stores your data and deletes it on a regular basis. You can prevent the collection and processing of data by AddThis via an appropriate setting in your browser or via this link [http://www.addthis.com/privacy/opt-out].

For more information, see the AddThis Privacy Notice [http://www.addthis.com/privacy].

PEGA:

Data collected:

We use solutions and technologies of Pegasystems Limited, 23 Forbury Road, Reading RG1 3JH, United Kingdom (PEGA). PEGA uses cookies to create cross-site pseudonymized user profiles. Data is collected, which allows the recognition of your browser. Your IP address is blurred immediately upon receipt to prevent any direct association with user profiles.
PEGA is used for the personalized product recommendation. The recording and playback takes place anonymously without personal reference.

Purposes of data processing:

We use PEGA for the appropriate design and optimization of our websites.

Legal basis:

We use PEGA if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

PEGA stores this data and it is deleted on a regular basis.

You can prevent the collection and handling of data by PEGA by setting it accordingly in your browser.

 

Quality Content (Marketing)

 

Facebook:

 

Facebook-Pixel and Facebook Custom Audience (Remarketing)

Data collected:

On our website we deploy the so-called "Facebook pixel" of the company "Facebook" (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). The Facebook pixel enables us to classify the visitors to our website into specific target groups in order to be able to display corresponding advertisements ("ads") on Facebook. The data collected (e.g. IP addresses, information about the web browser, the location of the website, buttons clicked, pixel IDs if applicable and other features) cannot be viewed by us, but can only be used within the scope of the display of certain advertisements. Within the scope of using the Facebook pixel code, so-called cookies are also used.

If you have a Facebook account and are signed in, your visit to this website will be associated with your Facebook user account.

We also partly utilise the remarketing function "Custom Audiences" of the company "Facebook". This enables users of the Site to display interest-based ads ("Facebook Ads") when visiting Facebook or other websites that also use this method. In this respect, we pursue your interest in displaying advertisements that correspond to your interests in order to make our website more appealing to you.

In order to exchange the respective data, your browser automatically establishes a direct connection with the Facebook server. We have no control over the extent and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website of our website or clicked on an advertisement from us. If you are registered with a "Facebook" service, "Facebook" may assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible for the provider to trace and store your IP address and other identification features.

Insofar as you have consented to this, we may forward your telephone number or e-mail address to "Facebook" in order to be able to display advertisements corresponding to your interests.

  • To find out how Facebook pixel is deployed for advertising campaigns, please visit https://www.facebook.com/business/learn/facebook-ads-pixel.
  • For more information about Facebook's privacy policy, please visit https://www.facebook.com/policy.php.
  • For more information about Facebook's data processing practices, please visit https://www.facebook.com/about/privacy.

Purposes of data processing:

We employ these functions in order to be able to provide you with advertising offers corresponding to your interests.

Legal basis:

We process your data on the basis that you have consented to this or that we have a legitimate interest in processing the data pursuant to Art. 6 para. 1, sentence 1 (a) and (f) GDPR.

Storage duration and control options:

We store your data as long as we require it for the respective purpose (display of interest-based advertising) or provided you have not objected to the storage of your data or revoked your consent.

  • The deactivation of the function "Facebook Custom Audiences" is possible [here link to opt-out] for logged in users at https://www.facebook.com/settings/?tab=ads#_.
  • You can adjust your ad settings in Facebook at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen if you are logged in to Facebook.

 

LinkedIn Insights Tag:

 

Data collected:

On this website we use the LinkedIn Insight Tag. The LinkedIn Insight Tag creates a LinkedIn "Browser Cookie", which collects the following data:
· IP address,
· time stamp,
· page Activities,
· demographic data from LinkedIn, if the user is an active LinkedIn user.

Purposes of data processing:

We process your data to rate campaigns and gather information about website visitors who may have reached us through our LinkedIn campaigns.

Legal basis:

We process your data because you have consented to this or because we have a legitimate interest in processing the data, Art. 6 para. 1 sentence 1 lit. a. and f EU-GDPR.

Storage duration and control options:

We save your data as long as we need them for the respective purpose (campaign evaluation), as long as you have not objected to the storage of your data or have revoked your consent.
The collected data is encrypted. More information can be found here. Here you will find the LinkedIn privacy policy, as well the LinkedIn Opt-Out.

Lead Forms:

If you submit a so-called lead form on the LinkedIn website, we process your personal data in order to be able to provide the information you have requested. Subject to your consent, we will transfer the information you enter in the lead form to our customer database (CRM system) and link it to any other information you provide, in order to provide you with future offers that suit your preferences.
If you have consented to this, you may revoke the relevant use of your data at any time.
You may revoke your consent at any time:
1. In respect of your LinkedIn data within 90 days click here;
2. In respect of the data stored at Haufe at any time by email to dsb@haufe-lexware.com

 

Microsoft:

 

Data collected:

Bing Universal Event Tracking: We use Bing Universal Event Tracking ("UET"), a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Should you access our web pages through advertisements on Bing ads then a cookie is placed on your computer. In addition, a UET tag is integrated on our websites. This is a code used to store pseudonymized data about the use of the website in connection with the cookie. In combination with the pseudonymized data through the cookie, the tag tracks what actions you carry out on our websites after having clicked on a Bing ad. The items recorded are, amongst others, the amount of time that has been spent on the website, which areas of the website were accessed and via which advertisement you arrived at the website. In addition, Microsoft can track your usage behavior across multiple electronic devices through cross-device tracking. The information collected is transmitted to a Microsoft server in the United States. Microsoft is certified under the EU-US Privacy Shield.

Bing Webmaster Tools: The Bing Webmaster Tools from Microsoft store cookies and so-called beacons on your computer. Beacons or pixels are small invisible graphics that can be used to detect if a webpage has been accessed.

Purposes of data processing:

Bing Universal Event Tracking: UET allows us to track your activity on our websites when you visit them via advertisements from Bing Ads and enable us to improve our offer. Cross-device tracking allows Microsoft to show personalized ads.

Bing Webmaster Tools: Microsoft can provide its Bing services and optimize search results with the help of this tool.

Legal basis:

We use the described Google products if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

Data is stored by Microsoft for a maximum of 180 days. You can prevent the collection and processing of data by deactivating the setting of cookies. As a result, the functionality of the web pages may be restricted. You can disable cross-device tracking at the following link [https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-GB].

For more information on Bing analytics services, visit the Bing Ads website [https://help.bingads.microsoft.com/#apex/3/en/53056/2 ]. For more information about privacy at Microsoft and Bing, see the Microsoft Privacy Policy [ https://privacy.microsoft.com/en-us/privacystatement].

 

 

 

Social Plugins:

 

 

Data collected:

We use social plugins from the following social networks:

  • Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").
  • Twitter, which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (Twitter).
  • LinkedIn, which ist operated by LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA.
  • XING, which ist operated by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

When you visit a web page that contains such a plugin, your browser establishes a direct connection to the servers of the respective social network. This integration supplies the social network with data on which website you have visited, even if you do not own a user profile or aren’t currently logged in. If you are logged in, Facebook can assign the visit to your Facebook account. If you interact with the plugins, the corresponding information is transmitted to the social network and stored there. Your IP address is saved in shortened form. The data is transmitted from your browser directly to a server of the social network in the USA and stored there.

Purposes of data processing:

The social plugins allow you to share content of the websites in social networks.

Legal basis:

We use social plugins if you have given your consent. We obtain your consent when you visit our website via the cookie banner at the bottom of the web page.

Duration of storage and control options:

You can prevent the collection and processing of data by the social networks via an appropriate setting in your browser.

If you do not wish for the social networks to directly match the data collected through our websites to your user profile, you must log out before visiting our websites. Further information can be found in the Privacy Policy of Facebook [https://www.facebook.com/about/privacy], Twitter [https://twitter.com/en/privacy].

 

 

Digital Purchase Advisor (Neo Commerce GmbH)

Data collected:

We have integrated the guided selling service Neocom or a digital purchase advisor service of Neo Commerce GmbH (hereinafter "Neocom"), Max-Bill-Str. 8, 80807 Munich, on our website in order to provide you with a digital interactive product advice. When you start this product consultation, you can find your desired product in a quiz-like, guided process and receive a product recommendation at the end, which you can then have sent to you by e-mail if you wish.
In the course of using the service, the following data is collected and transmitted to the Neocom:

  • IP address
  • Browser type and version
  • Language of the browser software
  • Time of access
  • Cookie information such as session ID
  • Optional: e-mail address

Purposes of processing:

We offer the possibility to find the right learning for you on our website via a product advisor. In order for us to send you suitable learning and further education offers based on your information, you can optionally enter your e-mail address.

Legal basis:

Your data will be processed on the basis of your consent via the displayed cookie banner in accordance with Art. 6 Para. 1 Sentence 1 lit. a) DSGVO. In addition, we process certain data ( e.g. browser query) on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO in order to be able to offer a correct and complete display and implementation of the digital product advice. 

Storage period and control options:

Should you provide your email address, it will be deleted by Neocom after 90 days. We delete your data as soon as it is no longer required for the processing purposes.
You can revoke your consent formulated towards us at any time with effect for the future.

Third country transfer and recipients of your data:

In the course of using the service, data may be transferred to third countries. In order to be able to guarantee adequate protection of your data in these cases as well, we have contractually obligated the service provider to comply with the special protective measures pursuant to Art. 44 et seq. DSGVO. Neocom uses other services for product consulting. Details of these can be found here.

 

Podigee:

Collected data:

On our websites we offer texts set to music for listening. These are streamed by the company Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. Podigee is a podcasting provider.

Purposes of data processing:

Podigee anonymously collects information on the use of the streaming service so that we can optimise it. In addition to device information, the IP address is also stored.

Legal basis:

We use Podigee if you have consented to this, Art. 6 para. 1 lit. a DSGVO. We obtain your consent when you call up our websites via the cookie banner.

Storage period:

The data is deleted as soon as it is no longer required for the processing purposes.

Third party transfer:

The collected data is primarily processed in the European Union. If the data is also processed in other countries, you will be informed separately.

 

Outbrian

Data collected:

When using our website, Outbrain processes in particular the IP address, user ID, UUID, browser information, device information, usage data, user agent, user behavior, clicks on advertising material, contact with advertising material and online shop content viewed. If you want to know what Outbrain knows about your interests, you can access your interests profile and review your choices (e.g. withdraw your consent). Outbrain's privacy policy describes in more detail how Outbrain collects, uses and shares your personal information.

Purposes of data processing:

This website uses technology from Outbrain Inc. (“Outbrain”). Outbrain provides recommendations in its publisher network, which can be offered by paid advertisers. If you give your consent, Outbrain will make recommendations based on how you interact with content that has Outbrain technology installed. These recommendations and ads will only appear on Outbrain advertising spaces, either Outbrain Engage advertising spaces or Outbrain Extended Network.

Legal basis:

Your data will be processed based on your consent via the displayed cookie banner in accordance with Article 6 Paragraph 1 Clause 1 Letter a) GDPR.

Storage duration and control options:

Outbrain stores your data for 13 months. You can object to the collection and storage of data at any time with effect for the future. To object to future collection and storage of your data, you can click on the following link: my.outbrain.com/recommendations-settings

Third country reference:

Your data will be stored on servers within the EU and will not be passed on to third parties outside the Outbrain network. A transfer to a third country according to GDPR, such as the USA, may take place within the Outbrain network. The transmission of your data on servers in the USA takes place on the basis of closed EU standard contractual clauses and on servers in the United Kingdom on the basis of an existing adequacy decision by the EU Commission. For more details on data processing, please see Outbrain's privacy policy: www.outbrain.com/legal/privacy#privacy-policy

 

SalesViewer

Data Collected: 

We use solutions and technologies provided by SalesViewer GmbH, Bongardstraße 29, 44787 Bochum, Germany ("SalesViewer").  
As part of SalesViewer, a JavaScript-based tracking code is deployed on our website, which is used to collect the following information:  

  • Name, origin and industry of the visiting company.  
  • Referrer  
  • Keyword (search terms on our website)  
  • Visitor behavior (e.g. subpages visited, time of visit, duration of visit)  

No cookies or similar files are stored on the end devices of website visitors. With the help of SalesViewer, we only identify the company from which our website is visited. The visiting company is identified by matching it with generally accessible information. For this purpose, the online identifier of the website visitor is encrypted via an irreversible one-way function (so-called hashing) and, after a pre-selection by means of which private accesses are filtered out, is transmitted to the provider in a pseudonymized form. 

These online identifiers are compared by the provider with a database restricted to company-related data.  
Insofar as company-related accesses can be identified within the scope of this procedure, corresponding company-related data about the website visit is made available to us on an Internet platform of SalesViewer.

On the platform, it is also possible to research further generally accessible data (e.g. address and contact data) about the visiting companies. 

Purposes of data processing: 

We use SalesViewer to compile statistics of visitor behavior and to gain insights into usage and visitor groups on our websites.  

Legal basis: 

We process your personal data on the basis of your consent (Art. 6 para. 1 a) DSGVO). We obtain your consent when you call up our websites via the cookie banner.

Storage period and control options: 

The data collected via SalesViewer is stored and regularly deleted. You can informally revoke your consent at any time with effect for the future. You can do this by re-setting your cookie decision via our cookie banner. In addition, you can also opt out of tracking by SalesViewer via this link [https://www.salesviewer.com/opt-out].

 

Capterra:

Data Collected: 

Our websites use the services of Capterra Inc, 56 Top Gallant Road Stamford, CT 09602, United States of America (hereinafter "Capterra"). Capterra uses cookies to help users find the appropriate software when they make a search request. The information generated by the cookies about your use of this website and your IP address are transmitted to a Capterra server and stored there. More information about the cookies used can be found at this link.

This list includes all personal data collected by or through the use of this service:

  • First name, last name
  • Contact information
  • Company information
  • Email address
  • Phone number
  • IP address
  • Geographical location 

Data Processing Purposes: 

On our behalf, Capterra uses the data collected to evaluate the use of our websites and to provide other services related to the use of the website and the internet.

Legal basis: 

We use Capterra if you have consented to it. We obtain your consent when you call up our websites via the cookie banner, Art. 6 para. 1 lit. a DSGVO.

Storage period and control options: 

Capterra stores your data, and it is deleted regularly. You can prevent the storage of cookies by setting your browser software accordingly or delete them. 

Details on the handling of your personal data can be found under the following link.

 

Adform

This is a platform for digital advertising technology. The platform offers tools for buying advertising space in digital media. Adform A/S, Wildersgade 10B, 1st floor, DK-1408 Copenhagen, Denmark.

Data collected:

This list includes all (personal) data collected by or through the use of this service.

  • Viewed advertisements

  • Browser information

  • Browser type

  • Ads clicked

  • Cookie ID

  • Date and time of visit

  • Device ID

  • Device information

  • Device operating system

  • Geographic location

  • Mobile advertising IDs

  • Search terms

  • Third-party information

  • Unique device identifier

  • Usage data

  • Websites visited

  • Cross-device ID

  • Partner ID

Data Processing Purposes:

This list represents the purposes of data collection and processing.

  • Analysis
  • Conversion tracking
  • Optimization
  • Retargeting
  • Targeting

Legal basis:

The following is the required legal basis for the processing of data.

  • Art. 6 para. 1 p. 1 lit. a DSGVO.

Storage period:

The storage period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.

  • Adform does not store cookie-based information for longer than 13 months.

Non-EU Transfer:

Please note that this service may transfer data to other countries that do not provide an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without you possibly having any legal remedies. For more information on security guarantees, please refer to the website provider's privacy policy or contact the website provider directly. 
https://site.adform.com/privacy-center/overview/

 

Mouseflow

Data collected:

This website uses Mouseflow, a web analytics tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to collect randomly selected individual visits (with anonymized IP address only). This creates a log of mouse movements, mouse clicks and keyboard interaction. The data collected by Mouseflow is not personal and is not shared with third parties. The storage and processing of the collected data takes place within the EU.

Purpose of data processing:

We use the collected data with the intention of randomly replaying individual visits to this website as well as evaluating them in the form of so-called heat maps and deriving potential improvements for this website. 

Legal basis of data processing:

We process your data on the basis of legitimate interests, cf. Art. 6 (1) lit. f DSGVO. Our legitimate interest is to ensure the optimal functionality of our website and to detect and correct errors on our website as quickly as possible.

Storage period and control option:

The cookie generated by Mouseflow is deleted after a period of 90 days. The data that Mouseflow processes is stored for a period of 3 months.
If you do not wish to be collected by Mouseflow, you can object to this on all websites that use Mouseflow by clicking on the following link.

 

Spotify Ad Analytics:

Data collected:

On our website, we use the "Spotify Ad Analytics" pixel from the company "Spotify" (Spotify Inc., 4 World Trade Center, 150 Greenwich Street, New York, NY, 10007 United States of America). "Spotify Ad Analytics" is a tracking technology. It is used to track visitors' interactions with websites ("events") after they have clicked on an ad placed on Spotify or on other services provided by Spotify ("conversion").

Purposes of data processing:

We use "Spotify Ad Analytics" to analyze the behavior of our website visitors and to track the conversion of ads placed.

Legal basis:

We use the "Spotify Ad Analytics" pixel if you have consented to the data processing, Art. 6 para. 1 lit. a GDPR. We obtain your consent via the cookie banner when you visit our website.

Recipients:

The data is transmitted to Spotify Inc. You can read Spotify's privacy policy at the following link.

Third country transfer:

This service transfers data to a third country. The provider ensures that the adequate safeguards pursuant to Art. 44 et seq. GDPR are complied with. If and insofar as an adequacy decision within the meaning of Art. 45 GDPR exists and applies to the respective data export, we generally base this on it. If no such decision exists, a contract with standard data protection clauses of the European Commission (Art. 46 (2) (c) and (d) GDPR) has been concluded with the respective recipient.

Storage duration and control options:

You can prevent the storage of cookies by setting your browser software accordingly or delete them. The maximum storage period is 13 months.

 

 

Kameleoon A/B Testing

Collected data:
We use solutions and technologies from Kameleoon GmbH, Beim Alten Ausbesserungswerk 4, 76135 Offenburg, Germany. Kameleoon uses a cookie that contains an ID generated via a random system to ensure that the variants are also controlled on subsequent visits during A/B tests. No user information is collected.

Purposes of data processing:

We use Kameleoon for the needs-based design and optimization of our websites.

Legal basis:

We use Kameleoon on the basis of legitimate interests (Art. 6 para. 1 f GDPR). Our legitimate interest lies in achieving the purposes described above.

Storage duration and control options:

Kameleoon stores this data for 30 days and it is deleted regularly. You can prevent the collection and processing of data by Kameleoon by selecting the appropriate settings in your browser.

 

 

Fullstory

Data collected:

This website uses technologies from FullStory, Inc, 120 Ottley Dr NE, Atlanta, GA 30324, USA (www.fullstory.com) for the purpose of web analysis. Fullstory uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. These cookies are used to record and analyze your mouse movements, click behavior, scrolling and text entries on our website. The information generated by the cookie is transmitted to a FullStory server in the USA and stored there.

Usage patterns:

  • Clicks
  • Mouse movements
  • scrolling
  • Typing (except for confidential information*)

Usage patterns highlight areas of a website or app that are confusing or underutilized so that web designers can improve their customer experience and create better features.

*Passwords, payment information and social security numbers are excluded from recording by default. FullStory does not allow its customers to record this sensitive data under any circumstances in accordance with its Acceptable Use Policy.

Purposes of processing:

Recording visitor sessions allows us to analyze them and subsequently improve the website experience for visitors.
The data collected with the Fullstory technologies will not be used to personally identify the visitor to this website without the separate consent of the person concerned and will not be merged with any other personal data.

Legal basis:

The legal basis for the processing of this data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
You can revoke your consent at any time in the cookie banner.You can object to data processing for the aforementioned purpose at any time with effect for the future. To object to the data processing of your visitor data for the future, you can obtain an opt-out cookie from Fullstory under the following link, which means that no visitor data from your browser will be collected and stored by Fullstory in the future:

https://www.fullstory.com/optout/

The opt-out cookie is only set for this top-level domain, your specific browser and the device you are using and prevents the collection of data for this online service only. Further data protection information on Fullstory can be found here: 

https://www.fullstory.com/legal/privacy/

Storage duration and control options:

  • 12 Month Product Analytics Retention
  • 1 Month Session Replay Retention

Transfer to third countries:

Please note that Fullstory may transfer data to a country outside the European Union (EU) and the European Economic Area (EEA) and to a country that does not offer an adequate level of data protection, in particular to the USA. The possible processing of your data outside the EU or the EEA is based on so-called standard contractual clauses of the EU Commission, pursuant to Art. 46 para. 2 lit. c GDPR.

III. What data is processed when registering for specific offers?

1. Hogan Assessments

 

We use the services of this third party in order to provide Hogan Assessments for competence profiling. The data entered in the online form is processed securely by the provider and is not accessible to any third party except the agency responsible for managing the test data. Your securely encrypted raw data is hosted in the US (AT&T Internet Data Center, 11830 Webb Chapel R, Dallas, TX 75234 United States of America). The hosting company uses the data solely for the provision of the services. This includes, in particular, maintenance and repair work. It cannot be ruled out that, in carrying out this work, employees of the hosting company or its subsidiaries and subcontractors may become aware of your (personal) data. Hogan Assessment Systems is very careful to ensure that you as a participant have secure and reliable access to the online platform.

As you fill in the questionnaires, your data is sent over the internet to a secure data center in the United States via an SSL-encrypted (128-bit) connection. Your answers to the questions are evaluated by means of defined evaluation algorithms. Your answers to the individual questions cannot be viewed by third parties at any time; your answers serve rather to make statistical statements in comparison to other people. Hogan reports are automatically generated within a few seconds and sent to Haufe Akademie. All test data is stored anonymously and securely in our data center for research purposes and any connection to the test participant cannot be subsequently established.

Hogan Assessment Systems guarantees that your personal data, which is processed on our behalf, can only be processed in accordance with the instructions of the client. We do our utmost to ensure that your information is kept strictly confidential and is only made available to persons who are authorized to access personal data in accordance with the privacy policy and legal framework. The test result is sent to the customers of the Haufe Akademie via a simple e-mail.

 

2. Profilingvalues

 

We use the services of this third party in order to provide profilingvalues for competence profiling. The data entered in the online form is processed securely by the provider and will not be accessible to any third party except the agency responsible for managing the test data. The hosting of your securely encrypted raw data takes place exclusively in Germany (ALL-INKL.COM, Neue Medien Münnich, Hauptstrasse 68, 02742 Friedersdorf, Germany). The hosting company uses the data solely for the provision of the services. This includes, in particular, maintenance and repair work. It cannot be ruled out that, in carrying out this work, employees of the hosting company or its subsidiaries and subcontractors may become aware of your (personal) data.

profilingvalues is very careful to ensure that you as a participant have secure and reliable access to the online platform.

Each time you access the contents of this website, the following data is stored:

  • name of the requested file
  • date and time of the request
  • transferred amount of data
  • error status
  • IP address of the requesting computer

The stored data is used exclusively for statistical purposes. The data is passed neither fully nor in part to third parties. A comparison with other databases does not take place.

Should there be the possibility of entering personal or business data (e-mail addresses, names, postal addresses) on our internet sites, the user discloses this information upon an entirely voluntary basis.

As you fill in the questionnaires, your data is sent via internet to a secure data center in Germany via an SSL-encrypted connection. Your answers to the questions and your ranked answers are evaluated by means of defined evaluation algorithms. Answers to the individual questions can never be viewed by third parties; your answers serve rather to make statistical statements in comparison to other people. profilingvalues ​​reports are generated automatically within a few seconds, so that the certified and authorized evaluation consultants can view them. All test data is stored anonymously and securely in our data center for research purposes without any connection to the test participant being able to subsequently be established.

proflingvalues guarantees that your personal data, which is processed on our behalf, can only be processed in accordance with the instructions of the client. We do our utmost to ensure that your information is kept strictly confidential and is only made available to persons who are authorized to access personal data in accordance with the privacy policy and legal framework. More information about the data center and the security certificates can be found at http://ssl.comodo.com. The test result is sent to the customers of the Haufe Akademie via e-mail.

 

3. LSI Analysis

 

We use the services of this third party in order to provide the LSI analysis for competence profiling. The data entered in the online form is processed securely by the provider and is not accessible to any third party except the agency responsible for managing the test data. Your secure encrypted raw data is hosted solely in Switzerland. The hosting company uses the data only for the provision of the services. This includes, in particular, maintenance and repair work. It cannot be ruled out that, in carrying out this work, employees of the hosting company or its subsidiaries and subcontractors may become aware of your (personal) data. Life Performer AG is very careful to ensure that you as a participant have secure and reliable access to the online platform.

Each time you access the contents of this website, the following data is stored:

  • name of the requested file
  • date and time of the request
  • transferred amount of data
  • error status
  • IP address of the requesting computer

The stored data is used exclusively for statistical purposes. The data is passed neither fully nor in part to third parties. A comparison with other databases does not take place.

As you fill in the questionnaires, your data is sent over the internet to a secure data center in Switzerland via an SSL-encrypted connection. Your answers to the questions are evaluated by means of defined evaluation algorithms. Your answers to the individual questions can never be viewed by third parties; your answers serve rather to make statistical statements in comparison to other people. LSI analysis reports are generated automatically within a few seconds so that the certified and authorized consultants can view them. All test data is stored anonymously and securely in our data center for research purposes without any connection to the test participant being able to subsequently be established.

Life Performer AG guarantees that your personal data, which is processed on our behalf, can only be processed in accordance with the instructions of the client. We do our utmost to ensure that your information is kept strictly confidential and is only made available to persons who are authorized to access personal data in accordance with the privacy policy and legal framework. The test result is sent to the customers of the Haufe Akademie via e-mail.

 

4. INSIGHTS MDI®

 

We use the services of this third party in order to provide INSIGHTS MDI® for competence profiling. The data entered in the online form is processed securely by the provider and is not accessible to any third party except the agency responsible for managing the test data. Your secure encrypted raw data is processed in the Netherlands (Interxion HQ, Tupolevlaan 24, 1119 NX Schiphol-Rijk, Netherlands). This ensures that the processing and storage of the data occurs exactly within the framework of European data protection law (is exactly the same as Dutch law).

INSIGHTS MDI® is very careful to ensure that you as a participant have secure and reliable access to the online platform.

All data entered via the European server will only be used for the purpose specified and agreed upon by you. We do not share information about you with third parties without your consent. Personal information entered for an analysis / report includes: e-mail address, gender (only for salutations in the report), position / job title and organization. The disclosure of this data by the user takes place on an entirely voluntary basis.

As you fill in the questionnaires, your data is sent over the internet to a secure data center in the Netherlands via an SSL-encrypted connection (see above). Your answers to the questions and your ranked answers are evaluated by means of defined evaluation algorithms. Your answers to the individual questions can never be viewed by third parties; your answers serve rather to make statistical statements in comparison to other people. INSIGHTS MDI® reports are generated automatically within a few seconds so that the certified and authorized reporting consultants can view them. All test data is stored anonymously and securely in our data center for research purposes without any connection to the test participant being able to subsequently be established.

INSIGHTS MDI® guarantees that your personal data, which is processed on our behalf, can only be processed in accordance with the instructions of the client. We do our utmost to ensure that your information is kept strictly confidential and is only made available to persons who are authorized to access personal data in accordance with the privacy policy and legal framework. More information about the data center and the security certificates can be found at https://www.interxion.com/Locations/amsterdam/

 

5. Digital learning platform for the delivery of eLearnings

Data collected:

Our digital learning content is delivered via a digital learning platform that you can access via your personal learning environment or for which your employer provides you with access (see Learning Management System)

Please note: If your employer has provided you with access to our digital learning platform (https://lernwelt.haufe-akademie.de), they are generally the controller in accordance with the GDPR, whose data we process on behalf of or on the basis of an order processing contract in accordance with Art. 28 para. 3 GDPR.

The data processed in the learning platform includes

  • Title,
  • Salutation,
  • first name, surname,
  • company affiliation,
  • e-mail address,
  • preferred learner language,
  • Learning outcomes and learning progress.

Processing purposes:

The learning platform is used to provide digital education and training opportunities.
You can also send us support requests for the learning platform via an online form.

Legal basis:

Your data is processed in order to fulfill our contractual obligation to you or to our contractual partner (Art. 6 para. 1 lit. b GDPR).

Storage duration and control options:

Your data will be deleted from the learning platform once the purpose no longer applies.
Please note that in cases where your employer is our contractual partner, deletion takes place or can take place on the instructions of the controller.

Categories of recipients:

The data collected may be made accessible to certain categories of recipients in order to fulfill the stated purposes. These include:

  • Other Haufe Group companies in order to ensure efficient cooperation within the group of companies.
  • Service providers who are necessary to fulfill the above-mentioned purposes. This includes support service providers, hosting partners and other external service providers involved in the provision and smooth operation and support of the learning platform.

All recipients mentioned act within the framework of contractual obligations and are subject to the necessary data protection agreements to ensure that your personal data is adequately protected and treated confidentially.

 

5.1 Digital learning platform test access

 

Collected data:

  • Title,
  • Salutation,
  • first name, last name,
  • company,
  • e-mail address,
  • preferred learner language,
  • learning outcomes,
  • Learning progress

Purposes of data processing:

The software is used for the provision, processing and use of digital training and further education offers of the processor for testing purposes. Employees of the controller receive individual access. The processor receives access to the personal data stored when using the "Digital Learning Platform".

We use a third-party ticket system to help you in support cases. Your personal data forwarded for your request via the support form will be transmitted to the service provider for this purpose.

Legal basis:

Contract initiation or "pre-contractual measure" (cf. Art. 6 (1) b) GDPR).

Storage period and control options:

  1. all open registration processes (double opt-in) are automatically deleted after 30 days.
  2. test accounts are inactive 30 days after creation. These are irretrievably deleted 90 days later.

Transmission to third countries:

None.

Notice:

Please note that this is software from a third-party provider based in Germany. In support cases, there is a possibility that they may gain access to your personal data.

 

6. Transfer Coaching

 

For the provision of transfer coaching we work together with freelance trainers. Once you have confirmed the booking of a transfer coaching we forward your registration and seminar data to the respective trainer so that he/she can make an appointment. The trainer, who is bound by a framework agreement to comply with the provisions of the BDSG (Bundesdatenschutzgesetz = German Federal Data Protection Act) as well as by a non-disclosure agreement, may only use this data for making an appointment and for performing the transfer coaching you have booked. This may include technical support services for the software and hardware used by the trainer. Within the scope of this service, you have the option of contacting the trainer by telephone or using web conferencing tools. The trainer carries the responsibility for both of these communication channels. Should you not agree with the use of web conferencing tools, please inform the trainer directly during your first talk.

 

7. Creation of open badges

 

Data collected:

Open Badges is a system of digital certificates or learning badges jointly developed by the Mozilla Foundation and the MacArthur Foundation. With respect to storage, we deploy solutions and technologies from Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg (AWS).
Collected data encompass in particular:

      • First name and surname of the badge recipient
      • E-mail address of the badge recipient
      • Seminar and Badge ID
      • IP address and timing of the user when retrieving a badge

Purposes of data processing:

We process these data in order to be able to create a badge for you and make it permanently available to you. The data is therefore essential for the allocation and permanent storage of badges as digital certificate equivalents for seminar graduates.

Legal basis:

We process the data on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Storage duration and control options:

We store your data as long as you have an active account with us. If you delete this account or if the account is closed for any other reason, we will delete all existing data, as long as there are no legal or contractual retention periods preventing deletion.
In addition, you can revoke your consent at any time informally with effect for the future. In such case, we will also delete the relevant data promptly.

Transfers to third countries:

The data is generally processed in European data processing centres. Within the scope of maintenance and support measures, data may also be transferred to the third country USA. In order to be able to guarantee an adequate protection of your data in these cases as well, we have obligated Amazon Web Services, using the corresponding EU standard contract clauses, to comply with a data protection level corresponding to EU law.

 

8. StackFuel GmbH

 

Data collected:

For the provision of digital learning content concerning data science trainings, we use a learning platform from StackFuel GmbH, Alte Schönhauser Str. 38, 10119 Berlin. The transmission and processing of the necessary data for the training is carried out safely. Stackfuel ensures for all secondary service providers through appropriate guarantees pursuant to Article 44 ff GDPR that your personal data are protected and that your rights of the person affected are fulfilled.

The secondary service providers are:
- Google https://policies.google.com/privacy?hl=de&gl=de
- Slack https://slack.com/intl/de-de/legal
- Pipedrive https://www.pipedrive.com/en/privacy
- LogmeIn https://www.logmeininc.com/de/legal/privacy
- Microsoft https://privacy.microsoft.com/de-de

In particular, collected data are:

    • Purposes of data processing:

      We process this data to perform online training in the learning platform of StackFuel. The data are therefore required for the implementation.

      Legal basis:

      We process your data in order to be able to fulfil our contractual obligation to you (Art. 6 (1) (b) EU GDPR).

      Storage duration and control options:

      Fuel stores your data as long as you have completed your training, but no later than 30 days after completing your training. If you terminate or cancel a training, StackFuel deletes all available data, as far as deletion does not conflict with any statutory or contractual retention periods.

      • First name and last name of the participant
      • E-mail address and telephone number of the participant
      • Seminar- ID

 

9. EVA - evaluation tool

 

Data collected:

We use the analyses of EVA, which are generated from the reporting of the feedback sheets in order to obtain insights into the satisfaction of event participants. In addition to the location and speaker of the event data such as participant IDs and your answers from the questionnaire are collected.

Purpose of data processing:

We use the results of the analyses for the purpose of continuous product improvement.

Legal basis:

We process the data in accordance with your consent. Art 6 para. 1 lit. a GDPR.

Storage duration and control options:

The data is stored in EVA for a period of six years, after which it is deleted.

 

10. Individual Coaching

 

We process the following personal data when you hire us for one-on-one coaching:

    • First name and surname
    • Contact details
    • Packages booked

of the orderer or coachee (=participant). Coachee and orderer do not necessarily have to be the same person.

The coachee then receives a link that takes the coachee to the Haufe coaching platform. There, the coachee presents his or her specific coaching request, which is then matched with suitable coaches. The Haufe Academy uses a matching questionnaire, which the coachee has to fill out. This serves to assign your coaching request to a suitable coach. In this process, it is possible that you disclose data to us that are special categories of personal data pursuant to Art. 9 (1) DSGVO. In this matching process, Haufe Akademie GmbH &Co. KG processes your data in accordance with the European DSGVO.

As a coachee, you will be informed again about this data processing before sending your specific request. Individual coaching sessions are usually conducted virtually. The execution of the actual coaching takes place in consultation with the respective coach via the means of communication offered by the coach. All communication channels are offered by the coach on his or her own responsibility. If you do not agree with the use of certain means of communication (Internet, telephone, or similar), please inform the coach directly when first contacting him.

Purpose of data processing:

This data processing is necessary to fulfill the contractual obligation to the client and to perform "matching" with suitable coaches for the coachee.
Information on special categories of personal data (Art. 9 (1) DSGVO) is basically voluntary. Insofar as personal data is required for a suitable "matching", it is essential for the contractually owed service and therefore necessary.

Legal basis:

We process your data in order to fulfill our contractual obligation to you (Art. 6 para.1 b EU-DSGVO). In addition, we process your data on the basis of legitimate interest (Art. 6 para. 1 f EU-DSGVO) in order to be able to provide you with similar interesting offers in the future.

Storage period:

The personal data of the coachee will be stored for the duration of the business relationship and deleted after the termination of the same, unless a deletion is opposed by legal or contractual retention periods.

 

10.1 google maps

 

Data collected:

The following data is collected:

  • Date and time of the visit to the website in question,
  • Internet address or URL of the visited web page,
  • IP address

Purposes of data processing:

We process the data with google maps to obtain geodata in order to find a suitable coach for you with whom you can meet in person, if necessary.

When you enter a city name in the search mask the AutoCompletionService and the GeoCodeService of google maps are used.

Legal basis:

We process your data for the purpose of fulfilling a contract pursuant to Art 6 (1) lit. B DSGVO.

Storage period and control options:

For the storage period and further use of your data by google, please refer to google's privacy policy at https://policies.google.com/privacy?hl=de.

Third party transfers:

Google Maps is a map service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about the use of this website, including your IP address, may be transmitted to Google in the USA.

Notice:

For more information on data collection and the further processing and use of data by Google, as well as your rights in this regard and settings options for protecting your privacy, please refer to Google's privacy policy (https://policies.google.com/privacy?hl=de).

 

11. Haufe eAcademy:

 

Data collected:

When you open an account with us, we ask you to provide us with the following data: first name and surname, e-mail address, invoice address (company address and where appropriate an additional e-mail address to be used for invoicing), and your individual, freely selectable password. In addition, you may upload a profile photo – which is of course voluntary – which will then be visible in the application.

After registration, you will receive a verification e-mail from us that serves on the one hand to confirm your identity and on the other to enable invoicing. The verification link remains active for two weeks.

Purposes of data processing:

We process this data first of all to create your account, to enable you to access the services offered and to enable us to implement the contract. On the other hand, we also process this data to enable you to create an appealing profile.

Legal basis:

If we require your data for the purposes of implementing the contract with you and making our services available to you or to perform pre-contractual measures on the basis of an enquiry from you, data processing will be based on Art. 6 Para. 1 lit. b of the GDPR. If you give information voluntarily to complete your profile, data processing will be on the basis of Art. 6 Para. 1 lit. a of the GDPR.

Storage period and control options:

We store your data for as long as you operate an account on our platform. You can delete your profile yourself at any time. You can also download your data at any time as a zip file.

If you delete your account, all the data held for your account will be irrevocably deleted. This includes any courses already purchased or implemented.

You can delete a profile photo that you have provided voluntarily and that we have saved with your consent yourself at any time, by clicking on ‘Delete Photo ’ in your profile. This constitutes withdrawal of consent on the basis of Art. 7 Para. 3 of the GDPR.

 

12. Coaching

 

Data collected:

You may also book coaching sessions on our website. If you do this, we pass on your data (first name, surname, log-in e-mail address and the parameters of your individual course project) to your selected coach. You are also able to voluntarily provide a telephone number when you make the booking, which we will then also pass on to the coach. He/she will then contact you personally to discuss your communication preferences. This is something over which we have no influence. We process no further data in this context.

Purpose of data processing:

We process your data to enable us to offer you the booked coaching sessions and to enable communication to take place between you and your coach.

Legal basis:

The processing of this data is on the basis of the contractual performance, Art. 6 Para. 1 lit. b of the GDPR.

Storage period:

We store your data for the duration of the contract and subsequently delete it, provided there are no legal retention requirements that oppose its deletion.

 

13. Userlike

 

Collected data:

Userlike is a chat tool. If you wish to communicate with us via Userlike, the following personal data will be processed:

  • Email address
  • First name
  • Last name

Your data will be processed exclusively in Germany. The chat tool Userlike is hosted in the data center Hetzner Online GmbH.<7p>

Purposes of data processing:

We process this data when you want to contact us directly for some products. Userlike serves as a chat communication tool between you and individual departments to quickly get questions about products answered.

Legal basis:

We process the data based on your consent. Art 6 paragraph 1 lit. a DSGVO.

Storage period and control options:

Your data will be stored for 90 days and then automatically deleted.
In addition, you can informally revoke your consent at any time with effect for the future. In this case we will also delete the data concerned immediately.

Transmission to third countries:

No data transfer to third countries.

 

14. MS-Teams

 

Data collected:

MS-Teams belongs to the family of Microsoft 365 applications.
Teams enforces cross-team and organization-wide logins via Azure Active Directory. Data transfer is exclusively encrypted (in-transit) and when the data is stored, it is automatically encrypted (at-rest). As the files are stored in SharePoint, the encryption is carried out using the appropriate SharePoint mechanism.
The following personal data is processed:

  • IP address
  • Personal Email
  • First name/ last name
  • Sound and video recordings

Purposes of the data processing:

For selected products we use MS-Teams to run topic-related webinars.

Legal basis:

The legal basis constitutes the fulfilment of the contract in the sense of Art. 6 Par. 1 lit. b. DSGVO).

Storage duration and control options:

Teams divide the data, which are generated in a team, between different services:

  • Group conversations (which are displayed in Outlook via Exchange Online) and the group calendar are forwarded in Exchange Online.
  • Meetings that are created are forwarded to Exchange Online.
  • The chat in a team is stored on the Skype for Business servers.
  • Meeting recordings are transferred to Microsoft streams, which means that they are stored in Microsoft Azure.
  • Documents and the SharePoint Wiki end up in the site collection in SharePoint.
  • File attachments in a chat and attachments to tasks from Planner are also transferred to SharePoint.

All data is subject to the deletion guidelines of the corresponding services.
As an administrator, you can set up retention policies for teams for chat and channel messages and proactively determine whether the data should be retained, deleted or retained for a certain period of time and then deleted.

Third country transfer:

The provision of the contractually agreed data processing takes place exclusively in a member state of the European Union or in another state party to the Agreement on the European Economic Area. In the context of maintenance and support measures, data may theoretically also be transferred to the third country USA. In order to be able to guarantee adequate protection of your data in these cases as well, we have obligated Microsoft to maintain a level of data protection that complies with EU law by using the corresponding EU standard contract clauses.

 

15. BeRealtimeBoard, Inc. dba Miro

 

Collected data:

MIRO is an online collaboration whiteboard platform.

The following data is collected:

  • First name and surname
  • E-mail addresses
  • IP address
  • browsing time

Purposes of the data processing:

We process this data in order to fulfil the contractual services for you by using an online whiteboard.

Legal basis:

We process your data for the purpose of fulfilling the contract in accordance with Art. 6 Para. 1 letter B DSGVO.

Storage duration and control options:

MIRO deletes your personal data immediately after the end of a session. MIRO stores pbD only as long as it is necessary to fulfill the intended purposes.

Third country reference:

The provision of the contractually agreed data processing takes place exclusively in a member state of the European Union or in another contracting state of the Agreement on the European Economic Area. In the context of maintenance and support measures, data may theoretically also be transferred to the third country USA. In order to be able to guarantee adequate protection of your data in these cases as well, we have obligated Realtime Board Inc. dba Miro, using the corresponding EU standard contractual clauses, to comply with a level of data protection corresponding to EU law.

Note:

Please note that this is a third-party application. Personal data of the participant will be passed on to this third party for the purpose of implementing the training offer.

 

16. Celemi:

Data collected:

AgileMove, Digital Apples & Oranges, Exploring is a platform-based transformational business and behavioral simulation exercise by Celemi.

The following personal data may be collected:

  • IP Address
  • Browsing Time
  • Username
  • Password (if any)
  • Language used

Purposes of data processing:

We process this data in order to fulfill the contractual services for you through the use of one of the simulation exercises.

Legal basis:

We process your data to fulfill the contract according to Art 6 (1) lit. B DSGVO.

Storage period:

Your personal data will only be stored for as long as necessary to fulfill the purposes pursued.

Third Party Transfer:

Some services of Celemi are hosted on Digital Ocean LLC 101 Avenue of the Americas New York, NY 10013, US. In the course of support activities, a data transfer to the USA is not foreseen but also cannot be excluded. In order to be able to guarantee adequate protection of your data for these cases as well, Celemi has obliged Digital Ocean to comply with a level of data protection corresponding to EU law using the relevant EU standard contractual clauses.

Notice:

Please note that this is a third-party application. Personal data of the participant will be passed on to this third party for the purpose of implementing the further training offer. All necessary contracts according to Art. 28 (3) DS-GVO have been concluded with the third-party provider.

 

17. blink.it GmbH & Co. KG

Is an application for designing digital learning content and online courses.

Collected data:

The following personal data is processed:

  • IP address
  • Personal Email
  • First name/ last name
  • Contact details
  • Browsing Time

Purposes of data processing:

We use blink.it for selected products in order to enable a high degree of interactive exchange between the participants on a topic-related basis.

Legal basis:

The legal basis represents the fulfillment of the contract within the meaning of Article 6 paragraph 1 lit. b. DSGVO).

Storage duration and control options:

Your data will be deleted by blink.it after 6 months after the end of the event. They remain in the trash for 7 days and are then irretrievably removed from the platform. In the application, they remain stored for another 30 days for possible recovery and are then also irretrievably deleted completely.

Third country transfer:

The software application, server and operating software and other System components of the blink.it App are stored in a third-party data center (Amazon Web Services, Inc. (AWS)). The data is stored and processed on German territory. AWS Region for the processing of all data provided by the customer transmitted data is exclusively Frankfurt/Main. In the course of support activities a data transfer to the USA is not planned but cannot be excluded. In order to be able to guarantee adequate protection of your data in these cases as well, AWS has committed itself to maintaining a level of data protection in line with EU law by using the corresponding EU standard contract clauses.

Note:

Please note that this is a third-party application. Personal data of the participant will be passed on to this third party for the purpose of implementing the training offer.

 

18. Actee/ ActeeChange:

 

Simulated learning games and tools for organizational and leadership development training, change communication, and change processes.

Data collected:

The following personal data is processed:

  • IP address
  • Personal mail address
  • First name/ Last name
  • Contact details
  • Account number/password

Data Processing Purposes:

We use ActeeChange on selected products to use learning games on change management/leadership development.

Legal basis:

The legal basis represents the performance of the contract in the sense of Art. 6 para. 1 lit. b. DSGVO.

Storage period and control options:

Deletion of personal data immediately after the purpose ceases to apply.

Note:

Please note that this is a third-party application. Personal data of the participant will be passed on to this third party for the purpose of implementing the training offer.

 

19. TriCAT Ltd.

 

Data collected:

Virtual 3D learning and working environment platform, 3D Academy & Classroom, to conduct meetings, trainings or coaching sessions in dedicated virtual rooms.

The following personal data is processed when you log in to Tricat's platform:

  • IP address, browsing time, cookie information.
  • Personal email
  • First name/ last name
  • Sound and video recordings

For more information, please visit: https://www.tricat.net/datenschutzerklarung/

Data processing purposes:

We use TriCAT for selected products to play out topic-related webinars.

Legal basis:

The legal basis represents the performance of the contract in the sense of Art. 6 para. 1 lit. b. DSGVO.

Storage period and control options:

All personal data that can be deleted directly after the session is manually removed from the platform. TriCAT itself deletes all chats after session end, session documents are deleted after 8 weeks.

Third Party Transfers:

TriCAT is hosted on Amazon Web Services (AWS). In the course of support activities, data transfer to the USA is not planned, but also cannot be ruled out. In order to be able to guarantee adequate protection of your data for these cases as well, TriCAT AWS has committed itself to compliance with a level of data protection corresponding to EU law using the relevant EU standard contractual clauses.

Notice:

Please note that this is a third-party application. Personal data of the participant will be passed on to this third party for the purpose of implementing the training offer. All required contracts according to Art. 28 (3) DS-GVO have been concluded with the third party provider.


20. Zoom Video Communication:

 

Collected Data:

Zoom Meetings is a service that allows users to participate in online video conferences through a desktop or smartphone app, via a web interface, by phone, or through a conference room system.

The following personal data is processed:

  • IP address
  • Personal email
  • First name/ last name
  • Audio and video recordings

For more information, please visit: https://zoomgov.com/de-de/privacy.html

Data processing purposes:

We use Zoom on selected products to play out themed webinars.

Legal basis:

The legal basis represents the fulfillment of a contract within the meaning of Art. 6 para. 1 lit. b. DSGVO).

Storage period and control options:

Zoom stores collected personal data for as long as necessary for the purposes stated by zoom, unless a longer retention period exists by law. The criteria subject to the provisions of the retention periods include:

  • The period of time for which an ongoing business relationship is maintained with them and for which zoom's services are provided to them (e.g., as long as you have an account with zoom or use zoom's services).
  • A legal obligation to retain the data (e.g., certain laws require that records of your transactions be kept for a certain period of time before they can be deleted); or
  • A legal requirement to retain the data (e.g., in connection with applicable statutes of limitations, litigation, or government investigations).

You yourself as a customer may delete your own accounts.

Third Party Transfers:

For users located in the European Economic Area (EEA) and personal data is transferred outside the EEA, zoom will ensure:

  • process them in an area that has been determined by the European Commission to provide an adequate level of protection for personal data; or
  • to have implemented appropriate safeguards to protect the personal data. This includes transfer in accordance with the applicable transfer mechanisms, the European Commission's standard contractual clause.
  • In the context of maintenance and support measures, there may theoretically also be transfers of data to the third country USA. In order to be able to guarantee adequate protection of the data in these cases as well, zoom has undertaken to comply with a level of data protection corresponding to EU law using the relevant EU standard contractual clauses.

 

21. Prokoda Ltd.

 

Data collected:

The following personal data are processed:

  • Name,
  • first name,
  • E-mail address,
  • IP address.

Purposes of data processing:

Provision of virtual desktops for IT training.

Legal basis:

The legal basis is the performance of the contract in the sense of Art. 6 para. 1 lit. b. DSGVO).

Storage period and control options:

When leaving the virtual desktop, all personal data/data is deleted. No log data is retained.

Notice:

Please note that this is a third-party application. Personal data of the participant is passed on to this provider for the purpose of implementing the training offer.

 

22. Plazz AG/ Mobile Event App

 

Collected data:

The Mobile Event App of plazz AG supports you in planning and organizing congress visits.

The following personal data is processed if you decide to use the Mobile Event App:

  • IP Address
  • Browsing Time
  • Personal Email
  • First name/last name

For more information, please visit:

https://mobile-event-app.com/wp-content/uploads/2019/03/Datenschutzerkla%CC%88rungPlazz-2019-1.pdf

Data processing purposes:

You can use the Mobile Event App with selected products to be virtually accompanied at selected congresses.

Legal basis:

The legal basis represents the performance of the contract within the meaning of Art. 6 para. 1 lit. b. DSGVO).

Storage period and control options:

plazz AG deletes all personal data three months after the purpose ceases to apply.

Third country transfer:

None

Notice:

Please note that this is an application of a third-party provider. Personal data of the participant will be passed on to this provider for the purpose of implementing the training offer.

All necessary contracts according to Art. 28 (3) DS-GVO have been concluded with the third party provider.

 

23. Eudemos GmbH & Co. KG

 

Data collected:

The following personal data is processed:

  • Name,
  • first name,
  • mail address,
  • IP address,
  • organizational unit (optional).

Purposes of data processing:

We use the services of our partner to conduct employee:internal risk and health surveys as well as 360-degree feedback, data analytics, results reporting and the provision of a digital working environment for the delivery of survey results (reports) to Haufe customers.

Legal Basis:

The legal basis represents the performance of the contract within the meaning of Art. 6 para. 1 lit. b. DSGVO).

Storage period and control options:

Directly after project completion on instruction.

Third-party transfer:

Eudemos uses servers and operating software as well as other system components to provide the surveys and reports from a third-party data center (Amazon Web Services, Inc. (AWS)). The data is stored and processed on federal territory. AWS region for the processing of all data transmitted by the customer
transmitted data is exclusively Frankfurt/Main.

For the surveys with the participants themselves, a data center of Azur 0365 in Ireland is used.
In the course of support activities, data transfer to the USA is not planned but also cannot be ruled out. In order to be able to guarantee adequate protection of your data for these cases as well, AWS has committed itself to compliance with a level of data protection corresponding to EU law using the relevant EU standard contractual clauses.

Notice:

Please note that this is a third-party application. Personal data of the participant will be passed on to this third party for the purpose of implementing the training offer.


24. Mielke Company - Mielke Platform

 

Data collected:

The following personal data are processed:

  • Name,
  • first name,
  • mail address,
  • IP address,
  • organizational unit (optional).

Purposes of data processing:

We use the services of our partner for the implementation and monitoring of GPM/IPMA courses of employees:inside. Furthermore for experience-oriented competence development with practical benefits. Agile approaches, project management with IPMA Level D certificate, project management with university certificate, project management, social skills.

Legal basis:

The legal basis represents the fulfillment of the contract in the sense of Art. 6 para. 1 lit. b. DSGVO).

Storage period and control options:

Directly after project completion on instruction.

Third country transfer:

No third country reference.

Notice:

Please note that this is an application of a third-party provider. Personal data of the participant will be passed on to this provider for the purpose of implementing the training offer.

 

25. Techcast – Conferenz-Platform

 

Data collected:

The following personal data is processed:

  • IP Address,
  • Browsing Time,
  • Potential Cookies.

Data processing purposes:

Techcast is used to broadcast online annual meetings.

Legal basis:

The legal basis is the performance of the contract in the sense of Art. 6 para. 1 lit. b. DSGVO).

Storage period and control options:

No storage, data is lost directly after the end of the purpose.

Third country transfer:

No third country reference.

Notice:

Please note that this is an application of a third-party provider. Personal data of the participant will be passed on to this provider for the purpose of implementing the training offer.

 

26. Mozaik App, Picture Framing Ltd.

 

Data collected:

The following personal data is processed when you choose to use the Mozaik App:

  • IP Address, Browsing Time
  • Personal Email
  • First name/ last name
  • Photos/videos
  • Gender

For more information, please visit:

https://www.mozaik-app.de/privacy

Data processing purposes:

This app will enable trainers/speakers to create small introduction videos of themselves.

Legal basis:

We process the data based on your consent. Art 6 para 1 lit. a DSGVO.

Storage period and control options:

The files are stored on servers of Ionos (German company with German server location) (long-term storage). During the creation process, the video files are also processed for a short time on servers of Hetzner (German company with German server location) (during rendering).

Mozaik App deletes all data immediately after the purpose is fulfilled.

Third party transfer:

None

Notice:

Please note that this is a third-party application. Personal data of the trainers will be passed on to this provider for the purpose of implementing the offer.

All necessary contracts according to Art. 28 para. 3 DS-GVO have been concluded with the third party provider.

 

27. Online chat and forum for participants

 

Collected data:

The following data is processed when using the online chat or forum:

  • Name, first name,
  • e-mail address and a
  • Haufe user ID
  • Answers/contributions that you formulate in the chat.

Purposes of data processing:

Within the framework of your participation in some of our events, you have the opportunity, through the voluntary use of an online chat or forum, to actively exchange information with speakers or other participants via chat within your selected group. You can access the online chat via the event page in your learning environment at the times specified there.

In order to provide the online chat, we use a service provider who has access to the aforementioned data, which is why contracts have been agreed with this service provider in accordance with Art. 28 DS-GVO.

Legal basis:

The online chat forms an additional offer or a service component to the event you have booked. We therefore process your personal data to fulfill the contract pursuant to Art. (1) b. DSGVO.

Storage period and control options:

Your data and contributions will be deleted after the end of the respective event and will not be archived beyond that.

 

28. BigMarker

 

Data collected:

We use BigMarker as an event and webinar platform. Depending on the event, personal data of event participants is either transferred by us to BigMarker or entered by them during the registration process. The following personal data may be required:

  • Name (also visible to other event participants)
  • E-mail address
  • IP address

Please note that when you participate in our event, your data will be processed in accordance with BigMarker's Privacy Policy.

Purposes of processing:

We use BigMarker for online training, online product training or other virtual event formats.

Legal basis:

We process your data either for the implementation of pre-contractual and contractual measures, which are carried out at your request (Art. 6 para. 1 b DSGVO) of on the basis of your consent (Art. 6 para. 1 a GDPR) to use your data.

Storage period and control options:

Data on the respective events will generally be deleted 90 days after the end of the event.

Third-party transfer:

Appropriate guarantees pursuant to Art 44 ff DSGVO have been agreed with the service provider of the event platform BigMarker. In addition, the provision of the contractually agreed data processing takes place exclusively in a member state of the European Union or in another contracting state of the Agreement on the European Economic Area, as your data is stored in European data centers.

 

29. Appointment bookings via Microsoft Bookings 

 

Data collected:

We use Microsoft 365 and Microsoft Bookings to book appointments. Microsoft 365 and Microsoft Bookings are a service provided by Microsoft Ireland Operations, Ltd. The data you enter is processed by Microsoft Bookings.

As part of the appointment booking process, e.g.

  • your last name,
  • first name,
  • email address,
  • address (optional),
  • phone number and notes (optional),
  • Appointment and booking information

and possibly others are collected.

Microsoft Bookings is part of the Office 365 cloud application, and Microsoft reserves the right to process customer data for its own business purposes. This poses a privacy risk to users of Microsoft Bookings. We have entered into data protection agreements and EU standard contracts with Microsoft Ireland to guarantee a minimum level of data protection. Please note that we have no control over Microsoft's data processing activities. To the extent that Microsoft Bookings processes personal data in connection with Microsoft's legitimate business operations, Microsoft is an independent data controller for such use and, as such, is responsible for compliance with all applicable laws and obligations of a data controller.
For more information about the purpose and scope of data collection and its processing by Microsoft Bookings, please see Microsoft's privacy policy at https://privacy.microsoft.com/de-de/privacystatement
There you will also receive further information about your rights in this regard. 

Purposes of data processing:

We use the "Bookings" tool so that you can make an appointment directly with a consultant, coach and/or trainer and to optimize the appointment-finding process. 

Legal basis:

We process your data for the implementation of pre-contractual and contractual measures, which are carried out upon your request (Art. 6 para. 1 b GDPR).

Storage period and control options:

The personal data will be deleted after the purpose has been fulfilled.

Third country transfer:

Microsoft also processes your personal data in the USA. EU standard contracts with Microsoft on Office 365 have been concluded to guarantee an appropriate level of data protection. The EU standard contractual clauses can be found at 

https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32021D0914 

call them up.

 

30. OKR (Object Key Result):

 

Collected data:

  • IP address

Purposes of processing:

In some events we use Haufe OKR for illustrative purposes. Haufe OKR enables the definition of medium-term strategic goals on a company level as well as the creation and tracking of goals on a team level.
If you have consented to tracking (consent boxes) we use your data, for quality/functionality and marketing purposes.

Legal basis:

We process your data for contract fulfillment according to Art 6 (1) lit. b DSGVO and optionally based on your consent according to Art 6 para. 1 lit. a DSGVO.

Storage period and control options:

Your data will be deleted after the purpose ceases to apply.

Third Party Transfer:

Appropriate guarantees pursuant to Art 44 ff DSGVO have been agreed with the service provider of the OKR platform. Furthermore, the provision of the contractually agreed data processing takes place exclusively in a member state of the European Union or in another contracting state of the Agreement on the European Economic Area, as your data is stored in European data centers. 

Notice:

Please note that this is a third-party application. Personal data of the participant will be passed on to this provider for the purpose of implementing the training offer.

 

31. TaskCards Web App

 

Collected Data:

TaskCards Pinboard is a digital tool for designing and saving interactive posts available online and offline. Authorized users, as well as guests with access tokens, can design these themselves by populating the TaskCards Pinboard using pen tools, text input, shape tools, and providing multimedia content. Each user logged into TaskCards can also save the file created in this way in their own "My Pinboards" area within TaskCards. The following data is collected:

  • First name and last name 
  • E-mail addresses
  • IP address
  • Browsing Time

Data processing purposes:

We process this data in order to fulfill contractual services for you through the use of a digital bulletin board.

Legal basis:

We process your data to fulfill the contract according to Art 6 (1) lit. B DSGVO.

Storage period and control options:

  • Provided periods for the deletion of the various categories of data.
  • Account deletion At the end of the contract 
  • Pinboard deletion 7 days 

Third country reference:

No third country reference

Notice:

Please note that this is an application of a third-party provider. Personal data of the participant will be passed on to this provider for the purpose of implementing the training offer.

 

32. Metaverse EVOLVIA by RAVE.SPACE GmbH

 

RAVE.SPACE GmbH, Köpenickerstraße 7, 10997 Berlin-Kreuzberg, offers Web3 browser-based metaverse solutions.

Data collected:

We process the following personal data:

  • User name
  • Chat messages
  • IP address

Data processing purposes:

On our websites we offer the possibility to enter and use a web-based Virtual Space or virtual room.  
For representation and identification of the users, names can be freely chosen, which are then transmitted to our server.
To communicate within the application, chat messages are transmitted to our servers.
IP addresses are transmitted to establish a voice chat connection via the third-party provider Agora.

Legal basis:

Data processing takes place for the fulfillment of a contract or for the implementation of pre-contractual measures.
The legal basis is the performance of the contract within the meaning of Art. 6 para. 1 lit. b. GDPR).
Storage period and control options:
IP address, user name and chat messages are processed exclusively for the duration of use on our server and are not stored beyond that.

Recipient categories:

In order to provide you with our Virtual Space, we use a service provider with whom we have concluded a contract pursuant to Art. 28 DSGVO.
Our service provider as well as its subcontractors thereby potentially gain access to the processed personal data.

Third country transfers:

We do not transfer any personal data to third countries. However, when using the software, third country transfers may occur through the use of subcontractors by our service provider.

 

33. persolog GmbH

Data collected:

The following personal data is processed:

  • Last name,
  • first name,
  • e-mail address,
  • IP address,
  • gender.

Purposes of data processing:

In selected live online events, it is necessary to fill out a questionnaire from persolog GmbH regarding self-management profiling. This requires a login to the persolog platform. A generated link will be made available to you during the event in the chat via Teams.
Your answers to the following questions will only be stored and processed by persolog GmbH if you explicitly complete the questionnaire at the end. Your answers will be processed by means of an automated procedure to create the profile described above. No data (neither your consent/your objection nor your answers) will be stored if the survey is terminated for technical reasons or by your own choice.

Legal basis:

The legal basis is the fulfillment of the contract within the meaning of Art. 6 para. 1 lit. b. GDPR) and for the creation of self-leadership profiling on the basis of your consent in accordance with Art. 6 para. 1 a GDPR.

Storage duration and control options:

The report is sent electronically to the report recipient immediately after it has been created, as agreed. The responses are automatically deleted by default after 12 months or after a period specified by the controller (max. 36 months). The online report is stored until the specified time.
After the time agreed by the responsible body, your responses will be automatically deleted. The storage period can be extended by arrangement. As long as your answers have not yet been deleted, the report can be generated again in a language other than the one currently selected or, in the event of an error in the report generation program, with modified content. Your consent to this will be obtained directly from you by Judith Augenstein of persolog GmbH.

Note:

Please note that this is a third-party application. The personal data you enter will be processed by this provider to create the self-management profile.

IV. What data is processed when you contact us, order a newsletter, open a user account and purchase online products and services?

We wish to inform you below about the data which is collected and processed should you contact us, order a newsletter, open an account or purchase online products. We would also like to inform you as to what purpose and by whom they are handled, on which legal basis data processing takes place and when the data is deleted.

 

A. Collected data:

 

If you book a seminar, subscribe to a newsletter or register yourself on our website, we will create a user account (learning environment) for you. We process the following data:

  • Name
  • Salutation
  • Title
  • Company address
  • Phone number (landline/mobile)
  • E-mail address
  • Customer number
  • Reference histories
  • Other data you provide in the optional fields.

Purposes of the data processing

We process your data to provide you with the user account " Learning environment" and the functions of the shop. In your learning environment you will find, for example, the documents for the products you have booked.

We will use your mobile or landline number to inform you via SMS about any changes to your booked seminar.

Legal basis:

We process your data for processing the contract according to Art. 6 I b DSGVO, when registering a newsletter based on your consent according to Art. 6 a) DSGVO.

Storage period and control options:

We store your data for as long as we need it for the specific processing purpose, for warranty purposes or to comply with statutory retention periods.

Transfer to third countries:

The data is generally processed in European computer centres. In the context of maintenance and support measures, data may also be transferred to the third country USA. In order to be able to guarantee adequate protection of your data in these cases as well, we have obligated Amazon Web Services to comply with a level of data protection in accordance with EU law using the corresponding EU standard contract clauses.

 

B. Making contact

 

Data collected:

We collect and process the information you provide us with, such as your contact details, your name and your request when you contact us through a contact form or by e-mail. All data you submit to us is encrypted.

Purposes of data processing:

Data processing is carried out by our customer service or service providers commissioned by us exclusively on the basis of processing your enquiry.

Legal basis:

We process your data for the implementation of pre-contractual and contractual measures, which are based on your request (Article 6, paragraph 1 b GDPR)

Duration of storage:

We use the service provider salesforce.com (salesforce.com EMEA Limited, Company No. 05094083, registered in England; Floor 26 Salesforce Tower, 110 Bishopsgate, EC2N 4AY London; UK) to manage your data.

The contractually agreed data processing is performed exclusively in a member state of the European Union (high-security computer centre in Frankfurt am Main) or in another state party to the Agreement on the European Economic Area. Within the scope of maintenance and support measures, data may theoretically also be transferred to the third country USA. In order to be able to guarantee adequate protection of your data in these cases as well, we have obligated service providers headquartered outside the European Union and without the basis of an adequacy finding, using the corresponding EU standard contractual clauses, to comply with a level of data protection that complies with EU law.

 

C. Seminar registration

 

Data collected:

We collect and process data provided by you in the course of seminar registration, for example your contact details, such as your name and address as well as information pertaining to the booked course subject, location, period and, if applicable, other circumstances of the respective seminar. Your data may be forwarded to hotels, trainers and cooperation partners for certain training courses in order to fulfill the contract. 

Purposes of data processing:

We process your data in order to be able to provide you with the corresponding seminar. We keep lists of participants when you register for a seminar. These contain your name, first name, if necessary your telephone number for inquiries and e-mail address. The lists of participants will be made available to the corresponding supervisors on site and the corresponding trainers. We also use your data to send you promotional offers for similar seminars and products in the future.

Legal basis:

We process your data in order to fulfil our contractual obligation towards you (Art. 6 para. 1 (b) GDPR). In addition, we process your data on the basis of legitimate interest (Art. 6 para. 1 (f) GDPR) in order to be able to submit similar interesting offers to you in the future.

Storage duration:

We store your data for as long as required for the specific processing purpose, to ensure compliance with statutory retention periods.

 

D. Customer surveys

 

Data collected:

For the purpose of online surveys, we use the services of the provider Netigate Deutschland GmbH, Untermainkai 27-28, 60329 Frankfurt am Main, Germany. Netigate processes on our behalf the information provided by users solely for the purpose of surveys. If personal data is requested, such as names or e-mail addresses, then these are made anonymous, as is the IP address of the user. If further such personal data is requested during a survey (e.g. name, address, company etc.) then we specifically point out during the survey that entering this information for statistical purposes is entirely voluntary on behalf of the user.

Purposes of data processing:

We use Netigate for the appropriate design and optimization of our websites.

Legal basis:

Netigate is used when you complete an according questionnaire. When submitting your answers, you give your consent.

Duration of storage:

Surveys containing personal data are deleted automatically after a period of 6 months.

 

Microsoft Forms

Data collected:

For the purposes of online surveys, we use the "Forms" tool from the provider Microsoft Ireland Operations Ltd. based in Leopardstown, Dublin, D18 P521, Ireland. Forms processes the information provided by users solely for the purpose of evaluating the survey on our behalf and, unless personal data such as names or e-mail addresses are requested, stores this data anonymously, i.e. in particular without the IP address of the user. Insofar as personal data is also requested within the scope of the survey beyond the topic of the survey (e.g. name, address, company, etc.), we point out separately within the scope of the survey that this is additional, voluntary information that we collect and use.

Data processing purposes:

We use Forms for the needs-based design and optimization of our products and services.

Legal basis:

We use Forms when you complete a corresponding questionnaire. By sending your answers, you give your consent, Art. 6 para. 1 a DSGVO.

Storage period:

We store your data for as long as we need it for the specific processing purpose, for warranty purposes or to comply with legal retention periods.

 

D. 1 Feedback Management

Data collected:

In the case of our products, it is possible to provide feedback downstream. In the context of these surveys, we process your information and answers in anonymous form. We process your personal data if you explicitly agree to the use of this data. We use and collect the following data in the process:

  • Company (optional)
  • Name (optional)
  • E-mail address (optional)
  • Telephone number (optional)

We use online services of Haufe Lexware GmbH und Co. KG and Microsoft Corporation (Customer Voice) to conduct the feedbacks.

Purposes of processing:

We need and use your feedback primarily to continuously develop and improve our products. In addition, we use your data for advertising purposes, provided you have given us your consent to do so.

Legal basis:

We process the data on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO.

Storage period and control options:

The feedback data will be deleted by us after 3 years at the latest.

 

D. 2 Mentimeter

Collected Data:

"Mentimeter" is a voting, brainstorming tool and offers a variety of interactive possibilities. The application can be used to create multimedia collections of material, for example in the form of a word cloud, without much effort. Surveys can be created with the application and people with a corresponding link or QR code to it can vote and give feedback. For more information on data protection, data processed by Mentimeter, please visit: https://www.mentimeter.com/privacy

Purpose of data processing:

We use the tool to interactively engage our customers.

Legal basis:

The use of Mentimeter by customers is voluntary. Mentimeter thereby acts as an independent responsible party (https://www.mentimeter.com/dpa-statement). In doing so, the customer agrees to the applicable terms of use of Menimeter https://mentimeter.com/terms.

Storage period and control option:

These result from the general terms of use and data protection of the provider.

https://mentimeter.com/terms

https://www.mentimeter.com/privacy

Third Party Transfer:

Mentimeter is hosted on Amazon Web Services (AWS). In the course of support activities, a data transfer to the USA is not foreseen, but also cannot be excluded. In order to be able to guarantee adequate protection of your data in these cases as well, Mentimeter AWS has committed itself to compliance with a level of data protection corresponding to EU law using the relevant EU standard contractual clauses.

 

Sli.do:

Collected data:

We use the survey solution provided by Sli.do s.r.o., Vajnorská 100/A, 831 04 Bratislava, Slovakia (European Union). Slido is used on the website as a processor for the purpose of surveys during a live event. In this process, data on the use of the service is collected.

Purposes of processing:

With the help of this tool, participants of the live event can actively participate in the event.

Legal basis:

We use Slido if you have consented to it. We obtain your consent when using the service via the cookie banner, Art. 6 (1) lit. a DSGVO.

Storage period and control options:

The data is stored by Slido for a maximum period of 3 years. You can prevent the collection and processing of data by disabling the setting of cookies. This may limit the functionality of the websites under certain circumstances. You can deactivate cross-device tracking under the following link.

For more information on Slido's analytics services, please visit Slido's website.

Third Party Transfers:

Slido is hosted on Amazon Web Services (AWS). In the course of support activities, data transfer to the USA is not foreseen but also cannot be excluded. In order to be able to guarantee adequate protection of your data in these cases as well, Slido AWS has committed itself to compliance with a level of data protection corresponding to EU law using the relevant EU standard contractual clauses.

 

E. Newsletter

 

Data collected:

We collect and process the information you provide, such as your name and e-mail address, when you subscribe to our newsletter.

Newsletters containing Eloqua technologies use tracking technologies. These technologies are used to collect data on whether our emails are opened and which links you click on.

Purposes of data processing:

We process the data in order to send you the newsletter.

We use the data collected through Eloqua to find out which topics are of interest to you. We then use this information to improve the e-mails we send you and the services we provide as well as connecting them to existing tracking or profiling information.

Legal basis:

After registering for a topical newsletter, we process your data with your consent to inform you via electronic mail about the selected topics and also to advertise them. We work according to the double-opt-in principle, i.e. if you order a topical newsletter on our website, we will send you a confirmation e-mail with a registration link. It is only once you have clicked on this link that you are registered on our newsletter list.

We use Eloqua only with your consent.

If we have received your e-mail address in conjunction with the sale of a product, we use it to provide you with information on similar products on the basis of legitimate interests (Article 6 f GDPR). Our legitimate interest lies in advertising our products and services directly to you.

Duration of storage:

We store your data for as long as we need it for its specific purpose.

 

F. Raffles, free catalogues, magazines and trade fair tickets

 

Data collected:

If you take part in one of our prize raffles or request our free catalogues, magazines or trade fair tickets from us, we collect and process the data provided by you via our online contact forms provided for this purpose, such as your name and address datails.

Purpose of Data Processing:

We process the data provided by you in order to allocate the prize to the respective raffle and to be able to send you the prize or the requested free catalogue, magazine or trade fair ticket. If you participate in competitions on our social media channels, such as Facebook, Instagram or LinkedIn, your data may also be processed there. If necessary, we will use your data to send you offers in line with your interests.

Legal basis:

We process your data on the basis of legitimate interest (Art. 6 para. 1 (f) GDPR) or because you have consented to the corresponding processing of your data (Art. 6 para. 1 (a) GDPR).

Duration of storage:

We store your data for as long as required with respect to the specific processing purpose.

V. What rights do you have and how can you use them?

A. Revocation of consent

You may revoke any consent given for the processing of your personal data at any time with effect for the future. Please note that the revocation does not affect the legality of previous data processing and that it does not extend to such data processing, for which there is a legal reason for permission and which, therefore, can be processed without your consent.

 

B. Further rights for the party concerned

According to Articles 15 to 21 and 77 of the EU General Data Protection Regulation (GDPR) and, if legal prerequisites are met, you are entitled to the following:

Disclosure:

You may at any time demand that we disclose to you the personal data belonging to you that we handle as well as how it is processed and request that we provide you with a copy of the personal data stored (Article 15 GDPR).

Correction:

You may demand the correction of incorrect personal data and completion of incomplete personal data (Article 16 GDPR).

Deletion:

Regarding deletion of your personal data: Please note, that excluded from deletion is any data that we require for processing and fulfilling contracts, for the assertion, exercise and defense of legal claims and data for which statutory, regulatory or contractual retention requirements exist (Article 17 GDPR).

Restriction of use:

Under certain circumstances you may demand that we limit the processing of data, for example, if you are of the opinion that your data is incorrect, if processing it is illegal or you have filed an objection to the further processing of your data. This means that without your consent, your data may be processed only to a very limited extent, e.g. for the assertion, exercise and defense of legal claims or for the protection of the rights of other natural and legal persons (Article 18 GDPR).

Objection to processing of data:

You have the option at any time to object to the use of data for direct marketing purposes. In addition, if you have special reasons, you may at any time object to the data processing that takes place on the basis of a legitimate interest (Article 21 GDPR).

Data portability:

You have the right to receive a copy of any data you have provided to us and that we handle on the basis of your consent or to fulfil the contract. This is provided in a standard, machine-readable format and, as long as it is technically feasible, you may request direct transmission of this data to third parties (Article 20 GDPR).

C. Contact methods

You can exercise your rights through the following contact channels:

Haufe Group
Mr. Raik Mickler
Data Protection Officer
Munzinger Strasse 9
79115 Freiburg - Germany
E-Mail: dsb@haufe-lexware.com

You may withdraw your consent for the processing of data using cookies and tracking technologies via the appropriate settings in your browser or via the opt-out possibilities described in detail in section II C.

You may withdraw your consent for receiving newsletters at any time by clicking on the corresponding link in each newsletter.

D. Right of complaint to a regulatory authority

If, for example, you are of the opinion that our handling of data is unlawful or that we have not granted you your rights as described above to the necessary extent then you have the right to lodge a complaint with the responsible data protection regulatory body.

Version: March, 25th 2024