PRIVACY POLICY

This privacy policy informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) in connection with the use of our online offering. This includes all associated websites, functions and content as well as external online presences such as our profiles in social networks (collectively referred to as “online offering”). For the terms used under data protection law – such as “processing” or “controller” – we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Person responsible

The e-learning application “OSIANTO” is an offer from
30 doradus media design gmbh
Niederstr. 29
40789 Monheim, Germany
E-mail: info@30doradus.de
Managing Director: Jürgen Osterberg

Types of data processed:

  • Inventory data (e.g. names, addresses)
  • Contact details (e.g. e-mail addresses, telephone numbers)
  • Content data (e.g. text entries, photographs, videos)
  • Usage data (e.g. websites visited, access times, interest in content)
  • Meta and communication data (e.g. device information, IP addresses)

Categories of affected persons

The visitors and users of our online offering are affected by the data processing. In the following, we refer to them collectively as “users”.

Purposes of the processing

  • Provision of the online offer including all functions and contents
  • Processing contact requests and communicating with users
  • Implementation of security measures to ensure the protection of data
  • Reach measurement and marketing

Terminology used

In this privacy policy, we use various terms within the meaning of the General Data Protection Regulation (GDPR). “Personal data” means any information relating to an identified or identifiable natural person. A person is considered identifiable if they can be identified directly or indirectly – for example, by reference to a name, an identification number, location data, an online identifier (such as a cookie) or by specific characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is very broad and covers practically any handling of data.

“Pseudonymization” describes the processing of personal data in such a way that the data can no longer be assigned to a specific person without additional information. This additional information must be stored separately and protected by suitable technical and organizational measures to prevent re-identification.

“Profiling” means any form of automated processing of personal data where such data is used to evaluate certain personal aspects relating to an individual, such as job performance, economic situation, health, preferences, interests, reliability, behavior or location.

The “Person responsible” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

A “processor”, on the other hand, is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal bases

The processing of personal data is based on various legal bases set out in the General Data Protection Regulation (GDPR). In the following, we would like to outline the most important legal bases on which we base the processing of your data:

  • Consent (Art. 6 para. 1 lit. a GDPR): If you give us your express consent to process your data, this constitutes the basis for processing. Such consent can be withdrawn at any time.
  • Performance of a contract (Art. 6 para. 1 lit. b GDPR): If the processing of your data is necessary to fulfill a contract with you or to take pre-contractual measures at your request, we rely on this legal basis.
  • Legal obligation (Art. 6 para. 1 lit. c GDPR): If we are obliged to process your data due to legal requirements, the processing is based on this legal obligation.
  • Legitimate interests (Art. 6 para. 1 lit. f GDPR): In some cases, we process your data because we have a legitimate interest in carrying out certain activities, such as improving our services or ensuring IT security. In such cases, we ensure that your rights and freedoms are not unreasonably impaired.

Security measures

In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk to the rights and freedoms of data subjects. In doing so, we take into account the current state of the art, the costs of implementation, the type and scope of processing and the specific circumstances and purposes of data processing. We also pay attention to the probability of occurrence and the severity of the risks associated with the processing of personal data.

The measures taken include in particular:

  • Ensuring the confidentiality, integrity and availability of data through controlled physical access and targeted measures to protect against unauthorized access, as well as ensuring data security during input, processing, forwarding and storage.
  • The implementation of procedures that make it possible to protect the rights of data subjects, delete data and respond appropriately to potential threats to the data.

In addition, we take the protection of personal data into account as early as the development and selection of hardware, software and processes, and implement the principle of data protection through technology design and data protection-friendly default settings in accordance with Art. 25 GDPR.

Cooperation with processors and third parties

If we disclose personal data to other persons or companies as part of our data processing, transfer it or otherwise grant them access to the data, this is done exclusively on the basis of legal permission. This may be the case, for example, if data is transferred to third parties, such as payment service providers, in accordance with Art. 6 para. 1 lit. b GDPR is necessary for the performance of a contract. Furthermore, this may also happen if you have consented to the data transfer, if there is a legal obligation to do so or if it is based on our legitimate interests (e.g. when using service providers such as web hosts).

If we commission third parties with the processing of personal data within the framework of a so-called “order processing contract”, this is done in accordance with the requirements of Art. 28 GDPR.

Transfers to third countries

If we process personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this takes place in the context of the use of third-party services or the disclosure or transfer of data to third parties, this will only take place if it is necessary to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of legitimate interests on our part.

If legal or contractual permissions exist, we only process or commission third parties to process data in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing may only take place on the basis of special guarantees, such as the recognized determination of a level of protection corresponding to the EU data protection level (for example, for the USA through the “Privacy Shield”) or through compliance with officially recognized special contractual obligations, such as “standard contractual clauses”.

Rights of the data subjects

In accordance with Art. 15 GDPR, you have the right to request confirmation from us as to whether your personal data is being processed. In addition, you can receive information about this data as well as further information and a copy of the data.

According to Art. 16 GDPR, you have the right to request the completion of your personal data or the correction of incorrect data.

In accordance with Art. 17 GDPR, you have the right to demand the immediate erasure of your personal data. Alternatively, you can request the restriction of the processing of your data in accordance with Art. 18 GDPR.

In accordance with Art. 20 GDPR, you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format and to request its transmission to another controller.

In accordance with Art. 77 GDPR, you also have the right to lodge a complaint with the competent supervisory authority.

Right of withdrawal

You have the right to withdraw your consent in accordance with Art. 7 (3) GDPR with effect for the future.

Right of objection

You can object to the future processing of your personal data at any time in accordance with Art. 21 GDPR. The objection may be directed in particular against processing for the purposes of direct advertising.

Cookies and right to object to direct advertising

“Cookies” are small files that are stored on users’ devices and may contain various information. The main purpose of cookies is to store user information during or after their visit to an online service. Temporary cookies, also known as “session cookies” or “transient cookies”, are deleted when the user leaves the website and closes the browser. These cookies store, for example, the contents of a shopping cart in an online store or the login status. “Permanent” or ‘persistent’ cookies remain stored even after the browser is closed. For example, they can maintain the login status if the user visits the online offer again after several days. The user’s interests can also be stored in persistent cookies in order to use them for reach measurement or marketing purposes. “Third-party cookies” are cookies that are set by providers outside the controller of the online service, while ‘first-party cookies’ are only set by the controller itself.

We use both temporary and permanent cookies and provide information about this in our privacy policy.

Users have the option of preventing the storage of cookies by deactivating the corresponding option in their browser settings. Cookies that have already been saved can be deleted in the browser’s system settings. Please note that deactivating cookies can lead to restrictions in the functionality of this online offer.

A general objection to the use of cookies for online marketing purposes is possible for many services, particularly in the area of tracking, via the US website http://www.aboutads.info/choices/ or the European website http://www.youronlinechoices.com/. In addition, the storage of cookies can be prevented by deactivating them in the browser settings. Please note that in this case, not all functions of this online offer may be available.

Deletion of data

The data processed by us will be deleted or its processing restricted in accordance with the provisions of Art. 17 and 18 GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for the respective purpose and there are no legal obligations to retain it. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data is blocked and may not be used for other purposes. This applies, for example, to data that must be retained due to commercial or tax regulations.

In Germany, data is stored in accordance with the legal requirements, in particular for 10 years in accordance with Section 147 (1) AO and Section 257 (1) AO. 1 no. 1 and 4, para. 4 HGB (including books, records, management reports, accounting vouchers, trading books and documents relevant for taxation) and for 6 years in accordance with § 257 para. 1 no. 2 and 3, para. 4 HGB (including commercial letters).

In Austria, storage is carried out in accordance with the statutory provisions, in particular for 7 years in accordance with Section 132 (1) BAO (including accounting documents, receipts/invoices, accounts, business papers and statement of income and expenses), for 22 years in connection with real estate and for 10 years for documents in connection with electronically provided services, telecommunications, radio and television services that are provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.

Business-related processing

We also process:

  • Contract data (e.g. subject matter of the contract, term, customer category),
  • Payment data (e.g. bank details, payment history),

from our customers, interested parties and business partners in order to provide contractual services, ensure service and customer care and carry out marketing, advertising and market research.

Agency services

We process our customers’ data as part of the provision of contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, the implementation of campaigns and processes as well as server administration, data analysis, consulting services and training offers.

In doing so, we process:

  • Inventory data (e.g. customer master data such as names or addresses),
  • Contact details (e.g. e-mail addresses, telephone numbers),
  • Content data (e.g. text entries, photographs, videos),
  • Contract data (e.g. subject matter of the contract, term),
  • Payment data (e.g. bank details, payment history),
  • Usage and metadata (e.g. to evaluate and measure the success of marketing measures).

Special categories of personal data are generally not processed unless they are part of commissioned processing. The data subjects include our customers, interested parties and their customers, users, website visitors, employees and third parties. The purpose of data processing is the provision of contractual services, billing and customer service. The legal basis for the processing results from Art. 6 para. 1 lit. b GDPR (contractual services) and Art. 6 para. 1 lit. f GDPR (analysis, statistics, optimization, security measures).

We only process the data required to justify and fulfill the contractual services and point out the necessity of providing this data. Disclosure to third parties only takes place if this is necessary as part of an order. As part of order processing in accordance with Art. 28 GDPR, we process the data provided to us exclusively in accordance with the instructions of the client and exclusively for the purposes specified in the order.

The data will be deleted after the expiry of statutory warranty and comparable obligations. The necessity of storage is reviewed every three years. In the case of legally prescribed archiving obligations, the deletion takes place after their expiry (6 years according to § 257 para. 1 HGB, 10 years according to § 147 para. 1 AO). For data provided to us as part of an order, we delete it in accordance with the specifications of the order, usually after completion of the order.

Contractual services

We process the data of our contractual partners, interested parties and other clients, customers, clients, clients or contractual partners (hereinafter uniformly referred to as “contractual partners”) in accordance with Art. 6 para. 1 lit. b GDPR in order to provide you with our contractual or pre-contractual services. The type, scope and purpose of the processing as well as the necessity of the data processing depend on the underlying contractual relationship.

The processed data includes in particular:

  • Master data of our contractual partners (e.g. names and addresses),
  • Contact details (e.g. e-mail addresses, telephone numbers),
  • Contract data (e.g. services used, contract content, contractual communication, names of contact persons),
  • Payment data (e.g. bank details, payment history).

Special categories of personal data are generally not processed unless they are part of commissioned or contractual processing.

We only process the data required to justify and fulfill the contractual services and, if not obvious to contractual partners, point out the necessity of providing this data. Data is only disclosed to external persons or companies if this is necessary within the framework of a contract. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements.

As part of the use of our online services, we may store the IP address and the time of the respective user action. This storage is based on our legitimate interests and the interest of users in protection against misuse and unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims in accordance with Art. 6 para. 1 lit. f GDPR or there is a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR.

The data is deleted when it is no longer required for the fulfillment of contractual or statutory duties of care or for the fulfillment of warranty and comparable obligations. The necessity of storage is reviewed every three years; otherwise the statutory storage obligations apply.

Contact us

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user’s data will be used to process the contact request and its handling in accordance with Art. 6 para. 1 lit. a GDPR. 1 lit. b GDPR is processed. User data may be stored in a customer relationship management system (“CRM system”) or a comparable inquiry management system.

We delete the requests as soon as they are no longer required. The necessity is reviewed every two years; the statutory archiving obligations also apply.

Collection of access data and log files

We or our hosting provider collect data on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR data about every access to the server on which this service is hosted (so-called server log files). The access data includes the name of the website accessed, the file, the date and time of access, the amount of data transferred, the notification of successful access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.

The log file information is stored for a maximum of 7 days for security reasons (e.g. to clarify acts of abuse or fraud) and then deleted. Data whose further storage is required for evidentiary purposes will remain stored until the respective incident has been finally clarified.

Google AdWords and conversion measurement

We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR).

Google is certified under the Privacy Shield Agreement and thus offers a guarantee that European data protection law is complied with (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

As part of our online marketing, we use the “Google AdWords” process to place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.) that are displayed to users who are presumed to be interested in these ads. This enables us to place targeted ads within our online offering and only present users with ads that potentially match their interests. An example of this is “remarketing”, where a user is shown ads for products that they have shown an interest in on other websites. For these purposes, a code is executed directly by Google when you visit our website and other websites on which the Google advertising network is active. So-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the websites. This stores an individual cookie on the user’s device (comparable technologies can also be used instead of cookies). This file stores information about which websites the user has visited, which content they have been interested in and which offers they have clicked on, as well as technical information about the browser and operating system, the referrer websites, visiting times and other information about the use of the online offer.

We also receive an individual “conversion cookie”. Google uses the information obtained through the cookie to create conversion statistics for us. However, we only receive the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not receive any information with which users can be personally identified.

User data is processed pseudonymously within the Google advertising network. This means that Google does not store the user’s name or email address, for example, but processes the relevant data within pseudonymous user profiles. The ads are therefore not displayed for a specifically identified person, but for the owner of the cookie, regardless of their actual identity. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information collected is transmitted to Google and stored on Google’s servers in the USA.

Further information on the use of data by Google, setting and objection options can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

Range measurement with Matomo

As part of the reach analysis with Matomo, the following data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR): Browser type and version, operating system, country of origin, date and time of the server request, number of visits, time spent on the website and the external links you have clicked on. The IP address is anonymized the moment Matomo receives it (masking of the last bytes) and only stored afterwards.

Matomo uses cookies, which are stored on the user’s computer and enable us to analyze the use of our online offering. Pseudonymous user profiles can be created from the processed data. The cookies have the following standard storage periods

  • Visitor ID, expires after 13 months
  • Session cookie, expires after 30 minutes
  • Referrer information, expiry after 6 months

The information obtained by the cookie is stored exclusively on our own server and is not passed on to third parties. The logs with the pseudonymous usage data are automatically deleted by us after 6 months at the latest.

Users can object to the anonymized data collection by Matomo at any time with effect for the future by deactivating the following checkbox. In this case, an opt-out cookie will be stored in your browser, which will prevent Matomo from collecting any further session data. If you delete your cookies, the opt-out cookie must be reactivated if necessary:

Online presence in social media

We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.

Unless otherwise stated in this privacy policy, we process users’ data when they communicate with us within social networks and platforms, e.g. by writing posts on our online presences or sending us messages.

Integration of third-party services and content

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offers from third-party providers within our online offer in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). GDPR), we use content or service offers from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This assumes that the third-party providers of this content are aware of the user’s IP address, as they would not be able to send the content to the user’s browser without the IP address. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers use the IP address exclusively to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and contains, among other things, technical information about the browser and operating system, referring websites, visiting times and other information about the use of our online offer. This information may be combined with information from other sources.

Integration of social plugins of the social network Meta (formerly Facebook)

We use social plugins (“plugins”) of the social network Meta, responsible for Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR). The plugins include interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Meta logos (white “f” on blue tile, “Like” or “Thumbs up”) or are marked with “Facebook Social Plugin”. A complete list and the current appearance of the social plugins can be found here:
https://developers.facebook.com/docs/plugins.

When you visit a page of our website that contains such a plugin, your device establishes a direct connection to Meta’s servers and the plugin content is integrated into the website. Meta can create usage profiles and – if you are logged in to Meta – assign the visits to your Meta profile.

The transfer of personal data to third countries (e.g. to the USA) is based on the Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of data protection. Further information on data protection at Meta can be found in the privacy policy at https://www.facebook.com/privacy/policy and on personalization or advertising settings (opt-out) at https://www.facebook.com/business/help/1739644726781076 or https://www.facebook.com/help/247395082112892

Integration of content from the social network X

Functions and content of the X service may be offered as part of our online offering. X Corp (formerly Twitter, Inc.), 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, is responsible for this. The embedded content includes tweets, images, videos and buttons for clicking “Like” or for following profiles.

If you are logged in as a member of X or have a profile there, X can assign the views of the embedded content to your user account. The transfer of personal data to third countries (e.g. the USA) takes place on the basis of the Standard Contractual Clauses (SCCs) approved by the European Commission. Further information on data protection at X can be found in X’s privacy policy at
https://x.com/privacy and to opt-out and personalization settings at https://help.x.com/personalization-data-settings.