(1) In the following, we will inform you about the personal data that we collect and process in connection with the use of websites and online portals. Personal data means any information that can be related to you personally, e.g. names, addresses, and IP addresses.
(2) The controller in accordance with Article 4 No. 7 General Data Protection Regulation (hereinafter referred to as “GDPR”) is:
Carl Duisberg Centren gemeinnützige GmbH
(3) The data protection officer is:
Franz-Henning Ritschel, Assessor iuris
Carl Duisberg Centren gemeinnützige GmbH
(1) You have the following rights regarding your personal data that we control as stipulated in the GDPR:
a) Right to information
b) Right to rectification or deletion
c) Right to restriction of processing
d) Right to withdraw consent at any time; however, such a withdrawal of consent does not affect the permissibility of processing for the time period before which notification of the data subject’s withdrawal of consent was received.
e) Right to object to processing as long as our processing of your data is in conflict with the balancing of interests (in cases where the legal basis for the processing is based on Article 6 No 1 f) GDPR) or when the processing is related to direct marketing. In the second case of direct marketing, we will cease the processing immediately. In the first case where legitimate purposes of the controller are in conflict with the interests or fundamental rights of the data subject, we will first limit the processing and notify you immediately of our decision whether we deem the processing to be in conflict with your interests or fundamental rights – which will lead to termination of the processing – or not.
f) Right to data portability
(2) To exercise your rights, you can contact us at any time by using the contact details provided above in §1 of this Policy or a contact form on our websites.
(3) In addition, you have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data. The data protection supervisory authority responsible for oversight of CDC is:
Landesbeauftragte für den Datenschutz und
Kavalleriestraße 2 – 4
(1) When using our website for informational purposes only, i.e. if you simply view our website and do not register or actively transfer any other data to us, we process the personal data that your browser transfers to our server. This processing is necessary to display our website for you and to be able to maintain stability and security. The data processed are the following:
a) IP address
b) Date and time of access
c) Time zone difference from Greenwich Mean Time (GMT)
d) Content accessed (particular page accessed)
e) Access status/HTTP status code
f) Specific amount of data transferred
g) Website from which the request originated
i) Operating system and its user interface
j) Language and version of the browser software
(2) We delete these data within four weeks at the latest. The legal basis for this data processing is the balancing of interests provided for in Article 6 No. 1 f) GDPR. Providing these personal data is not legally or contractually required nor is it necessary to provide these data in order conclude a contract. You are not obliged to provide these data; however, without an IP address, we cannot display our website for you.
(1) In order to maintain the confidentiality of our email communication, we conduct an email verification using a double opt-in procedure as a part of our web forms for applications, bookings, registrations, contact requests, and other similar functions. As a part of this procedure, we make use of a self-hosted, technically necessary cookie in order to guarantee that the subsequent processing of your request runs smoothly. Cookies are small data files that are saved on the end user’s computer. For the email verification procedure, we use the data you input into the web form, which consists of your first and last names and email address, and these data will be stored by us for a maximum of 14 days. Our cookie only records these same data and transfers them inside the webform. The cookie does not possess any sort of tracking function. You can deactivate cookies in your browser settings, which in this case will mean that you will have to input your data into our web forms twice. You can delete cookies at any time, e.g. by clearing your browser history or deleting saved websites/cookies.
(2) The legal basis for this data processing is Article 6 No. 1 f) GDPR. You are also required to provide the relevant personal data for each individual process (application, booking, registration, contact requests, and other similar function) and where applicable those data needed to initiate a contract; otherwise, the processes cannot be completed.
(1) On our website, we provide contact forms that can be used to initiate contact with us electronically. Required fields are first name, last name, email address, and, if this is typically required for this type of service, the postal address. All data entered into the fields of our online contact form will be stored and used to answer your inquiry, and depending on the nature of your inquiry, these data may be stored for a longer period of time. Simple inquiries that do not trigger subsequent processes will be deleted after four years at the latest. The legal basis for this data processing is consent according to Article 6 No. 1 a) GDPR. If you communicate with us in the context of a contractual relationship or the initiation of such, the legal basis for this data processing is also granted by Article 6 No. 1 b) GDPR.
(2) When a contact request is sent using one of our contact forms, certain data will be transmitted and stored. In addition to the data that you enter into the online form, the following personal data will be transmitted and stored:
a) The user’s IP address
b) The date and time of transfer
These additional data are collected and processed as a part of the transmission process of the contact form in order to prevent misuse of this function on our websites and to maintain the security of our IT system. These additional data will be deleted after seven days at the latest. The legal basis for this data processing is Article 6 No. 1 f) GDPR.
(3) Providing the relevant personal data is necessary (or in some cases partially necessary) to initiate a contract. You provide this data voluntarily; however, should you choose not to provide the necessary data, we will not be able to provide meaningful responses to contact requests that address our customers’ needs and our websites cannot be displayed to users who do not provide an IP address.
If you subscribe to a newsletter or wish to receive other informational materials, you must provide your email address and can, at your option, provide your names should you wish to be addressed by name in such communications. After subscribing, we will send you the requested newsletter or the requested informational material or similar information to the email address you have provided at regular intervals. The legal basis for this data processing is the express consent you have granted to us in according with Article 6 No. 1 a) GDPR.
Should you choose to use email to communicate with us, your email address and the content of the email will be stored, and these data will be used for the purpose of answering your inquiry. The legal basis for this data processing is your consent according to Article 6 No. 1 a) GDPR. If you communicate with us in the context of a contractual relationship or the initiation of such, the legal basis for this data processing is also granted by Article 6 No. 1 b) GDPR. Depending on the nature of the inquiry, data from email inquiries will be stored. A simple inquiry that is not associated with a subsequent contract will be deleted after four years at the latest.
On our website, we also offer various services that you can take advantage of should you be interested. To book these services, you must as a rule provide additional personal data that we use to provide the particular service to you. More exact information detailing the data processing associated with offers, in particular the purpose of the processing, legal basis, categories of recipients, and where applicable our legitimate interests, will be provided to you separately in a timely manner before you accept our offer and transmit data to us, or in some cases this information may be found in the description of the offer.
(1) Should you wish to use one of our online portals, you must register using you email address and an access code that you have been provided with as well as certain personal data (first and last name). There is no requirement to use your real name on our online portals; It is possible to use a pseudonym on our online portal. In order to verify your email address, we use a so-called double opt-in procedure in the registration process, i.e. the registration is only completed when you click on a link in a confirmation email that was send to you during the registration process. If you do not confirm your account within 24 hours, your registration will be automatically deleted from our databank. In addition, you can post other optional personal data on our portals. Where applicable, we also save personal data that you provide in the context of a self-evaluation, a needs analysis, a language test, or other use of the portals as a part of our courses or training programs as well as any test results you may have so that we can make these available to you on a learning management system to aid in studying and practicing.
(2) Under no circumstances will we engage in automated evaluations, analyses, predictions, or decision-making.
(3) The legal basis for this data processing is Article 6 No. 1 b) GDPR, or in cases where you have provided additional optional personal data, the legal basis is your consent according to Article 6 No. 1 a) GDPR. The portal end user agreement mandates that you provide the data for the necessary required fields during registration, and your contract with us to provide your course or training program mandates that you provide the necessary data when using the portals. Should you not provide these data, we cannot offer you our portals, courses, or training programs.
In some cases, we make use of external service providers for maintenance, security, and cloud services in order to process your data. We have selected these third-party providers with the utmost care. In accordance with Article 28 GDPR, they are contractually obligated to follow our instructions regarding the handling of your data, and they are subject to regular audits. We do not process your data in countries outside of the European Economic Area, and our third-party providers adhere to the same standard of only processing data inside the European Economic Area.
Unless other specific retention periods are stipulated in this Data Protection Policy, we will delete your personal data as soon as these are no longer necessary for achieving the purpose for which they were collected or a compatible purpose.
Should our data processing activities change or it necessary to comply with legal requirements, we reserve the right to modify this Data Protection Policy so that the information we provide for you will always be kept up to date. Thus, for of your next visit, please be aware that only the currently valid Data Protection Policy is applicable.