Privacy policy

DATA PROTECTION: HOW PERSONAL DATA IS PROCESSED AT CODE ACADEMY COLLEGE (PURSUANT TO ARTICLE 13 DSGVO)

1. DATA CONTROLLER AS DEFINED BY DATA PROTECTION LAW; CONTACT

The data controller as defined by data protection law is CodeAcademy GmbH, Lehrterstr. 57, 10557 Berlin, Telefon: 030 54 82 30 89,  info(at)codeacademycollege.com

2. DATA WE COLLECT, PURPOSE FOR COLLECTION

2.1. As a prospective customer or participant/student using our educational products

When you contact us using the contact options provided on the website, on social media (e.g. LinkedIn, XING), by email we collect various personal data, depending on whether you are receiving a consultation or are concluding a contract with us:

If you book an educational course, training, continuing education course or coaching session with us, we collect and process the data that is necessary to execute the contract. The scope of the data depends on the product and on your funding situation. The types of data that may be involved are described below. The precise scope will depend on the form used and your particular circumstances. If you contact us as a prospective student, we collect much of this data in the course of initiating a contract. The legal basis for the processing of data in this case is Article 6 Paragraph 1(b) GDPR. Unfortunately, we are unable to proceed with your consultancy appointment if you do not provide the required data. Additional information is provided on a voluntary basis and will be processed based on your consent.

2.1.1. We collect the following data from you directly:

Personal data and contact details. We use a specialist service provider to administer our appointment booking system. We have concluded a data processing agreement with them.
We need your date of birth for the contract and for issuing the certificate.
Professional/CV data and data regarding qualifications (e.g. educational qualifications)
Details about the profession, traineeship or workplace being pursued
Details regarding financing and, if applicable, your source of funding
In special cases, certificate of health or good conduct, where applicable
Documentation for a disability if intending to request special leave
If applicable, details regarding mobility and willingness to travel
In special cases, details regarding impairments relevant to the labour market and the degree of disability
Your account details, should we apply to your funding source for travel expenses on your behalf
From integration course participants, we also over require details regarding residence status and country of origin
If you would like to participate from home, we collect data relating to the quality of your internet connection
If you have provided your contact details as a prospective student, we use this data to contact you regarding the initiation of a contract, e.g. to arrange a consultancy appointment, to send you offers that correspond with your stated qualification goals, to remind you of agreed appointments, or for queries regarding quotes issued.
If you contact us on social media (e.g. LinkedIn, XING) to arrange a consultation or discuss a specific service that CAC provides, we will collect the following data: name, email address, company, position and telephone number. This information is required in order to process your inquiry.
Information about an employment relationship that has been entered into in the meantime upon completion of your qualification for quality control. It is very important to CAC that your qualification brings you success. In order to evaluate this, we will contact you once you have completed your course of action. If you are a participant of a state-subsidised programme, we are required to inform the funding source of this pursuant to Sections 183 and 318 of the German Social Code, Book III (Sozialgesetzbuch Drittes Buch [SGB III]) and Section 2 Paragraph 2 of the German Accreditation and Licensing Ordinance on Employment Promotion (Akkreditierungs- und Zulassungsverordnung Arbeitsförderung [AZAV]). The legal basis for processing is Article 6 Paragraph 1(c) GDPR in conjunction with the provisions mentioned above under German law. If you do not have any state funding, we will process this data on the basis of Article 6 Paragraph 1(f) GDPR (legitimate interest). In this case, the right of objection described in section 4.2 applies.
Information on proof of vaccination, past infection and testing as required under the German Infection Protection Act.
To further improve our consultancy services, consultations may be another person may listen in on those conversations in isolated cases. Before beginning the conversation, you are given the opportunity to decide whether you agree to this. The legal basis is Article 6 Paragraph 1(a) GDPR (consent).

2.1.2. We collect the following data from third parties

Depending on whether other partners are involved in your qualification course, we collect the following data so we are able to provide our contractually agreed services (Article 6 Paragraph 1(b) GDPR):

We obtain details regarding the status of your registration, process organisation and examination results from the competent professional chamber or practice.
We obtain your examination results from certification partners.
We obtain details relating to the progress of your internship or practical training (e.g. progress, effort, absences) from your internship or cooperation company.
If you attend an integration course or a DeuFöV (German Language Ordinance) German language course, we obtain details from the German Federal Office for Migration and Refugees (BAMF) regarding your identity, suitability and eligibility for funding. If you switch courses, we obtain the data from your previous course provider.
If you are being subsidized under the Qualification Opportunities Act (Qualifizierungschancengesetz – QCG), we will receive your personal and contact information, as well as data regarding your career history/resume and professional qualifications from your employer.

2.1.3. We send the following data to third parties

We inform your funding source regarding the progress of your participation and about any special events. Only data necessary for both parties to complete their tasks is sent (e.g. contractual documents, dates of absence, certificates of incapacity to work, certificates, participation reports, information on conduct and performance relevant to the measure’s objective or incorporation). We are bound to comply with this requirement by Sections 81, 183 and 318 SGB III. The legal basis is Article 6 Paragraph 1(c) GDPR in conjunction with the provisions mentioned above under German law. If special categories of personal data are involved when sending data, this is on the basis of Article 9 Paragraph 2(b) GDPR in conjunction with the provisions mentioned above under German law. If you receive benefits for participation, interim and final reports and, where applicable, psychological fitness reports are also sent. In the event of special leave due to disability, we store a copy of the documentation you provide regarding your disability and send this information to your source of funding.

Only the data necessary for the course/coaching is sent to freelance trainers/coaches hired to conduct your qualification course or coaching.

To access digital learning tools, it may be necessary to send the personal data we require for registration to the relevant publishers. These providers have been verified in terms of their compliance with German and European data protection laws.

As part of quality controls conducted by outside certifiers (including DQS) or the audit service of the German Federal Employment Agency, your data is sent to the auditing organisation, if applicable.

Depending on whether other partners are also involved in your qualification course, we send the data necessary for the task in question (pursuant to Article 6 Paragraph 1(b) GDPR) to the following third parties, where applicable, for the purpose of executing the contract:

Professional chambers (e.g. Chamber of Industry and Commerce (IHK), Chamber of Handicrafts (HWK))
Certification partners (e.g. SAP, DEKRA, Microsoft, LCCI, TELC)
Internship and cooperation companies
If you switch to another provider, we send them all the necessary data (only applies to those attending integration courses)
Educational authorities
School administration offices
State statistical offices
German Federal Education and Training Assistance Act (BAföG) office
For Saxony, Sächsische Aufbaubank
Education partner

Disclosure to potential employers:

If you have explicitly consented, we use data regarding your suitability (CV, qualifications booked) to compare with enquiries from potential employers and, if applicable, to send this data to the company making the enquiry.

2.1.4. Erasure of your data

We store your personal data as long as it is required to meet our statutory and contractual obligations.

If it is no longer necessary to store your data to meet our contractual or statutory obligations, your data will be erased unless further processing is necessary to fulfil retention obligations or protect our legitimate interests.

2.2. As the contact person for a company/organisation

If you are the contact person for your organisation and you contact CAC (e.g. as a corporate client, partner or supplier), we collect the following data:

Name and contact details
Employer and, if applicable, your position in your organisation

The purpose of processing is to fulfil contractual obligations. The legal basis for processing is therefore Article 6 Paragraph 1(b) GDPR.

We store your personal data as long as it is required to meet our statutory and contractual obligations.

2.3. When using our website for informational purposes

When using our website purely for informational purposes, i.e. if you do not register or otherwise send us information, we only collect the data your browser transmits to our server, including any personal data that includes. When you view our website, we collect the following data, which we require for technical reasons for the proper display of our website and to ensure its stability and security:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transmitted in each case
Website where the request initiates
Browser
Operating system and its interface
Language and version of the browser software

If the data processed is personal data, the legal basis for processing is Article 6 Paragraph 1(f) GDPR. Under the above provision, our legitimate interest here is in making our website technically available and securing it.

We also use cookies, tracking tools, targeting methods and social media plugins on our website. The specific methods used and how we use your data in the process are explained in greater detail in Section 5 below.

The data collected is stored for a period of six (6) months, after which it is automatically erased. For information on routine erasure and the tools used, please see the relevant paragraphs in Section 5.

2.4. When participating in surveys about quality checks

In accordance with § 2 (4) of the Akkreditierungs – und Zulassungsverordnung Arbeitsförderung [AZAV], we are required to ensure and continuously improve the quality of our certified trainings through targeted and systematic procedures and measures. This includes regular surveys of participants according to § 2 (4) number 9 AZAV. Therefore, surveys are regularly conducted. The data is used exclusively for the purpose of quality control and pseudonymized after collection. It will not be disclosed to third parties. The data from this survey will be combined with other pseudonymized data stored by us for analysis purposes. Only a few employees from the quality management have access to assign feedback to pseudonyms in order to create evaluations for quality control purposes. Only these employees bound by confidentiality obligations are able to establish a personal reference. For other employees (e.g. Community Management, Instructors), it is not intended to draw conclusions about individuals. The legal basis for processing is Art. 6 (1) lit.c GDPR in conjunction with § 2 (4) number 9 AZAV. Satisfaction surveys conducted in non-AZAV certified measures are based on our legitimate interest according to Art. 6 Abs.lit.f GDPR, which lies in using the results for improving our services. You can object at any time against the use of your data for satisfaction surveys by sending a message to info@codeacademycollege.com.

We would also like to facilitate independent quality checks by institutes. As such, we may hire other companies to conduct customer surveys, so you might be contacted by a company other than CAC. We conclude contracts for data processing with these companies in compliance with the provisions of the GDPR.

2.5. Recorded training

For some products, recorded training sessions are included as part of the services contracted. In these cases, training sessions are recorded to facilitate participation when convenient for the viewer. The recording includes all comments made, requests to speak, questions, etc., with the relevant name and surname displayed. The legal basis for processing is Article 6 Paragraph 1(b) GDPR (performance of a contract). Camera usage is on a voluntary basis (consent as per Article 6 Paragraph 1(a)). The recording is provided to all participants for a limited time (usually four (4) weeks).

3. DATA PROCESSOR AND THIRD-PARTY SERVICE PROVIDERS

We sometimes use third-party service providers to process your data. These third parties may have access to personal data, provided this is necessary to complete their tasks. In terms of contracted data processing as stipulated in Article 28 GDPR, we ensure that these providers are similarly bound by the provisions of data protection laws. If service providers are data controllers as defined by the GDPR, they are bound by a duty of confidentiality and must comply with the statutory data protection regulations. Please also take note of the privacy notices for each service provider (see Section 5). The service provider in each case is responsible for the content of third-party services, whereas we verify that their services are in compliance with the statutory requirements to a reasonable extent.

It is important to us that your data be processed within the EU/EEA. However, we may use service providers that process data outside of the EU/EEA. In these cases, we ensure that the recipient has an adequate level of data protection in place before transmitting your personal data. This means that we are able to achieve a level of data protection commensurate with EU standards through what are known as EU standard contractual clauses or an adequacy decision by the EU Commission. Specific guarantees are explained with each procedure.

3.1. Use of Microsoft 365

To conduct calls, meetings, video conferences, training sessions and coaching, we use Microsoft Teams and other services included in the Microsoft 365 Suite, a product of Microsoft Corp., USA, on the basis of Article 6 Paragraph 1(b) (performance of a contract) and Article 6 Paragraph 1(f) GDPR. Being able to ensure these events are conducted properly, even in situations where participant attendance cannot be fully guaranteed, is a legitimate interest as defined by Article 6 Paragraph 1(f) GDPR. We have concluded a data processing agreement with Microsoft. Where data is sent to third countries in connection with the use of Microsoft 365, this is done on the basis of EU standard contractual clauses. These are available here https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087. For more information about data protection at Microsoft Teams, please visit: https://docs.microsoft.com/en-us/microsoftteams/teams-privacy. In all other respects, the CodeAcademy GmbH Terms of Use apply to the use of Microsoft 365.

4. YOUR RIGHTS

To exercise your rights as a data subject, simply send a message to info@codeacademycollege.com or one of the other contact addresses listed in Section 1.

4.1. Right to revoke consent

If data processing is carried out on the basis of your consent, you may revoke your consent to your data being processed at any time with future effect without incurring any detrimental consequences. This does not affect the lawfulness of any data processing that was carried out before you revoked your consent.

4.2. Right to object in the event of data processing on the basis of a legitimate or public interest

Under Article 21 Paragraph 1 GDPR, you have the right to lodge an objection to the processing of personal data relating to you for reasons relating to your particular situation where this is done on the basis of Article 6 Paragraph 1(e) (data processing in the public interest) or (f) (data processing to safeguard a legitimate interest) GDPR. This also applies to any profiling based on this provision.

4.3. Right to conduct direct marketing in the event of data processing

If we process your personal data in order to engage in direct marketing, you have the right under Article 21 Paragraph 2 GDPR to lodge an objection against the processing of the personal data relating to you for the purpose of such marketing at any time. This also applies to profiling where this is connected to this kind of direct marketing.

4.4. Other rights

You are further entitled to exercise the following rights, provided the legal requirements are met in each case:

Right to information about your personal data stored with us in accordance with Article 15 GDPR; in particular, you are entitled to access information on the purpose of the processing, categories of personal data, categories of recipients to whom personal data have been disclosed or are to be disclosed, the planned storage period, and the origin of your data, provided this data was not collected from you directly;
Right to rectification of incorrect or incomplete data pursuant to Article 16 GDPR;
Right to erasure of the data we have stored on you pursuant to Article 17 GDPR unless we are required to comply with any legal or contractual retention period or other legal requirements or rights regarding further storage;
Right to restriction of the processing of your personal data pursuant to Article 18 GDPR where the accuracy of the data is contested by you, its processing is unlawful, but you object to its erasure; the data controller no longer needs the data but you need it to assert claims, or exercise or defend claims, or you have lodged an objection against this data being processed pursuant to Article 21 GDPR;
Right to data portability pursuant to Article 20 GDPR, i.e. the right to receive the data we have stored about you in a commonly used, machine-readable format, or to request that this data be sent to another data controller;
Right to lodge a complaint with a supervisory authority. In general, you may contact the supervisory authority in your usual place of work or residence or in the location of our company headquarters for this purpose.

5. INFORMATION ON TECHNOLOGY USED

The following web-based technology is generally used on the CodeAcademy College website. You can find out which technology is actually being used by looking at the overview of cookie consents on the website in question.

5.1. Cookies and tracking – General information
When using our website, cookies are stored on the user’s device and other similar tracking technologies are used. Cookies are small data records in a database maintained by your browser or text files your browser generates automatically and are stored on your device (laptop, tablet, smartphone, etc.), They provide certain information to the organisation that sets the cookies (in this case, us). For the sake of readability, other tracking technologies that work similarly to cookies and whose functionality is explained in the sections below are also referred to as cookies. Cookies do not harm your device and do not contain viruses, Trojan horses or other malware. They serve to make our online services more user-friendly and effective overall.

This website uses the following types of cookies and tracking, the scope and functionality of which are explained below:

5.1.1. Transient cookies, session cookies

These cookies are erased automatically when you close your browser or log out. These cookies store what is known as a session ID. This allows us to assign various requests from your browser to a common session. This enables us to recognise your computer if you return to our website.

5.1.2. Persistent cookies

Persistent cookies are automatically erased after a given amount of time, which may differ depending on the cookie. You can erase these cookies at any time by adjusting your browser’s privacy settings.

5.1.3. Flash cookies, local shared objects

Flash cookies are set by the Adobe Flash plugin, which is installed in your browser. These objects store the necessary data, regardless of the browser you use, which means the data can be used across different browsers. They have no automatic expiry date. Depending on your browser, Flash cookies can be managed (e.g. erased) like other cookies, or they may not be visible in your browser’s cookie management system. If you do not want any Flash cookie processing to be carried out, adjust your Flash Player settings to prevent this or install a relevant add-on to your browser.

5.1.4. Web storage, DOM storage

Web storage is used to store data in your browser for the purposes listed below. There are two main types of storage: Local storage for persistent data (with no expiry date) and session storage for session data (which is erased once the browser window is closed). You can erase this data by adjusting your browser’s developer options.

5.1.5. Tracking pixels, pixel trackers

This method typically involves running a tracking script on the website, which requests a tracking pixel from the web analytics tool provider. Information for the purposes listed below is also sent and, where applicable, a cookie for the web analytics tool provider is set. If there is an existing cookie, this information is added to the information in the cookie. You can remove these cookies as explained above.

5.1.6. Further information about cookies

The necessary or essential cookies listed later in this text allow us to store the connection status of your account and to adjust the website to tailor it to your device. For example, they enable you to have direct access to personal and protected zones on our website with a user name or data you have previously entered. The data processed by these cookies is necessary for the purposes stated in order to safeguard our legitimate interests as well as those of third parties in line with Article 6 Paragraph 1(f) GDPR.

The analytical cookies listed help us to optimise our website to make it more convenient for you to use. For example, we use session cookies to recognise that you have already visited specific pages on our website. These cookies store what is known as a session ID. This allows us to assign various requests from your browser to a common session. This enables us to recognise your computer if you return to our website.

We also use cookies to record the use of our website for statistical reasons and evaluate it for the purpose of optimising our products and services for you. These cookies allow us to automatically recognise that you have already visited our website on a previous occasion when you visit our website again. We also use the cookies to be able to identify you for follow-up visits if you have an account with us. Otherwise, you will need to log in again each time you visit our website.

We can also use cookies to store your preferences. This allows us or third-party providers running features on our website to store your settings on our website or individual features. When you later return to our website, your previous settings are restored.

We aim to use these tracking measures to continuously optimise the design of our website to suit your needs. We also use these tracking measures to record the use of our website for statistical purposes. We also use the data to optimise advertising content. The purposes for data processing and the categories of data being processed can be found in the description of each tracking tool and the overview of cookie consents.

Data processing in connection with the setting of analytical, statistical or preference cookies and tracking cookies is conducted on the basis of your consent (Article 6 Paragraph 1(a) GDPR). More information is available in the relevant sections covering web analytics tools in this Privacy Notice.

5.1.7. Overview of cookie consents

Your consent applies to the following domains: www.codeacademycollege.com

5.1.8. The legal basis for the use of cookies and the associated processing of personal data

The legal basis for storing information in your terminal device or access to information that is already stored in your device is your consent in accordance with § 25 Para. 1 TTDSG [Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia]. In the event that it is absolutely necessary to store information in your terminal device or access information already stored in your device so that we can provide a telemedia service that you have expressly requested, the legal basis is § 25 Para. 2 (2) TTDSG.

The legal basis for the processing of personal data using cookies that are not necessary from a technical perspective is your consent in accordance with Art. 6 Para. 1 S. 1(a) GDPR.

The legal basis for the processing of personal data using technically necessary cookies is our legitimate interest in accordance with Art. 6 Para. 1 S. 1(f) GDPR.

5.2. Google Tag Manager

This website uses the Google Tag Manager tool (“GTM”), operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use GTM to manage the tools we are informing you about in this Privacy Notice. For details regarding these tools, please refer to the information about the specific tool.

GTM is embedded using a script and a variant for systems with JavaScript disabled. It is loaded from the domain googletagmanager.com. It loads tools from Google or third-party providers, which in turn may collect data or load cookies (see the cookie declaration in this Privacy Notice). GTM itself does not access this data.

More information about GTM is available in the terms of use for this product.

The legal basis for setting cookies and processing your data is your consent. You can revoke your consent at any time with future effect. This does not affect the lawfulness of the processing up to the time of revocation.

5.3. Google Analytics

5.3.1. Scope of processing of personal data

We use Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and its representative in the Union, Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter termed Google). Among other things, Google Analytics checks where visitors are based, the amount of time they spend on individual pages, and the use of search engines. This allows better monitoring of the success of advertising campaigns. To do this, Google places a cookie on your computer. The cookie allows personal data to be stored and evaluated, especially the user’s activity (in particular, which pages have been visited and which elements have been clicked on); device and browser information (in particular the IP address and operating system); data about the advertisements shown (in particular, which advertisements were displayed and whether the user clicked on them); and also data from advertising partners (in particular pseudonymised user IDs).

We use Google Analytics (Universal Analytics) to evaluate your use of our website, to compile reports on your activities and to use other Google services related to the use of our website and internet usage.

We have stipulated that IP addresses be anonymised, whereby Google shortens your IP address as soon as technically possible. However, we cannot rule out that your data may be transmitted to the servers of Google LLC based in the USA.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the activities carried out on the site, and to provide other services related to the use of the website and internet usage to the operator of the website.

You can find further information on data processing carried out by Google here:

https://policies.google.com/privacy

5.3.2. Purpose of the data processing

The use of Google Analytics (Universal Analytics) enables us to evaluate the use of our website and to target advertising to people who have already expressed an initial interest by visiting the site.

5.3.3. Legal basis for processing personal data

The legal basis for the processing of users’ personal data is essentially the user’s consent in accordance with Art. 6 Para. 1 S. 1(a) GDPR.

5.3.4. Duration of storage

Your personal information will be stored for as long as is necessary to fulfil the purposes described in this privacy policy or until you exercise your right of withdrawal.

5.3.5. Option to revoke consent

You have the right to revoke your declaration of consent at any time under data protection law. The revocation of consent does not affect the legality of the processing carried out on the basis of consent up to the point of revocation.

You can prevent Google from collecting and processing your personal data by disabling the storage of third-party cookies on your computer, using the ‘Do not track’ function on a supporting browser, deactivating the execution of script code in your browser, or installing a script blocker like NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can also prevent Google from both collecting the data generated by the cookie and that related to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?

With the following link, you can deactivate the use of your personal data by Google: https://adssettings.google.de

You can find further information on objection and removal options in relation to Google at: https://policies.google.com/privacy?

5.3.6. Notice of risk

Your personal data will also be transmitted to the USA. The USA has no adequacy decision in accordance with Art. 45 Para. 3 GDPR. We would like to point out that data transmission without the existence of an adequacy decision involves certain risks, which we must inform you about below:

US intelligence services use certain online identifiers (such as IP addresses or unique identifiers) as a starting point for tracking individuals. In particular, we cannot rule out the possibility that these intelligence services may have already collected information about you, by means of which the data transmitted here could be traced back to you.

Providers of electronic communications services headquartered in the USA are subject to surveillance by US intelligence agencies in accordance with 50 U.S. Code § 1881a (‘FISA 702’). In accordance with 50 U.S. Code § 1881a, providers of electronic communications services headquartered in the USA have an obligation to provide the US authorities with personal data, without you being entitled to any potential means of redress. Even encrypting the data in the electronic communications service provider’s data centres cannot provide adequate protection, since an electronic communications service provider has a direct obligation, with respect to the imported data in its possession, custody or control, to allow access to or to release the data. This obligation can expressly also extend to the cryptographic keys, without which the data cannot be read.

The fact that this is not just a ‘theoretical danger’ is shown by the judgement of the ECJ on 16 July 2020 (Rs. C 311/18, ‘Schrems II’).

We have concluded guarantees with Google in the form of standard data protection clauses in accordance with Art. 46 Para. 2(c) GDPR. You can request a copy of the standard data protection clauses from us.

5.4. Google Ads

5.4.1. Conversion Tracking

Our website uses Google Ads Conversion Tracking, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), to record the use of our website for statistical reasons and evaluate it for the purpose of optimising our products and services for you. Google Ads sets a cookie on your computer if you are directed to our website via a Google ad.

These cookies cease to be valid after 30 days. If a user visits specific pages of the Ads customer’s website and the cookie remains active, the cookie allows Google and the customer to recognise that the user clicked on the advertisement and was directed to this website.

The information generated by cookies about your use of this website is transferred to a Google server in the US and stored there. We have concluded a data processing agreement with Google for the use of Google Ads. This agreement serves to ensure that Google processes the data in compliance with the EU General Data Protection Regulation and to guarantee the rights of data subjects. Part of the order processing contract with Google are so-called EU standard data protection clauses (Art. 46 Para. 2 S. 1(c) GDPR). These are classed as an appropriate guarantee to protect the transfer and processing of personal data outside the EU.

Each Ads customer receives a different cookie. This means that cookies cannot be tracked across different Ads customers’ websites. The information collected using the conversion cookie serves to create conversion statistics for Ads customers that have opted to use conversion tracking. This enables Google to determine the total number of users who have clicked on our ad and were directed to a website equipped with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.

You can find Google’s privacy policy for conversion tracking here.

You can prevent participation in this tracking as follows: by disabling interest-based ads from providers that are part of the self-governing About Ads campaign via the link https://optout.aboutads.info/. These settings are reset when you erase your cookies.

5.4.2. Use of data for advanced conversions

We use advanced conversions from Google Ads from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter termed ‘Google’). Advanced conversions allow conversions to be tracked more accurately. The existing conversion tags are supplemented using this feature. It enables us to send our conversion data as hash values from our website to Google. For this purpose, the secure SHA256 one-way hash algorithm is applied to customer data (e.g. email addresses) before it is sent to Google. The hash data is then matched to signed-in Google accounts in order to assign the conversions from our campaigns to users’ actions, such as clicks or views, in response to adverts.

You can find the customer data guidelines regarding advanced conversions here. How Google uses your data is described here.

Your personal data will be stored for as long as is necessary to fulfil the purposes described in this privacy policy or as required by law.

Further information on your rights to objection and erasure with regard to Google can be found at: https://policies.google.com/privacy

5.5. YouTube

Our website uses services provided by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to embed videos on the website. You may need to click a button on the playback screen and accept cookies to play the video. If you press play on a video on the website, your IP address is sent to YouTube and cookies are installed on your computer before the video is actually played. However, we have embedded our YouTube videos with enhanced privacy mode (in this case, YouTube still contacts the Google Marketing Platform service, but according to Google’s privacy policy, personal data is not analysed in this process). As a result, YouTube no longer stores information about visitors unless they watch the video. When you click on the video, your IP address is sent to YouTube and YouTube recognises that you have watched the video. If you are logged in to YouTube, this information is also linked to your user account (you can prevent this by logging out of YouTube before viewing the video).

We have no knowledge or influence on the possible collection and use of your data by YouTube at that point. For more detailed information, please refer to YouTube’s privacy policy at https://policies.google.com/privacy. In addition, please refer to our general description in this Privacy Notice with respect to the general handling of cookies and disabling them.

5.6. Facebook

5.6.1. Custom Audiences

If you consent to this in advance, we use the Custom Audiences remarketing feature offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook Ireland”) on our websites. This feature allows us to direct targeted advertising at website visitors by placing personalised, interest-based Facebook ads tailored to visitors of the website when you visit the Facebook social network. To make use of the various features available, we have agreed terms and conditions with Facebook as part of a data processing agreement as per Article 28 GDPR. In this agreement, Facebook affirms that it processes data in accordance with the GDPR and that it protects the rights of data subjects. The legal basis for setting cookies and processing your data is your consent. You can revoke your consent at any time with future effect. This does not affect the lawfulness of the processing up to the time of revocation.

You may revoke your consent to the use of the global Custom Audiences service here on the Facebook website. After logging in to your Facebook account, you will be taken to the settings page for Facebook Ads.

5.6.2. Facebook pixel for metrics and analytics

The Facebook pixel allows us to use tracking solutions and analytics services to see how you react to our ads on Facebook, for example when you click on a link in the ad that leads to our website. This gives us a better overview of how successful our campaigns on Facebook are and helps us continually optimise them. We also use the pixel to identify you as a visitor to our website. We can use this information to display the ads we post on Facebook only to those Facebook users who are also likely to be interested in our products and services, either because they have visited our website before or because they have certain characteristics (e.g. interested in certain topics or products identified based on the websites they have visited).

The pixel is loaded when you visit our website or respond to an ad we have placed on Facebook, for example by clicking on a link to our website contained in the ad. This creates a pixel ID, which is stored in a cookie, so that we then receive an analysis of your user behaviour. The pixel does not enable us to identify you personally.

The legal basis for setting pixels and processing your data is your consent. You can revoke your consent at any time with future effect. This does not affect the lawfulness of the processing up to the time of revocation.

5.7. Use of social media buttons

We currently use the following social media buttons: Facebook. We use the Shariff tool developed by c’t. This means that when you visit our site, no personal data is initially disclosed to the button providers. Communication with social networks is done by a script stored on the server, which acts as an intermediary between the social network and the user. Users are only directly connected to Facebook when they become active. Social networks cannot collect data about users before they are active. The button provider is recognisable by logo or initial shown in the box. You can communicate directly with the social network provider by clicking the button. Only by clicking the button will the social network receive the information that you have accessed the relevant website. In the case of Facebook, the IP address is anonymised immediately after it has been collected according to the providers in Germany. By using the button, your personal data is transmitted to the social network provider in question and stored there (in the case of US providers, in the US). Since the provider collects data in particular using cookies, we recommend that you adjust your browser’s security settings to erase all cookies before clicking on the button.

We have no influence on the data collected and any data processing procedures, nor are we aware of the full extent of data collection, the purposes of processing, or the retention periods. Furthermore, we do not have any information about the erasure of the data collected by the button provider.

The button provider stores the data collected about you as user profiles and uses them for the purposes of advertising, market research and/or to tailor the design of its website. In particular, this kind of analysis is conducted (including for users who are not logged in) for the purpose of tailoring advertising to the needs of users and to inform other social network users about your activity on our website. You have a right to object to the creation of these user profiles. To exercise this right, please contact the button provider in question. The buttons allow us to offer your the option to interact with social networks and other users to help us optimise our website and tailor it to the interests of our users. The legal basis for the use of these buttons is Article 6 Paragraph 1 Sentence 1(a) GDPR.

The data is disclosed regardless of whether you have an account with the button provider and are logged in there. If you are logged in with the button provider, your data we collect is directly linked to your existing account with the button provider. For example, if you press the activated button and link to the website, the button provider also stores this information in your user account and publicly shares it with your contacts. We recommend regularly logging out after using a social network. However, this is particularly recommended before clicking a button since this prevents the information from being linked to your profile with the plugin provider.

More information on the purpose and extent of data collection and processing by these button providers is available in each button provider’s privacy notice as listed below. The links below also provide additional information about your rights in this regard, as well as options for adjusting your settings to protect your privacy.

Button provider addresses and URLs for their privacy notices:

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://www.facebook.com/policy.php; more information on data collection: https://www.facebook.com/help/186325668085084,
https://www.facebook.com/about/privacy/your-info-on-other#applications and https://www.facebook.com/about/privacy/your-info#everyoneinfo.

5.8. LinkedIn Insights

Our website uses the LinkedIn Insights tag, operated by LinkedIn Co., 2029 Stierlin Court, Mountain View, CA 94943, USA (“LinkedIn”). The LinkedIn Insights tag allows us to collect information, including personal data, about visitors to our website. This enables us to track advertising effectiveness and display interest-based ads. The data collected includes the following: URL, referrer URL, IP address, device and browser properties (user agent) and a time stamp. IP addresses are stored only in an abbreviated form or hashed. If you are logged in to LinkedIn during your visit to our website, this information is also collected. The data collected is pseudonymised within seven (7) days, i.e. all personal identifiers are removed. These pseudonymised data remaining is then be erased within 180 days. A data processing agreement has been concluded with LinkedIn. In connection with the use of the LinkedIn Insights tag, data is transmitted to servers in the US. The legal basis for processing is Article 6 Paragraph 1(a) GDPR. Our legitimate interest is in tailoring the design of our website to users’ needs and the opportunity to offer interest-based ads. The interests of the website visitors are sufficiently taken into account through the measures envisaged by LinkedIn, in particular prompt pseudonymisation. We therefore do not assume any overriding interest that precludes our legitimate interest. LinkedIn’s privacy policy is available here: https://www.linkedin.com/legal/privacy-policy.

6. AMENDMENTS TO OUR PRIVACY NOTICE

CAC may need to amend this Privacy Notice from time to time. We therefore recommend that you read through this Privacy Notice at regular intervals. However, rest assured that amendments will not come into force with retroactive effect and that we will not change the way we handle data previously collected.

Updated on Feb 12, 2025

Contact us!

Cookie settings