Privacy Statement

This privacy statement regulates the protection of your personal data, which is of great importance to us. We have taken all the necessary technical and organisational measures to ensure that the statutory requirements for data protection are properly implemented and will continue to develop these on an ongoing basis.

To make the privacy statement easier to understand, we would first like to provide you with definitions of some of the important terms used in the General Data Protection Regulation (GDPR).

Personal data means any information that can be used to identify a person. This identification can occur either directly or indirectly using various characteristics.

Typical examples of direct personal data include, but are not limited to, name, postal address, email addresses, telephone number, location data, date of birth. Typical examples of indirect personal data include IP addresses or user data that is stored in server log files.

Data subject means any identified or identifiable natural person, whose personal data are processed.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use,  disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Please note:

1.     The Internet-based transmission of data (e.g. e-mail communication) may have gaps in security and absolute protection of data from third party access is not possible.

2.     Your Internet browser transmits your IP address when you access our website. We need your IP address to identify the device you are using to transmit data.

1. Controller

This privacy statement is applicable to data processing for

Europäische Akademie Otzenhausen gGmbH
Europahausstraße 35
D-66620 Nonnweiler
GermanyTelephone: +49 (0) 6873 662 0
Fax: +49 (0) 6873 662 150
E-mail: info@eao-otzenhausen.de
Legal representation: Marco Wölflinger

2. Data Protection Manager

Our data protection manager can be reached as follows:

Telephone: +49 (0) 6873 662 434

E-mail: dsb@eao-otzenhausen

3. Categories of personal data, purposes and legal bases

Server-Log-Files
When you visit our website www.eao-otzenhausen.de, the website host automatically collects and stores information temporarily in so-called server log files, which are transmitted to us automatically by your browser and stored until such time as they are automatically deleted. These are:

IP address of the computer sending the request

type and version of browser used

operating system used

name and URL of the requested file

referrer URL (website from which our site was accessed)

host name of the computer used to access the website (name of your Internet access provider)

date and time of the server request

These data cannot be used to identify any specific persons. These data will not be merged with any other data sources. We reserve the right to verify the data retrospectively if we become aware of concrete indications of unlawful use.

These data are processed for the following purposes:

Connection establishment, stable and comfortable use, evaluation of system security, administration of our website

The legal basis is Article 6 (1) p. 1 lit. f GDPR. The operation of a website constitutes a legitimate interest.

Cookies

Some of these web pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain any viruses. We use cookies to make our services more user-friendly, more effective and more secure, as well as for statistical analyses. Cookies are small text files that are automatically created and saved to your device by your browser when you visit our website.

Most of the cookies we use are session cookies. They are automatically deleted when your browsing session ends.

Other cookies are stored on your device until you delete them. These cookies enable us to recognise your browser when you next visit our website. They store information about data entered and preferences selected, so that you don’t have to enter the same data again.

You can change the settings of your Internet browser to notify you when a cookie is being sent and to only allow cookies on a case-by-case basis. You can block cookies for specific cases or block all cookies, as well as activate the automatic deletion of cookies when the browser is closed. Some website functions may not be available when cookies are blocked.

Processing will take place for the purposes stated.

The legal basis is Article 6 (1) p. 1 lit. f GDPR. The operation of this website is necessary for the purposes of our legitimate interest or that of a third party.

We will only use tracking cookies if you have previously given your explicit consent. Tracking cookies show us which websites you have already visited, for example, and serve statistical purposes (evaluation and improvement of our website).

The legal basis is provided by your freely given consent in accordance with Article 6 (1) p. 1 lit. a GDPR.

Contact form

If possible, the collection of personal data using contact forms such as name, postal address, e-mail addresses, telephone numbers etc. is always done on a voluntary basis. These personal data will not be transferred to third parties without your explicit consent and will be deleted upon completion of your request.

The data is processed for the purposes of establishing contact. The legal basis is provided by your freely given consent in accordance with Article 6 (1) p. 1 lit. a GDPR.

4. Legitimate interests

The operation of this website constitutes a legitimate interest.

5. Transfer of data to recipients or categories of recipients

Indirect personal data may be forwarded to web hosts, plug-in providers for tools, IT service providers and so on. A more detailed explanation can be found under point 15 “tools used” of this privacy statement.

We will only disclose your direct personal data to third parties if the following criteria are fulfilled:

  • Explicit consent has been given in accordance with Article 6 (1) lit. a GDPR;
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller pursuant to Article 6 (1) lit. f GDPR, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data;
  • Processing is necessary for compliance with a legal obligation, pursuant to Article 6 (1) lit. c GDPR, to which the controller is subject;
  • Processing is necessary for the performance of a contract, pursuant to Article 6 (1) lit. b GDPR, to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

6. Disclosure of data to a third country

We do not intend to disclose your direct personal data, such as your name, postal address, e-mail addresses, telephone number, date of birth etc. to a third country. However, general internet use results in technical data, such as IP addresses or other technical user data (e.g. cookies), being transmitted.

If tools/plug-ins are used on our website, indirect personal data may be transmitted to the USA. This transmission is governed by the EU-US Privacy Shield decision adopted by the EU Commission on 12 July 2016 for data transfers between the European Union and the USA. A more detailed explanation can be found under point 15 “tools used” of this privacy statement.

7. Period of storage

Your personal data will be deleted, as specified in this privacy statement, as soon as the purpose, for which they were collected, has ceased to apply, unless we are obliged by law to store them.

8. Right of access, right to rectification, erasure, restriction, data portability and the right to object

You have the right to access the personal data concerning you that are being processed (Article 15 GDPR) and obtain information on the purposes of the processing, the categories of the personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries, as well as the envisaged storage period. If the concerned data were not collected by us, you have the right to obtain information on the origin of the data. Furthermore, you have the right to rectification (Article 16 GDPR) or erasure (Article 17 GDPR) of your data, or as the case may be, the right to restriction of processing (Article 18 GDPR) as well as the right to data portability (Article 20 GDPR). The right to data portability includes the provision of the personal data concerning you in a structured, commonly used and machine-readable format so that the data can be transmitted to another controller without hindrance.

Moreover, you have the right to object to the processing of data concerning you (Article 21 GDPR) provided the data are being processed based on a legitimate interest enforced by us (Article 6 (1) p. 1 lit. f GDPR) and you object on grounds relating to your particular situation or you object to processing for direct marketing purposes. If the latter is the case, you can object without specifying a particular situation.

9. Withdrawal of consent

If you have given us your consent to the processing of your personal data, then you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent prior to withdrawal (Article 7 (3) GDPR).

You can exercise your right to withdrawal or cancellation by contacting the controller or the data protection manager.

10. Right to lodge a complaint

You have the right to lodge a complaint with the data protection authority for your place of residence (Article 77 GDPR).

In Saarland:

Unabhängiges Datenschutzzentrum Saarland (Independent Data Protection Centre Saarland), Fritz-Dobisch-Straße 12, D-66111 Saarbrücken, Germany, Telephone: +49 (0) 681 947810

11. Requirements for the provision of personal data

You are neither legally nor contractually obligated to provide us with your personal data. However, the provision of your indirect personal data (IP address, cookies) is required if you want to visit our website.

12. Automated decision-making

Our website does not feature any automated decision-making based on personal data, such as profiling or scoring.

13. Processing for other purposes

Further processing of the personal data for purposes other than the purpose they were collected for will not take place. If the necessity of further processing arises, we will provide you with information on this other purpose along with all other relevant information.

14. Data security

Our website uses SSL encryption (Secure Socket Layer). Data transmission is secured with a 256-bit encryption if supported by your browser; otherwise a 128-bit encryption takes place. The encrypted transmission is indicated by a locked padlock icon on your browser.

Furthermore, we have taken technical and organisational measures to guarantee the ongoing security of your data.

15. Tools/plug-ins used on this website

This website uses tools/plug-ins from various providers.

Vimeo

This website uses features provided by the Vimeo video portal operated by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. Every time a webpage is launched that contains one of more Vimeo video clips, your browser automatically establishes a direct connection to the Vimeo server in the USA. When this occurs, information about your visit and your IP address are stored there.
If you have a Vimeo user account and do not want Vimeo to collect personal data and merge it with your Vimeo membership data, please log out of your Vimeo account before accessing our website. Additional information can be found in the Vimeo privacy statement at:

https://vimeo.com/privacy

In addition, Vimeo activates the Google Analytics tracker via the integrated iFrame that is used to retrieve the video. This is a tracking feature of the Vimeo service that we do not have access to. You can prevent any tracking by Google Analytics by using the deactivation tools that Google provides for a number of Internet browsers. Users can also prevent the data generated by Google Analytics about their use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout

The data are processed for the following purposes:

Playback of videos for the purposes of visual information transfer

The legal basis is provided by Article 6 (1) p. 1 lit. f GDPR. Website operation constitutes a legitimate interest.

16. Changes to the privacy statement

This privacy statement was last updated on 10 May 2018. It is subject to alteration, provided the content of our website changes, the statutory regulations are altered or official regulations are to be implemented.

© 2018 ZEiD GmbH. This privacy statement is protected by copyright.

This privacy statement has been verified by

logo

Office address

Europäische Akademie Otzenhausen gGmbH

Europahausstraße 35
66620 Nonnweiler

Tel.: 0049 6873 662-0
Fax: 0049 6873 662-150

info(at)eao-otzenhausen.de