PRIVACY POLICY

Data protection notice for visitors to the website - 

In accordance with the requirements of the General Data Protection Regulation (DSGVO/GDPR), you are informed below about the collection of data when using the website, as well as the purpose of the processing and your rights under the DSGVO. The protection of your personal data is taken very seriously during processing.

Purpose and legal basis of processing

The processing of your personal data is carried out in accordance with the provisions of the DSGVO and the German Federal Data Protection Act (BDSG) insofar as this is necessary for the establishment, execution and fulfillment of contracts as well as for the implementation of pre-contractual measures.

An initiation or implementation of a contractual relationship or in the context of the implementation of pre-contractual measures justifies the processing of personal data pursuant to Art. 6 (1) lit. B DSGVO.

By giving explicit consent to the processing of personal data for specific purposes (e.g. disclosure to third parties, evaluation for marketing purposes or promotional speech), the lawfulness of the processing is given according to Art. 6 para. 1 lit. a DSGVO. With effect for the future, the consent can be revoked at any time.

If necessary and legally permissible, your data will be used beyond the actual contractual purposes for the fulfillment of legal obligations pursuant to Art.6 para. 1 lit. c DSGVO. Furthermore, processing may be carried out to protect legitimate interests on the part of the provider or third parties in accordance with Art.6 para.1 lit. f DSGVO.

Categories of personal data

Only indispensable data regarding the establishment of the contract or the pre-contractual measures is processed. This is general data about you (name, address, contact details, bank details, etc.) as well as any other data that you share in the context of the contract.

Rights as a data subject

If personal data is processed by you, you are considered a data subject according to the GDPR. You are free to exercise the following under the contact details.

.information about your stored data and its processing (Art. 15 DSGVO)
.correction of incorrect personal data (Art. 16 DSGVO)
.deletion of your stored data (Art. 17 DSGVO)
.restriction of data processing, if your data is not yet intended for deletion due to legal obligations (Art. 18 DSGVO)
.data portability, provided that you have consented to the data processing or have concluded a contract (Art. 20 DSGVO)
.objection to the processing of your data (Art. 21 DSGVO)
.right not to be subject to a decision based solely on automated processing, including profiling (Art. 22 DSGVO)

Should you make use of your above rights, the controller will check whether the legal requirements for this are met.

You also have the right to complain to a supervisory authority. The supervisory authority responsible for the data controller is the State Commissioner for Data Protection and Freedom of Information North Rhine - Westphalia.

Kavalleriestr. 2-4
40213 Düsseldorf
Telephone: 0211/38424-0
Fax: 0211/38424-99
Email: office[at]ldi.nrw.de 

Right of revocation and objection

You have the possibility to revoke your previously given consent (Art. 6 para. 1 lit. a DSGVO) at any time. The revocation is then valid for the future. Personal data will then no longer be processed, unless compelling reasons worthy of protection for the processing are demonstrated. These must override your rights, interests and freedoms or the processing must serve as the assertion, exercise or defense of legal claims.

Should the processing be carried out to protect legitimate interests pursuant to Art. 6 (1) lit. f DSGVO, you have the right to object to the processing at any time for reasons arising from your particular situation pursuant to Art. 21 DSGVO.

Your personal data will then no longer be processed. If compelling legitimate grounds for processing can be demonstrated, processing will continue. These must outweigh your interests, rights and freedoms or the processing must serve as the assertion, exercise or defense of legal claims.

Sources of the data

Only data provided by you in the context of establishing a contract on the website or during the payment process will be processed. Data from third party sources is not obtained. The transmission of sensitive data in the sense of Art. 9 DSGVO is expressively not requested.

Recipients of the data

Personal data is only passed on in order to be able to guarantee the fulfillment of contractual and pre-contractual measures. If personal data is processed on behalf of the company, the data protection-compliant processing is ensured by order processing contracts.

Data will only be passed on to recipients outside the company if this is permitted by law, if it is necessary for the fulfillment of the contract or at your request for pre-contractual measures, if the provider received your consent or is authorized to provide information. Under these conditions, for example:

.Public bodies / institutions in the presence of a legal or regulatory obligation.

Third country transfer on the part of the company

Data processing outside the European Union (EU) or the European Economic Area (EEA) is not planned or intended.

Duration of data storage

As far as necessary, data is stored for the duration of the business relationship. This also includes the initiation and execution of a contract. A storage beyond that happens only as far as legally permissible or in the concrete case of the assertion, exercise or defense of legal claims for the duration of a legal dispute.

In addition, there are storage and documentation obligations in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO). The prescribed periods are two to ten years.

Finally, the storage period also depends on the statutory limitation periods, e.g. according to §§195 ff. of the German Civil Code (BGB), these are three years. In certain cases, longer.

Necessity of the provision of personal data

The provision of personal data for the purpose of establishing, implementing or fulfilling a contract or for the performance of pre-contractual measures is not required by law. You are not obliged to provide any information. Please note, however, that if you do not provide any information, no contractual relationship can be established.

Collection of general information when visiting the website

Type and purpose of processing

Accessing the website without registering or otherwise transmitting information (e.g. payment transactions) involves the transmission of the following data (server log files):

.type of web browser
.operating system
.domain name of your internet service provider
.IP address
.time of the request

In particular, they are processed for the following purposes:

.ensuring a smooth connection of the website
.ensuring a smooth use of the website
.evaluation of system security
.other administrative purpose

Conclusions about your person are not drawn from your data

Legal basis

The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO based on a legitimate interest in improving the stability and functionality of the website.

Recipients

Recipients of the data are, if applicable, technical service providers for operation and maintenance of the website.

Storage period

The data necessary to provide the website will be deleted should it no longer be required. IP addresses and log data remain stored by the hoster for seven (7) days.

Provision mandatory or required

The provision of the aforementioned personal data is neither required by law nor by contract. However, without an IP address, the service and functionality of the website cannot be guaranteed. For this reason, an objection is excluded.

Cookies

Cookies are data sets and are stored on your terminal device. A cookie contains information about where your computer will be recognized as soon as you visit a website again. However, cookies can also make personal information transparent and transmit it to companies or advertisers. Cookies cannot be used to launch programs or transmit viruses.

Nature and purpose of processing

On the website, so-called cookies are used to ensure the proper operation of the website. Under no circumstances will data be passed on to third parties or linked to personal data without your consent.

Cookies used

Only technically necessary cookies are used for the indispensable operation of the website.

Legal basis for the use of technically necessary cookies

The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of legitimate interest in the proper operation of the website and provision of basic functions.

Storage period

Via your browser settings, the cookie inventory can be deleted and their storage can be blocked in advance.

Inquiry by email or telephone

Contact by telephone or email will entail the transmission of all resulting personal data and will be stored and processed. The transfer to third parties will not take place without consent. The transmission of sensitive data in the sense of (Art.9 DSGVO) is explicitly not requested.

Legal basis

The processing of this data is based on Art. 6 (1) lit. b DSGVO, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures.

Storage period

The data voluntarily sent by you via contact requests will remain until you request deletion, revoke your consent to storage or the purpose for storage ceases to apply. Mandatory legal provisions, in particular legal retention periods, remain unaffected.

SSL encryption

In order to protect the security of your data during transmission, state-of-the-art encryption procedures (e.g. SSL) are used via HTTPS.

Contractors used / External web & email hosting

Websites and emails are hosted by external service providers. The data collected on the website and transmitted via email is stored on the servers of the hosters. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website. The hosters are used for the purpose of fulfilling the contract with potential and existing customers (Art. 6 para. 1 lit. f DSGVO) and in the interest of a secure, fast and efficient provision of the online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).

The contracted hosters will process your data only to the extent necessary to fulfill your service obligations and follow instructions regarding this data. In order to ensure data protection-compliant processing, order processing contracts have been concluded.

The following companies have been commissioned:

Ionos | https://www.ionos.de
Hostinger | https://www.hostinger.com 

Links to third-party websites

This data protection notice does not apply to third-party websites offered on this website in the form of links. Please refer to the data protection notices of the respective providers when visiting these websites.

Links are clearly indicated.

When clicking on a link, data will be transmitted. This is technically necessary.

Use of PayPal as payment provider

Type and purpose of processing

The use of PayPal (Europe) S.à r.l. et Cie, S.C.A. / 22-24 Boulevard Royal / L-2449 Luxembourg (email: impressum[at]paypal.com) as a payment processor on the website is done in order to offer an efficient and secure online payment processing. During the payment process, data necessary for the payment process is forwarded to PayPal and stored. PayPal is not a processor in the sense of Art. 4 No. 8 DSGVO. The conclusion of a processing order is therefore not necessary.

PayPal has implemented compliance measures for international data transfers and implemented worldwide for all activities where PayPal processes personal data of individuals in the EU. The measures are based on the EU Standard Contractual Clauses (SCCs).Data processing at recipients located in third countries (outside the EU, Iceland, Norway, Liechtenstein, in particular in the USA) or data transfer to these countries is done on the basis of the so-called standard contractual clauses Art. 46 para. 2 and 3 DSGVO.

Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries and stored there.

The relevant decision and standard clauses can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de 

Information on the standard contractual clauses and on data processing when carrying out payment processing: https://www.paypal.com/webapps/mpp/ua/privacy-full 

PayPal (Europe) S.à r.l. et Cie, S.C.A. is listed as a bank throughout the EU. The supervisory authority is the Luxembourg banking supervisory authority CSSF (Commission de Surveillance du Secteur Financier).

Categories of personal data

In the conclusion and fulfillment of the contract, the following data (Art. 6 para. 1 lit b. DSGVO) will be forwarded to PayPal:

.name of the card provider
.email address
.customer number
.order number
.bank details
.credit card details
.credit card expiration date
.credit card verification number (CVC)
.date and time of transaction
.transaction amount
.name of the provider
.place

may be required to forward additional data for credit assessment purposes.

Furthermore, for fraud prevention, financial reporting and to be able to fully offer its own services, PayPal may collect location data in addition to technical data of your device.

The processing of the provided data under this section is not required by law or contract. Without the transmission of your personal data, a payment via PayPal cannot be carried out. It is possible for you to arrange another payment method. To do so, please send an email to: info[at]byteducate.com. PayPal carries out a credit check for various services, such as payment by direct debit, to ensure your willingness and ability to pay. This corresponds to the legitimate interest of PayPal (according to Art. 6 para. 1 lit. f DSGVO) and serves the execution of the contract (according to Art. 6 para. 1 lit. b DSGVO). For this purpose, your data (name, address and date of birth, bank account details) will be passed on to credit agencies. The provider has no influence on this process and only receives the result of whether the payment was made or rejected or a check is pending.

For more information on objection and removal options vis-à-vis PayPal, please visit: https://www.paypal.com/de/webapps/mpp/ua/privacy-full 

Legal basis of data processing

PayPal is used in accordance with Art. 6 (1) lit. f DSGVO on the basis of legitimate interest in being able to offer a secure and efficient payment method.

Duration of data storage

As far as necessary, data is stored for the duration of the business relationship. Personal data is generally stored for the duration of the service provision. That is until terminating the cooperation with PayPal. However, in order to be able to fulfill legal and official obligations, it may come to a storage beyond the duration of the service provision. As a globally active company, it can also come to a storage in several countries on the part of PayPal. Thus, the storage of data outside the country of the payment provider may also occur.

Third country transfer / possibility of objection (opt-out)

When using PayPal as a payment processor, storage and processing outside the EU may also occur. Most third countries are considered unsafe under current European data protection law. Data may not simply be transferred to, stored in, and processed in third countries unless there are suitable safeguards (such as EU standard clauses) between the contracting parties.

You can delete, deactivate or manage cookies used for the functions in the browser.

Right of revocation / right of objection

According to Art. 7 DSGVO, you are entitled to revoke the consent to use your personal data at any time. A revocation is only valid for the future. Please note that the legal requirements for compliance with the retention period must be complied with.

Should the processing be carried out in accordance with Art. 6 (1) lit. f DSGVO to protect legitimate interests, you have the right to object to the processing at any time in accordance with Art. 21 DSGVO for reasons arising from your particular situation.

Your personal data will then no longer be processed. If compelling legitimate grounds for processing can be demonstrated, processing will continue. These must override your interests, rights and freedoms, or the processing must serve as the assertion, exercise or defense of legal claims.

Content delivery through pCloud

pCloud is a file hosting service for private users and companies founded in Switzerland in 2013. The data is stored either in a data center in the European Union or in the United States.

The full company name is pCloud International AG 74 Zugerstraße, 6340 Baar, Switzerland.

As a Swiss company, pCloud is subject to the Swiss Data Protection Act. pCloud complies with all requirements of the European General Data Protection Regulation (EU-DSGVO). The data center providers are SSAE 18 SOC 2 Type II & SSAE 16 SOC 2 Type II certified and meet the highest level of physical and technical security applications.

All files are protected on the server side by high level bit-256 AES encryption and a series of firewalls. TLS/SSL encryption is used when transferring files to and from the servers.

pCloud is used in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of legitimate interest in being able to offer complete contract performance.

Further information can be found in the data protection notice on the operator's page: https://www.pcloud.com/de/privacy_policy.html 

Online presence on social media platforms

Note: As a precautionary measure, please note that the use of social media platforms and their functions is your own responsibility. As a rule, social networks analyze user behavior comprehensively. By visiting the social media presences, numerous processing operations relevant to data protection are triggered.

For the information services offered, in this sense, social media, the controller makes use of the technical platforms:

YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
Facebook (Facebook Ireland Ltd. (Meta Platforms), 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland)
Instagram (Instagram (Meta Platforms), 1 Hacker Way, Menlo Park, USA)
Twitter (Twitter Inc, Market Square, 1355 Market St. 900, San Francisco, USA)

The use of the pages and their functionalities is at your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

When visiting a social media page, among other things, your IP address and other information that is present in the form of cookies on your computer. This information is used to provide the operators with statistical information.

The operators provide more detailed information under the following links:

YouTube: https://support.google.com/youtube/topic/9257532?hl=de&ref_topic=9257610 
Facebook: http://de-de.facebook.com/help/pages/insights 
Instagram: https://www.facebook.com/help/instagram/788388387972460?helpref=faq_content 
Twitter: https://twitter.com/de/privacy 

The data collected about you in this context is processed by the companies and, where applicable, transferred to countries outside the European Union. What information the respective social media platform provider receives and how it is used is described by the companies in general terms in their data usage policies. There you will also find information about contact options and setting options for advertisements. The data usage policies are available at the following links:

YouTube: https://www.youtube.com/static?gl=DE&template=terms&hl=de 
Facebook: https://de-de.facebook.com/terms 
Instagram: https://help.instagram.com/581066165581870/?helpref=uf_share 
Twitter: https://twitter.com/de/privacy 

The full data policy is available at the following links:

YouTube (Google): https://policies.google.com/privacy?hl=de
Facebook: https://de-de.facebook.com/policy.php
Instagram: https://help.instagram.com/519522125107875/?helpref=uf_share
Twitter: https://twitter.com/de/privacy 

The way in which YouTube, Facebook and Instagram use data for their own purpose. The extent to which activities on the page are assigned to individual users, how long this data is stored and whether data from a visit is passed on to third parties is not conclusively and clearly stated by the operators and is not known to the provider of the website.

When accessing a social media page, the IP address assigned to your terminal device is transmitted to the operator. According to information provided by the operators, this IP address is anonymized. The operators also store information about the end devices of its users (e.g. as part of the login notification function). If necessary, this makes it possible to assign IP addresses to individual users.

If you are logged in as a user on YouTube, Facebook or Instagram, a cookie with your respective identifier is located on your end device. This enables the operators to track which pages you have visited and how you have used them.

Via buttons embedded in websites, it is possible for the operator to record your visits to these pages and assign them to your profile.

Based on this data, content or advertising can be offered tailored to you.

If you want to avoid this, you should log out of the operator or deactivate the "stay logged in" function, delete the cookies present on your device and exit and restart your browser. In this way, information through which you can be directly identified will be deleted. This will allow you to use the website without revealing your identifier. When you access interactive features on the website, a login screen will appear. After logging in, you will again be identifiable as a specific user.

Data categories / Third country transfer / Option to object (opt-out)

Information on this can be found under the following details of the respective provider.

Instagram
Data policy: https://help.instagram.com/519522125107875/?helpref=uf_share
Terms of use: https://help.instagram.com/581066165581870/?helpref=uf_share 

Facebook
Data Policy: https://de-de.facebook.com/full_data_use_policy
Terms of use: https://de-de.facebook.com/legal/terms?ref=pf 

YouTube
Privacy Policy: https://policies.google.com/privacy?hl=de
Terms of use: https://www.youtube.com/t/terms 

Twitter
Privacy notice: https://twitter.com/de/privacy
Terms of use: https://twitter.com/de/tos 

Use of Discord as a community server

Purpose of processing

Discord is used to conduct conference calls and ensures the community server (chat room). Discord is an online service for instant messaging, chat, voice and video conferencing.

What data is processed?

During the use of Discord, a wide variety of content is processed. Sharing content should always be done with caution. Before use, you must register. Without registration, use is excluded.

Beyond that, the use does not require any further data. Within the scope of the contract fulfillment, the customer is basically free to actively participate. Participation is voluntary.

Discord takes the following data protection relevant measures to protect user data:

.Encryption: Discord describes in the privacy policy that all texts, images and videos are sent encrypted.
.Transport Layer Security is used for encryption.

Scope of processing

Discord is used to provide the community server (chat room) and to conduct conference calls.

Discord is based in the United States. Data is also stored on servers outside the United States. When data is transferred outside the EEA, standard contractual clauses, supported by adequacy decisions of the European Commission for certain countries, or other legally compliant mechanisms or conditions are applied.

You may contact Discord's privacy officer at: dpo[at]discord.com 

Conference calls are recorded. When actively participating (spoken word), you consent to a publication of the recordings. The recordings are to be published as educational content. Please do not actively participate if you do not agree with this.

Legal basis

The use of Discord to provide a community server is based on Art. 6 para. 1 lit. b DSGVO.

Questions about data protection

If you have any questions regarding data protection, you can contact Discord at any time using the email address provided: privacy[at]discord.com 

Further information on data protection

Discord provides further information on data protection: https://discord.com/privacy 

Use of Google Meet as provider for online seminars

Purpose of processing

Google Meet is used to conduct online seminars. Google Meet is a video conferencing and instant messaging service provided by the US company Google. The full company description is Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google headquarters, Gordon House, Barrow Street, Dublin 4, Ireland.

What data is processed?

A wide variety of content is processed while using Google Meet. Sharing content should always be done with caution. No user account is required for use.

Beyond that, the use does not require any further data. Within the framework of the fulfillment of the contract, active participation is voluntary.

Google Meet takes the following measures relevant to data protection to protect user data:

To ensure the security and privacy of data, Google Meet supports the following cloud encryption measures for video conferencing: By default, meeting data is encrypted in transit between the client and Google's data centers. This applies to all meetings that take place on Google Meet. Video conferences are encrypted according to the following standards: IETF (Internet Engineering Task Force) security standards for DTLS (Datagram Transport Layer Security) & SRTP (Secure Real-Time Transport Protocol).

Scope of processing

Google Meet is used to conduct online seminars. Google Meet is based in the United States. Data is also stored on servers outside the United States. When transferring data outside the EEA, standard contractual clauses, supported by adequacy decisions of the European Commission for certain countries or other legally compliant mechanisms or conditions for such data transfer are applied.

Online seminars are recorded. When actively participating (spoken word), you consent to a publication of the recordings. The recordings are to be published as educational content. Please do not actively participate if you do not agree to this. Unless expressively agreed, participants are not be seen on published video recordings under any circumstances.

Legal basis

The use of Google Meet as a provider for online seminars is based on Art. 6 para. 1 lit. b DSGVO.

Questions about data protection

If you have any questions about data protection, you can contact Google Meet at any time using the email address provided: support-in[at]google.com 

More information from Google: https://policies.google.com/privacy?hl=de 

Transmission of sensitive data

The provider expressively asks users to refrain from transmitting sensitive data in the sense of DSGVO Art. 9 at any time.

Changes to the data protection notice

Changes to the data protection notice may occur at any time.