Privacy policy

With this privacy policy, we inform you about the scope of the processing of your personal data (hereinafter “data”).

  • Responsible for data processing 

Responsible for data processing in accordance with the provisions of the General Data Protection Regulation (GDPR) is:

Steinbeis University – School of Next Practices GmbH

Rudower Chaussee 28

12489 Berlin

 

Phone: +49 32 221095074

Web: www.steinbeis-next.de

E-mail: studentadvisory@steinbeis-next.de

  • Contact details of our data protection officer

Sarah Tavcer

RMPrivacy Ltd.

Große Langgasse 1A, 55116 Mainz

 

Web: www.rmprivacy.de 

Email: privacy@steinbeis-next.de

  • General information on data processing

During our business and website operations, we process data. 

This also includes disclosure by transfer to third parties and, if applicable, to so-called third countries outside the European Union (“EU”) and the European Economic Area (“EEA”). Insofar as we transfer data outside the EU or the EEA, we have marked this accordingly below.

  • Data processing 

The individual data concerned, processing purposes, legal bases, recipients and, where applicable, transfers to third countries are listed below:

  • Web page visit log file

We log your website visit. In doing so, we process: 

  • Name(s) of our accessed website(s) 
  • Date and time of retrieval
  • The amount of data transferred 
  • the browser type and version
  • the operating system you are using
  • the referrer URL (the previously visited website) 
  • Your IP address
  • the requesting provider. 

The legal basis for data processing is our overriding legitimate interest in the ongoing provision and security of our website pursuant to Art. 6 para. 1 f) GDPR.

The log file is deleted after seven days, unless it is needed to prove or clarify specific legal violations that have become known within the retention period.

  • Hosting

To provide our online presence, we use the services of web hosting providers who process the above-mentioned data and all data to be processed in connection with the operation of this website (log file when visiting the website) on our behalf.

The legal basis for data processing is our overriding legitimate interest in the provision of our website pursuant to Art. 6 para. 1 f) GDPR.

  • Contact 

If you contact us, we process the following data from you for the purpose of processing and handling your request: Name, contact details – if provided by you – and your message.

The legal basis for the data processing is our obligation to fulfill the contract and/or to fulfill our pre-contractual obligations pursuant to Art. 6 para. 1 b) GDPR and/or our overriding legitimate interest in processing your request pursuant to Art. 6 para. 1 f) GDPR.

  • Contact for applications

If you contact us to send us your application as an employee, e.g. by e-mail or via a contact form, the data you provide (e.g. name, e-mail address, desired location, etc.), your message and the application documents submitted will be processed solely for the purpose of processing and handling your application request. 

The legal basis for data processing is primarily Section 26 Federal Data Protection Act (FDPA). Accordingly, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

Should the data be necessary for legal prosecution after completion of the application process, data processing may be carried out to safeguard our legitimate interests pursuant to Art. 6 para. 1 f) GDPR, namely to assert and/or defend claims.

To provide the contact form for applicants, we use the services of HubSpot Germany GmbH, to whom we transmit the data. Hubspot Germany GmbH is a subsidiary of HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. Therefore, it cannot be ruled out that data will also be transmitted to the USA.

HubSpot is certified under the EU-US Data Privacy Framework only for non-HR data and in this respect does not fall under the adequacy decision of the EU Commission. For data transfers to the USA, HubSpot ensures an adequate level of data protection via the EU standard contractual clauses. A copy of the relevant EU standard contractual clauses will be provided upon request. Please contact privacy@steinbeis-next.de for this purpose.

  • Applicant pool

If you give us your consent to continue to store your application documents after the application process has been completed, we will store them in our applicant pool for the purpose of contacting you about future vacancies that fit your profile. The legal basis for processing within the scope of our applicant pool is your prior consent pursuant to Art. 6 para. 1 a) GDPR.

  • Newsletter 

To provide you with regular information about our company and offers, we offer the dispatch of an e-mail newsletter. With your newsletter registration, we process the data you entered during registration (e-mail address and other voluntary information). To prevent misuse, we will send you an e-mail after your registration in which we ask you to confirm your registration (double opt-in procedure). To be able to prove the registration process in a legally compliant manner, your registration is logged. This concerns the time of registration and confirmation as well as your IP address. 

The legal basis for sending the newsletter is your consent pursuant to Art. 6 para. 1 a) GDPR. The data processing in connection with the sending of the confirmation email for your registration and the associated data logging is carried out pursuant to Art. 6 para. 1 f) GDPR due to our legitimate interest in the proof of your proper registration.

If you give us your consent, we also evaluate in the newsletters whether you have opened the newsletter and the scrolling and clicking behavior in the newsletter. This is done for the purpose of optimally tailoring our newsletter to your interests and improving the content of our newsletter. The legal basis for the analysis of the newsletter is your consent in accordance with Art. 6 para. 1 a) GDPR.

To send the newsletter, we use the services of HubSpot Germany GmbH, to which we transmit the data. Hubspot Germany GmbH is a subsidiary of HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. Therefore, it cannot be ruled out that data will also be transmitted to the USA.

HubSpot is certified under the EU-US Data Privacy Framework and to this extent falls under the EU adequacy decision for the USA.

  • Use of functional cookies

We use so-called cookies on our website. Cookies are small text files that are stored on your end device (PC, smartphone, tablet, etc.) and saved by your browser.

We only use technically necessary session cookies on our website. 

  • Cookies use

We use so-called cookies on our website. Cookies are small text files that are stored on your end device (PC, smartphone, tablet, etc.) and saved by your browser.

Information about the specific cookies we use, their providers and purposes can be found at our Consent-Banner . There you can give your consent to the respective services, revoke it or subsequently adjust your settings.

Our Consent Banner

To document your selection of certain data processing procedures and to fulfill our obligations under data protection law, we use a consent banner. When you call up our website, your cookie preferences are requested via a banner. We then set a cookie in which data on consent given or revoked is stored. The data processing is carried out for the fulfillment of our legal obligations according to Art. 6 para. 1 c) GDPR.

  • Analysis / Marketing

  • HubSpot Analytics

We use the tracking tool HubSpot Analytics from Hubspot Germany GmbH on our website. We use HubSpot Analytics to evaluate your use of the website, to compile reports on the activities within this website and thus to control more targeted advertising measures and to improve the user-friendliness of our website.

When using Hubspot Analytics, interactions of website visitors are specifically recorded and systematically evaluated.

The use of the cookies set or comparable technologies takes place with your consent on the basis of Section 25 (1) sentence 1 TTDSG. The legal basis for the data processing is your consent according to Art. 6 para. 1 a) GDPR.

You can revoke your consent at any time with effect for the future by adjusting your preferences in our consent banner.

Hubspot Germany GmbH is a subsidiary of HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. Therefore, it cannot be ruled out that no data transfer to the USA will take place in the course of processing. HubSpot is certified under the EU-US Data Privacy Framework and to this extent falls under the EU adequacy decision for the USA.

  • Webinars

  • Zoom

Through the video conferencing feature of “Zoom”, we can offer you participation via video and audio in our webinars. We do not record the “Zoom” online events and meetings unless we have obtained their consent in advance. The following personal data is processed in the process:

  • User data: First name, last name, email address, user IDs and password (if “single sign-on” is not used), date of birth (only as proof of age, “Zoom” does not store or use this information for any other purpose).
  • Operational Data: Configuration data, feature usage data, performance data, service logs, meeting metadata (such as: attendee IP addresses, device/hardware information).
  • If applicable, text, audio and video data: You may have the option of using the chat, question or survey functions in an “online meeting”. To this extent, the text entries you make are processed to display them in the “online meeting” and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Zoom” applications.
  • When dialing in with the telephone: information on the incoming and outgoing call number, country name, start and end time
  • Support and feedback data

Insofar as personal data of employees of Steinbeis University are processed, Section 26 FDPA is the legal basis for data processing.

Furthermore, the processing of personal data by us is carried out based on our legitimate interests pursuant to Art. 6 (1) f) GDPR in order to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”).

The legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 b) GDPR, insofar as the meetings are conducted in the context of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 f) GDPR. Here, too, our interest is in the effective implementation of “online meetings”.

Personal data processed in connection with participation in “online meetings” will not be disclosed to third parties as a matter of principle unless it is specifically intended for disclosure. Please note that the content of “online meetings”, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Data sharing and data transfer to the USA

Zoom is a service of Zoom Video Communications, Inc, 55 Almaden Blvd, Suite 600. San Jose, CA 95113, USA. Processing of personal data thus also takes place in a third country. We have concluded a order processing agreement with the provider of “Zoom”, which complies with the requirements of Art. 28 GDPR.

For data transfers to the USA, Zoom ensures an appropriate level of data protection via the EU standard contractual clauses. A copy of the relevant EU standard contractual clauses will be provided upon request. For this purpose, please contactprivacy@steinbeis-next.de.

As additional safeguards, we have also configured our “Zoom” to use only data centers in the EU, the EEA, or secure third countries such as Canada or Japan to conduct “online meetings”.

  • MS Teams

As part of our online meetings using Microsoft Teams, we process the following personal data: 

  • Communication data (e.g. your email address, if you provide it on a personal basis)
  • Personal master data (if you specify it)
  • Log files, log data 
  • Metadata (e.g. IP-address, time of participation, etc.) 
  • Profile data (e.g. your username, if you provide it of your own accord) 

Chat content is logged when using Microsoft Teams. Files that users share in chats are stored in the OneDrive for Business account of the user who shared the file. The files that team members share in a channel are stored on the team’s SharePoint site.

Microsoft Teams is a product from the Microsoft Office 365 product suite. Through the video conferencing feature of Microsoft Teams, we can offer you participation via video and audio in our meetings and online events. We do not record the Microsoft Teams online events and meetings unless we have obtained their consent in advance.

Which people can see your audio and video input depends on the team modes we use:

Live events:

During live events, we do not allow sound or video recordings of participants to maintain anonymity. 

Team Meetings:

In team meetings, all participants can set their own audio and video inputs. Unauthorized processing by other participants, e.g. by recording the meeting, cannot be definitively excluded or prevented by us.

Microsoft Office365 is software produced by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park Leopardstown, Dublin 18, D18 P521, Ireland. Data processing with Office 365 is carried out on our behalf on servers in data centers in the European Union in Ireland and the Netherlands.

Microsoft may request remote access for the purpose of remote maintenance. We will review and approve such access on a case-by-case basis if it is necessary for Microsoft to perform support services (e.g., troubleshooting). In this case, such access may also be provided by Microsoft affiliates from outside the European Union. This may include countries for which there is no EU Commission adequacy decision. We have entered standard contractual clauses with Microsoft exclusively for this case of access from outside the European Union in individual cases approved by us. We will provide a copy of the contractual clauses upon request. Please contact us at privacy@steinbeis-next.de.

When using MS Teams, data may also be transferred to Microsoft in the USA. Microsoft is certified under the EU-US Privacy Shield Framework, and to this extent falls under the EU adequacy decision for the USA.

 Own data processing by Microsoft

In accordance with its privacy policy, Microsoft reserves the right to process customer data for its own legitimate business purposes. We have no control over these data processing activities by Microsoft. To the extent that Microsoft Teams processes personal data in connection with legitimate business purposes, Microsoft is the independent data controller for those data processing activities and, as such, is responsible for compliance with all applicable data protection laws. If you need information about Microsoft’s processing, we encourage you to review the relevant Microsoft statement: https://privacy.microsoft.com/de-de/privacystatement.

  • External content

We use dynamic content (“Content”) from third parties to optimize the presentation and the offer of our website. When visiting the website, a request is automatically made to the server of the respective content provider by means of an interface, during which certain log data (e.g. the user’s IP address) is transmitted. The dynamic content is then transmitted to our website and displayed there. 

We use external content in connection with the following functionalities:

  • Google Fonts

To make visiting our website attractive, we use external fonts from Google Fonts. These are loaded from servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) when you visit the site. Google does not store any cookies in your browser in the process. According to our information, however, the IP address of the user’s terminal device is transmitted to Google and stored. This processing takes place based on our overriding legitimate interest in the optimal marketing of our offer in accordance with Art. 6 para. 1 f) GDPR

It cannot be ruled out that a data transmission to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA takes place. 

Google is certified under the EU-US Privacy Shield Framework, and to this extent falls under the EU adequacy decision for the USA.

  • Duration of data storage

We store personal data only as long as it is necessary for the purposes for which it is processed or if you have revoked your consent. Insofar as statutory retention obligations must be observed, the storage period for certain data can be up to 10 years, regardless of the processing purposes.

  • Your data subject rights

  • Information 

Upon request, you will receive information free of charge at any time about all personal data that we have stored about you.

  • Correction, deletion, restriction of processing (blocking), objection 

If you no longer agree to the storage of your personal data or if this data has become incorrect, we will arrange for the deletion or blocking of your data or make the necessary corrections (insofar as this is possible under the applicable law) in response to a corresponding instruction. The same applies if we are only to process data in a restrictive manner in the future. You have a right of objection in particular in cases where your data is required due to the performance of a task that is in the public interest or the data processing is based on our legitimate interest, as well as profiling based on this. You also have such a right of objection in the event of data processing for the purpose of direct advertising.

  • Right of revocation for consents with effect for the future

You can revoke consents granted at any time with effect for the future. Your revocation does not affect the lawfulness of the processing until the time of revocation. 

  • Data portability 

If data processing takes place based on a contract, pre-contractual negotiations, consent or with the help of automated processes, you have the right to data portability. Upon request, we will provide you with your data in a common, structured and machine-readable format so that you can transfer the data to another responsible party upon request.

  • Restriction of processing

Data for which we are not able to identify the data subject, e.g. if it has been anonymized for analysis purposes, is not covered by the above rights. Information, deletion, blocking, correction or transfer to another company may be possible in relation to this data if you provide us with additional information that allows us to identify you.

  • Exercise of your data subject rights and right of appeal

If you have any questions regarding the processing of your personal data, if you wish to obtain information, correct, block, object to or delete data, or if you wish to have your data transferred to another company, please contact us at privacy@steinbeis-next.de.

You also have the possibility to complain to a supervisory authority about your data protection rights.