PRIVACY POLICY

This privacy policy explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online services and associated websites, functions and content, as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as “online services”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Article 4 of the German Datenschutz-Grundverordnung (General Data Protection Regulation – GDPR).

Data Controller

Hoffnungsträger Foundation
Marcus Witzke (CEO)
Heinrich-Längerer-Str. 27
71229 Leonberg
Tel 07152/56983-0

Data Protection Officer

Andreas Winnes
OMNI PC Systemintegration GmbH
Mollenbachstraße 14
71229 Leonberg
Telefon: +49 71 52 – 33 110 -60
E-Mail: awinnes@omnipc.de

Information

Types of data processed

• Master data (e.g. names, addresses).
• Contact details (e.g. email, telephone numbers).
• Content data (e.g. text entries, photographs, videos).
• Usage data (e.g. websites visited, interest in content, access times).
• Meta/communication data (e.g. device information, IP addresses)

Purpose of processing

• Provision of online services, their functions and content
• Responding to contact enquiries and communicating with users
• Security measures
• Media reach measurement/marketing
• Provision and arrangement of language mediation services

Purpose of processing

• Provision of online services, their functions and content
• Responding to contact enquiries and communicating with users
• Security measures
• Media reach measurement/marketing
• Provision and arrangement of language mediation services
• Provision of online services, their functions and content
• Responding to contact enquiries and communicating with users
• Security measures
• Media reach measurement/marketing
• Provision and arrangement of language mediation services

Terms used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.

The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Relevant legal bases

In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing. Where the legal basis is not specified in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR; the legal basis for processing to fulfil our services, carry out contractual measures and respond to enquiries is Article 6(1)(b) of the GDPR; the legal basis for processing to fulfil our legal obligations is Article 6(1)(c) of the GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) of the GDPR. In the event that the vital interests of the data subject or another natural person necessitate the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.

Security measures

We ask you to review the content of our privacy policy regularly. We will update the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require action on your part (e.g. consent) or any other individual notification.

Cooperation with data processors and third parties

Where, in the course of our data processing, we disclose data to other persons or organisations (data processors or third parties), transfer it to them or otherwise grant them access to the data, this is done only on the basis of a legal authorisation (e.g. where the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Article 6(1)(b) of the GDPR), you have given your consent, a legal obligation requires it, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

Where we engage third parties to process data on the basis of a so-called ‘data processing agreement’, this is done in accordance with Article 28 of the GDPR.

Transfers to third countries

Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or where this occurs in the context of using third-party services or the disclosure or transfer of data to third parties, this takes place only where it is necessary for the fulfilment of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to statutory or contractual permissions, we process or have the data processed in a third country only if the specific conditions of Articles 44 et seq. of the GDPR are met. This means that processing takes place, for example, on the basis of specific safeguards, such as an officially recognised determination that a level of data protection equivalent to that of the EU is in place, or compliance with officially recognised specific contractual obligations (so-called ‘standard contractual clauses’).

Rights of data subjects

You have the right to request confirmation as to whether data concerning you is being processed, as well as access to this data, further information and a copy of the data in accordance with Article 15 of the GDPR.

You have the right, in accordance with Article 16 of the GDPR, to request that data concerning you be completed or that incorrect data concerning you be rectified.

In accordance with Article 17 of the GDPR, you have the right to request that the data in question be erased without delay, or alternatively, in accordance with Article 18 of the GDPR, to request a restriction on the processing of the data.

You have the right to request that the data concerning you which you have provided to us be returned to you in accordance with Article 20 of the GDPR and to request that it be transferred to other controllers.

You also have the right, pursuant toRights of data subjects
Article 77 of the GDPR, to lodge a complaint with the competent supervisory authority.

Right to withdraw consent
You have the right to withdraw any consent given in accordance with Article 7(3) of the GDPR with effect for the future

Right to object
You may object at any time to the future processing of data concerning you in accordance with Article 21 of the GDPR. In particular, you may object to processing for the purposes of direct marketing.

‘Cookies’ are small files that are stored on users’ computers. Various pieces of information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, also known as “session cookies” or “transient cookies”, are cookies that are deleted once a user leaves an online service and closes their browser. Such a cookie may, for example, store the contents of a shopping basket in an online shop or a login status. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status may be stored if users return to the site after several days. Similarly, such a cookie may store the user’s interests, which are used for media reach measurement or marketing purposes. ‘Third-party cookies’ are cookies provided by providers other than the controller operating the online service (otherwise, if only the controller’s own cookies are used, these are referred to as ‘first-party cookies’).

We may use temporary and permanent cookies, and provide further information on this in our privacy policy.

If users do not wish cookies to be stored on their computer, they are asked to deactivate the relevant option in their browser’s settings. Stored cookies can be deleted via the browser’s settings. Disabling cookies may result in functional limitations of this website.

A general objection to the use of cookies for online marketing purposes can be made for a wide range of services, particularly in the case of tracking, via the US website https://www.aboutads.info/choices/ or and the EU website https://www.youronlinechoices.com. Furthermore, the storage of cookies can be prevented by disabling them in your browser settings. Please note that, in such cases, you may not be able to use all the features of this website.

Deletion of data

The data we process is deleted or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us at will be deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing its deletion. If the data is not deleted because it is required for other, legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

In accordance with legal requirements in Germany, data is retained in particular for 6 years pursuant to Section 257(1) of the German Commercial Code (HGB) (commercial ledgers, inventories, opening balance sheets, annual financial statements, commercial correspondence, accounting documents, etc.) and for 10 years in accordance with Section 147(1) of the German Fiscal Code (AO) (ledgers, records, management reports, accounting documents, commercial and business correspondence, documents relevant for taxation, etc.).

In accordance with statutory requirements in Austria, records are retained for 7 years in particular pursuant to Section 132(1) of the Federal Tax Code (BAO) (accounting records, vouchers/invoices, accounts, supporting documents, business papers, statements of income and expenditure, etc.), for 22 years in connection with real estate, and for 10 years for documents relating to electronically supplied services, telecommunications, radio and television services provided to non-business customers in EU Member States for which the Mini One-Stop Shop (MOSS) is used.

Collection of access data and log files

We, or our hosting provider, collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Article 6(1)(f) of the GDPR. Access data includes the name of the webpage accessed, the file, the date and time of access, the amount of data transferred, a notification of successful access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.

Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and is then deleted. Data that must be retained for further evidence purposes is exempt from deletion until the respective incident has been fully clarified.

Provision of our statutory and contractual services

We process the data of our members, supporters, prospective clients, customers or other individuals in accordance with Article 6(1)(b) of the GDPR, provided that we offer them contractual services or act within the framework of an existing business relationship, e.g. with members, or are ourselves recipients of services and contributions. Furthermore, we process the data of data subjects in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interests, e.g. in the case of administrative tasks or public relations work.

The data processed in this context, as well as the nature, scope, purpose and necessity of its processing, are determined by the underlying contractual relationship. This generally includes personal records and master data (e.g. name, address, etc.), as well as contact details (e.g. email address, telephone number, etc.), contractual data (e.g. services used, content and information provided, names of contact persons) and, where we offer services or products subject to payment, payment details (e.g. bank details, payment history, etc.).

We delete data that is no longer required for the fulfilment of our statutory and business purposes. This is determined in accordance with the respective tasks and contractual relationships. In the case of business-related processing, we retain the data for as long as it may be relevant for the conduct of business, as well as with regard to any warranty or liability obligations. The necessity of retaining the data is reviewed every three years; otherwise, the statutory retention obligations apply.

Contact form and contacting us by email

If you contact us via the contact form or by email, your details, including

first name, surname and title, will be stored for the purpose of processing your enquiry and for any follow-up questions. You must provide an email address, your name and the name of your company. This data will not be passed on without your consent.

The legal basis for data processing is our legitimate interest pursuant to Article 6(1)(f) of the GDPR and, where applicable, Article 6(1)(b) of the GDPR, if your enquiry is aimed at concluding a contract. Your data will be deleted once processing is complete, provided there are no statutory retention obligations. You may object to the processing of your personal data at any time.

Newsletter

If you would like to receive our newsletter with regular updates on our offers and products, we require your email address.

Additional data helps us to address you personally and/or identify you should you wish to exercise your rights as a data subject.

We use the double opt-in procedure to send the newsletter. This means that you will only receive our newsletter once you have confirmed your consent. To do this, you will receive an email containing a confirmation link. By confirming, you give us your consent in accordance with Article 6(1)(a) of the GDPR to use your personal data for the purpose of sending the newsletter.

When you subscribe, we store your email address, IP address, and the date and time of your subscription and confirmation to enable us to trace any potential misuse. You can unsubscribe from the newsletter at any time via the link included in every newsletter or by email. Once you have unsubscribed, your email address will be deleted from our mailing list, provided that continued use of the data is not permitted by law.

Our newsletters are sent via the service provider salesforce.com, to whom we pass on your data. This transfer is carried out in accordance with Article 6(1)(f) of the GDPR and serves our legitimate interest in a secure and user-friendly newsletter system. Your data is stored on salesforce.com’s servers in the USA and used for statistical analysis.

Web beacons and tracking pixels are used to determine whether the newsletter has been opened and which links have been clicked. The data is collected in pseudonymised form and is used exclusively for statistical analysis to better tailor future newsletters to the interests of the recipients.

If you wish to object to this data analysis, you must unsubscribe from the newsletter. We have entered into a data processing agreement with salesforce.com to protect our customers’ data. Further information can be found in salesforce.com’s privacy policy.

We use Mailchimp, a service provided by Intuit Inc., to send newsletters relating to sponsorship programmes. In doing so, personal data such as your name and email address is processed and stored in the USA. Processing is carried out on the basis of your consent. Further information can be found in Mailchimp’s privacy policy: https://mailchimp.com/legal/privacy/

Salesforce

We use Salesforce as our CRM system and Account Engagement (formerly Pardot) from Salesforce.com, Inc. as our marketing platform.

The purpose of data processing includes advertising and marketing activities, as well as optimising the user experience. Various technologies are used to collect and process data. Typical technologies include cookies and pixels placed in the browser. These include cookies, web beacons and log files. These technologies enable us to optimise the user experience and improve our marketing activities.

This list contains all (personal) data collected by or through the use of this service:

Browser type
Device ID
Device operating system
IP address
Log file data
Number of page views
Information on third-party providers
Usage data
Legal basis: Article 6(1)(a) of the GDPR
The data collected is primarily processed in Germany and the United States of America. Should the data also be processed in other countries, you will be informed separately.

Data will be deleted as soon as it is no longer required for the purposes for which it was processed.

When using our service, the data collected may be transferred to countries such as the United Kingdom and the United States of America. Please note that these countries may not have the necessary data protection standards in place. Further information on the security measures can be found in the privacy policy of our data recipient: Salesforce.com, Inc.

The maximum retention period for cookies is 10 years. Stored information will be handled in accordance with this policy.

Stored information:

Name: visitor_id; This is used to track the website visitor.; Type: cookie; Duration: 10
years; Domain: pardot;
Name: pi_opt_in; This is used to check if the user has allowed tracking.; Type: cookie;
Duration: 10 years;
Name: lpv; This is set to prevent the service from tracking multiple page views on a single asset during a 30-minute session. ; Type: cookie; Duration: 10 years;
Name: pardot; Used in the context of Account-Based Marketing (ABM). The cookie records data such as IP addresses, time spent on the website and page requests for the visit. This is used for retargeting multiple users originating from the same IP addresses. ABM is typically used for B2B marketing purposes.; Type: cookie; Duration: Session;
Name: campaign_id#; Used in the context of Account-Based Marketing (ABM). The cookie records data such as IP addresses, time spent on the website and page requests for the visit. This is used for retargeting multiple users originating from the same IP addresses. ABM is typically used for B2B marketing purposes.; Type: cookie; Duration: Session;
Name: account_id#; Used in connection with Account-Based Marketing (ABM). The cookie records data such as IP addresses, time spent on the website and page views for the visit. This is used for retargeting multiple users originating from the same IP addresses. ABM usually facilitates B2B marketing purposes.; Type: cookie; Duration: Session;

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (‘Google’), on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services within the meaning of Article 6(1)(f) of the GDPR). Google uses cookies. The information generated by the cookie regarding users’ use of the online service is usually transmitted to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate how users use our online service, to compile reports on the activities within of this online service, and to provide us with further services related to the use of this online service and internet usage. In doing so, pseudonymous user profiles may be created from the processed data.

We only use Google Analytics with IP anonymisation enabled. This means that the user’s IP address is truncated by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.

The IP address transmitted by the user’s browser is not merged with other data held by Google. Users can prevent the storage of cookies by adjusting their browser software settings accordingly; users can also prevent the collection of data generated by the cookie and relating to their use of the online service by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on Google’s use of data, as well as options for settings and objections, can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

Users’ personal data is deleted or anonymised after 14 months.

Google Re/Marketing Services

Google Re/Marketing-Services

n the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services within the meaning of Article 6(1)(f) of the GDPR), we use the marketing and remarketing services (hereinafter “Google Marketing Services”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner, so as to present users only with adverts that potentially match their interests. If, for example, a user is shown adverts for products in which they have expressed an interest on other websites, this is referred to as “remarketing”. For these purposes, when our website or other websites where Google Marketing Services are active are accessed, a Google code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as ‘web beacons’) are embedded in the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). The cookies may be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which web pages the user has visited, what content they are interested in and which offers they have clicked on, as well as technical information about the browser and operating system, referring web pages, time of visit and further details regarding the use of the online service. The user’s IP address is also recorded; however, we would like to point out that, within the scope of Google Analytics, the IP address is truncated within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area, and is only transmitted in full to a Google server in the USA and truncated there in exceptional cases. The IP address is not merged with the user’s data within other Google services. The information mentioned above may also be combined by Google with such information from other sources. If the user subsequently visits other websites, they may be shown advertisements tailored to their interests.

User data is processed pseudonymously within the framework of Google Marketing Services. This means that Google does not, for example, store or process the user’s name or email address, but instead processes the relevant data on a cookie-by-cookie basis within pseudonymous user profiles. This means that, from Google’s perspective, the adverts are not managed and displayed for a specifically identified individual, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google Marketing Services about users is transmitted to Google and stored on Google’s servers in the USA.

The Google marketing services we use include, amongst others, the online advertising programme ‘Google AdWords’. In the case of Google AdWords, each AdWords customer receives a different ‘conversion cookie’. Cookies cannot therefore be tracked across the websites of AdWords customers. The information collected via the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are informed of the total number of users who clicked on their advert and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

We may integrate third-party advertisements based on the Google marketing service ‘AdSense’. AdSense uses cookies that enable Google and its partner websites to display adverts based on users’ visits to this website or other websites on the internet.

Furthermore, we may use “Google Tag Manager” to integrate and manage Google’s analytics and marketing services on our website.

Further information on Google’s use of data for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads; Google’s privacy policy is available at https://www.google.com/policies/privacy.

If you wish to object to interest-based advertising by Google Marketing Services, you can use the settings and opt-out options provided by Google: https://www.google.com/ads/preferences.

Online Presence on Social Media

We maintain online presences on social networks and platforms in order to communicate with customers, prospective customers and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within the social networks and platforms, e.g. by posting on our online presences or sending us messages.

Integration of third-party services and content

Within our online services, we incorporate content and services from third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services within the meaning of Article 6(1)(f) of the GDPR) to integrate content or services from third-party providers, such as videos or fonts (hereinafter collectively referred to as “content”).

This always requires that the third-party providers of this content collect the user’s IP address, as they would be unable to send the content to the user’s browser without it. The IP address is therefore necessary for the display of this content. We endeavour to use only such content whose respective providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as ‘web beacons’) for statistical or marketing purposes. Pixel tags enable information such as visitor traffic on the pages of this website to be analysed. The pseudonymous information may also be stored in cookies on the user’s device and may include, amongst other things, technical information about the browser and operating system, referring websites, time of visit and further details regarding the use of our online service, as well as being linked to such information from other sources.

Youtube

We embed videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/.

Use of Facebook Social Plugins

Wir nutzen auf Grundlage unserer berechtigten Interessen (d.h. Interesse an der Analyse, Optimierung und wirtschaftlichem Betrieb unseres Onlineangebotes im Sinne des Art. 6 Abs. 1 lit. f. DSGVO) Social Plugins („Plugins“) des sozialen Netzwerkes facebook.com, welches von der Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland betrieben wird („Facebook“). Die Plugins können Interaktionselemente oder Inhalte (z.B. Videos, Grafiken oder Textbeiträge) darstellen und sind an einem der Facebook Logos erkennbar (weißes „f“ auf blauer Kachel, den Begriffen „Like“, „Gefällt mir“ oder einem „Daumen hoch“-Zeichen) oder sind mit dem Zusatz „Facebook Social Plugin“ gekennzeichnet. Die Liste und das Aussehen der Facebook Social Plugins kann hier eingesehen werden: https://developers.facebook.com/docs/plugins/.

Wenn ein Nutzer eine Funktion dieses Onlineangebotes aufruft, die ein solches Plugin enthält, baut sein Gerät eine direkte Verbindung mit den Servern von Facebook auf. Der Inhalt des Plugins wird von Facebook direkt an das Gerät des Nutzers übermittelt und von diesem in das Onlineangebot eingebunden. Dabei können aus den verarbeiteten Daten Nutzungsprofile der Nutzer erstellt werden. Wir haben daher keinen Einfluss auf den Umfang der Daten, die Facebook mit Hilfe dieses Plugins erhebt und informiert die Nutzer daher entsprechend unserem Kenntnisstand.

Durch die Einbindung der Plugins erhält Facebook die Information, dass ein Nutzer die entsprechende Seite des Onlineangebotes aufgerufen hat. Ist der Nutzer bei Facebook eingeloggt, kann Facebook den Besuch seinem Facebook-Konto zuordnen. Wenn Nutzer mit den Plugins interagieren, zum Beispiel den Like Button betätigen oder einen Kommentar abgeben, wird die entsprechende Information von Ihrem Gerät direkt an Facebook übermittelt und dort gespeichert. Falls ein Nutzer kein Mitglied von Facebook ist, besteht trotzdem die Möglichkeit, dass Facebook seine IP-Adresse in Erfahrung bringt und speichert. Laut Facebook wird in Deutschland nur eine anonymisierte IP-Adresse gespeichert.

Zweck und Umfang der Datenerhebung und die weitere Verarbeitung und Nutzung der Daten durch Facebook sowie die diesbezüglichen Rechte und Einstellungsmöglichkeiten zum Schutz der Privatsphäre der Nutzer, können diese den Datenschutzhinweisen von Facebook entnehmen: https://www.facebook.com/about/privacy/.

Wenn ein Nutzer Facebookmitglied ist und nicht möchte, dass Facebook über dieses Onlineangebot Daten über ihn sammelt und mit seinen bei Facebook gespeicherten Mitgliedsdaten verknüpft, muss er sich vor der Nutzung unseres Onlineangebotes bei Facebook ausloggen und seine Cookies löschen. Weitere Einstellungen und Widersprüche zur Nutzung von Daten für Werbezwecke, sind innerhalb der Facebook-Profileinstellungen möglich: https://www.facebook.com/settings?tab=ads  oder über die US-amerikanische Seite https://www.aboutads.info/choices/  oder die EU-Seite https://www.youronlinechoices.com/. Die Einstellungen erfolgen plattformunabhängig, d.h. sie werden für alle Geräte, wie Desktopcomputer oder mobile Geräte übernommen.

Learnworlds digital learning platform

1. Definitionen und Auslegung

In dieser Richtlinie haben die folgenden Begriffe die nachstehende Bedeutung:

• „Account“: bezeichnet zusammenfassend die persönlichen Informationen, Zahlungsinformationen und Zugangsdaten, die von Nutzern verwendet werden, um auf Inhalte und/oder Kommunikationssysteme der Website zuzugreifen.
• „Inhalt“: bezeichnet jeglichen Text, Grafiken, Bilder, Audio-, Video-, Software-, Datenzusammenstellungen und jede andere Form von Informationen, die auf einem Computer gespeichert werden können und auf dieser Website erscheinen oder Teil davon sind.
• „Cookie“: bezeichnet eine kleine Textdatei, die von Ltd auf Ihrem Computer gespeichert wird, wenn Sie bestimmte Teile dieser Website besuchen. Dies ermöglicht uns, wiederkehrende Besucher zu identifizieren und deren Surfverhalten auf der Website zu analysieren.
• „Daten“: bezeichnet alle Informationen, die Sie der Website übermitteln. Dies umfasst unter anderem Accountdaten und Informationen, die über unsere Dienste oder Systeme übermittelt werden.
• „Service“: bezeichnet zusammenfassend alle Online-Einrichtungen, Werkzeuge, Dienste oder Informationen, die über die Website jetzt oder zukünftig bereitgestellt werden.
• „System“: bezeichnet jede Online-Kommunikationsinfrastruktur, die über die Website jetzt oder zukünftig bereitgestellt wird. Dazu gehören unter anderem webbasierte E-Mails, Foren, Live-Chat-Funktionen und E-Mail-Links.
• „Nutzer“ / „Nutzerinnen“: bezeichnet jede dritte Person, die auf die Website zugreift.
• „Website“: bezeichnet die aktuell genutzte Website (hoffnungstraeger.learnworlds.com).

2. Erhobene Daten

Folgende Daten werden erhoben:

• Name
• E-Mail-Adresse
• IP-Adresse (automatisch erfasst)
• Webbrowsertyp und -version (automatisch erfasst)
• Betriebssystem (automatisch erfasst)
• Liste von URLs beginnend mit der verweisenden Seite, Ihrer Aktivität auf dieser Website und der Seite, zu der Sie wechseln (automatisch erfasst)
• Cookie-Informationen

3. Nutzung der Daten

3.1 Alle von Ihnen übermittelten personenbezogenen Daten werden von uns zum Zwecke der Nutzung der Lernplattform verarbeitet. Die Daten werden so lange verarbeitet, wie Sie die Lernplattform nutzen.

3.2 Im Rahmen unserer Verarbeitung geben wir Daten an unseren Auftragsverarbeiter (LearnWorlds) weiter. Dies erfolgt auf Grundlage eines Auftragsverarbeitungsvertrages gemäß Art. 28 DSGVO.

3.3 Alle personenbezogenen Daten werden gemäß den Vorgaben der EU-DSGVO verarbeitet. Weitere Informationen zur Sicherheit finden Sie in Abschnitt 6.

3.4 Die oben genannten Daten können von uns gelegentlich benötigt werden, um Ihnen den bestmöglichen Service und die beste Nutzererfahrung zu bieten. Insbesondere können die Daten für folgende Zwecke verwendet werden:

• Interne Dokumentation des Nutzerverhaltens
• Verbesserung unserer Inhalte

4. Zugriff auf Ihre Daten

Sie können jederzeit auf Ihren Account zugreifen, um Ihre Daten einzusehen oder zu ändern.

5. Ihre Rechte

Sie haben das Recht, eine Bestätigung darüber zu verlangen, ob betreffende Daten verarbeitet werden und auf Auskunft über diese Daten sowie auf weitere Informationen und Kopie der Daten entsprechend Art. 15 DSGVO.

Sie haben entsprechend. Art. 16 DSGVO das Recht, die Vervollständigung der Sie betreffenden Daten oder die Berichtigung der Sie betreffenden unrichtigen Daten zu verlangen.

Sie haben nach Maßgabe des Art. 17 DSGVO das Recht zu verlangen, dass betreffende Daten unverzüglich gelöscht werden, bzw. alternativ nach Maßgabe des Art. 18 DSGVO eine Einschränkung der Verarbeitung der Daten zu verlangen.

Sie haben das Recht zu verlangen, dass die Sie betreffenden Daten, die Sie uns bereitgestellt haben nach Maßgabe des Art. 20 DSGVO zu erhalten und deren Übermittlung an andere Verantwortliche zu fordern.

Sie haben ferner gem. Art. 77 DSGVO das Recht, eine Beschwerde bei der zuständigen Aufsichtsbehörde einzureichen.

Sie haben das Recht, erteilte Einwilligungen gem. Art. 7 Abs. 3 DSGVO mit Wirkung für die Zukunft zu widerrufen

Sie können der künftigen Verarbeitung der Sie betreffenden Daten nach Maßgabe des Art. 21 DSGVO jederzeit widersprechen. Der Widerspruch kann insbesondere gegen die Verarbeitung für Zwecke der Direktwerbung erfolgen.

6. Sicherheit

Datensicherheit ist für uns von großer Bedeutung. Zum Schutz Ihrer Daten haben wir geeignete physische, elektronische und organisatorische Maßnahmen getroffen, um die online erhobenen Daten zu sichern.

7. Änderungen dieser Richtlinie

Wir behalten uns das Recht vor, diese Datenschutzhinweise bei Bedarf oder gesetzlicher Verpflichtung zu ändern. Änderungen werden sofort auf der Website veröffentlicht. Mit der weiteren Nutzung der Website nach Änderungen gelten diese als akzeptiert.

Use of the mobile app

IP address

Date and time of the request

App functions or API endpoints accessed

Operating system of the end device

App version

In addition, we process personal data that users provide themselves when using the app, in particular account details (e.g. email address) and content transmitted whilst using the app (e.g. orders, notes or receipt information).

• IP-Adresse
• Datum und Uhrzeit der Anfrage
• aufgerufene App-Funktionen bzw. API-Endpunkte
• Betriebssystem des Endgeräts
• Version der App

Use of the camera
The app allows users to take photos of receipts using the device’s camera and upload them within the app. The processing of image data takes place exclusively at the user’s request and for the purpose of documentation within the app. Access to the camera is granted only with the user’s prior consent.

Push notifications
If users enable push notifications, we process a device-specific push token to deliver the notifications. We use the OneSignal service for sending notifications. Delivery takes place via the push services of the respective platform providers (Apple Push Notification Service or Firebase Cloud Messaging). Push notifications can be disabled at any time via the device settings.

Logging
We process server and application logs to ensure technical operations, as well as for error analysis and IT security. These logs contain, in particular, the IP address, time of access, and technical status and error messages, and are deleted once the required retention periods have expired.