Imprint, Legal Information and Privacy Policy

Imprint

Burda Education GmbH
Arabellastraße 23
81925 Munich
Germany

Registered office: Amtsgericht München
Commercial register number: HRB 242346
Managing Directors: Massimo Monti, Martin Weiss

Phone: +49 89 9250 2599
E-Mail: mail@burdaeducation.com

All rights reserved.

The content of this website is copyright protected. Burda Education GmbH nonetheless grants you the right to save and distribute texts from the section entitled “News”.

Unless stated otherwise, all photographs, graphics and other files from the website may only be saved and distributed provided they mention by source as “BurdaEducation”.

Burda Education GmbH does not provide any guarantees that the information published on this website is up to date, accurate and complete, nor does it accept any liability in this respect.

We have endeavoured to identify the holders of the rights to all of the images used on this website.

However, should we have overlooked any entitlements, please do not hesitate to advise us of this.

© 2018 Burda Education GmbH. All Rights Reserved.

Data Privacy Statement

Please find below our statement on the processing of personal data by our company in accordance with the legal requirements, particularly the EU General Data Protection Regulation (GDPR) – available here

Contents:

I.     General information

1.     Definition of main terms

2.     Scope of validity

3.     Controller

4.     Data protection officer

II.    Itemisation of data processing operations

1.     General information about the data processing operations

2.     Accessing our services

3.     Newsletter subscriptions

4.     Applications

5.     Data processing on our Facebook fan page

6.     Data processing on our Instagram fan page

7.     Tracking

III.    Rights of data subjects

1.     Right to object

2.     Right of access

3.     Right to rectification

4.     Right to erasure (“right to be forgotten”)

5.     Right to restriction of processing

6.     Right to data portability

7.     Right to withdraw consent

8.     Right of appeal

I.     General information

This section of the data privacy statement contains information on the scope of validity, the person responsible for data processing (controller), the data protection officer and data security. It also begins with a list of definitions of important terms used in the data privacy statement.

1.      Definition of main terms

Browser: Computer program used to display websites (e.g. Chrome, Firefox, Safari)

Cookies: Text files placed on the user’s computer by the web server by means of the browser which is used. The stored cookie information may contain both an identifier (cookie ID) for recognition purposes and content data, such as login status or information about websites visited. The browser sends the cookie information back to the web server with each new request upon subsequent repeat visits to these sites. Most browsers accept cookies automatically. Cookies can be managed using the browser functions (usually under “Options” or “Settings”). The storage of cookies may be disabled in this way or it may be made dependent on the user’s approval in any given case or otherwise restricted. Cookies may also be deleted at any time.

Third countries: Countries outside of the European Union (EU)

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), available here

Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Services: Our offers to which this data privacy statement applies (cf. Scope of validity).

Tracking: The collection of data and their evaluation regarding the behaviour of visitors in response to our services.

Tracking technologies: Actions can be tracked either via the activity records stored on our web servers (log files) or by collecting data from end devices via pixels, cookies or similar tracking technologies.

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Pixel: Pixels are also called tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on websites. When a document is opened, this small image is downloaded from a server on the Internet and the download is registered there. This allows the operator of the server to see if and when an email has been opened or a website has been visited. This function is usually carried out by calling up a small program (JavaScript). Certain types of information can be detected on your computer system in this way and shared, such as the content of cookies, the time and date of the visit, and a description of the page on which the tracking pixel is located.

2.    Scope of validity

This data privacy statement applies to the following services:

•    Our online offering “http://burdaeducation.com/legal-information/ (website), mainly available at www.burdaeducation.com

•  Whenever reference is made to this data privacy statement from one of our offers (e.g. websites, subdomains, mobile applications, web services or links to third-party sites), regardless of the way in which it is accessed or used.

All of these offers are also collectively referred to as “services”.

3.    Controller

The following party is responsible for the processing of data in relation to the services, i.e. the role of controller which involves determining the purposes and means of processing personal data:

Burda Education GmbH

Arabellastraße 23

81925 München

Tel.: 089 / 9250 – 0

Email: mail@burdaeducation.com

4.    Data protection officer

The contact details of our data protection officer are given in paragraph 3. Messages should be marked for the attention of the data privacy department or sent via burdaeducation@datenschutzanfrage.de

II.     Itemisation of data processing operations

This section of the data privacy statement contains detailed information about the processing of personal data in the context of our services. The information is subdivided for greater clarity into certain functions in connection with our services. Where the services are used in the normal way, different functions and therefore also different processing operations can be implemented consecutively or simultaneously.

1.    General information about the data processing operations

The following applies to all the processing operations listed below, unless stated otherwise:

a)    No obligation to provide personal data & consequences of failure to provide such data

The provision of personal data is not required by law or contract, and you are under no obligation to provide any data. We will inform you during the data entry process when personal information must be provided for the relevant service (e.g. by indicating “mandatory field”). In cases where the provision of data is required, the consequence of not providing data will be that the service in question cannot be provided. Otherwise, failure to provide data may result in our inability to provide our services in the same form and quality.

b)    Consent

In various cases, you may also grant us your consent to the further processing of data (or some of the data, where applicable) in connection with the operations listed below. In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all the procedures and the scope of the consent and concerning the purposes which we pursue in these processing operations. The processing operations based on your consent are therefore not listed again here (Art. 13 (4) GDPR).

c)    Transfer of personal data to third countries

When we send data to third countries, i.e. countries outside of the European Union, the data are then transmitted strictly in compliance with the statutory conditions of admissibility.

If the transmission of the data to a third country does not serve the purpose of fulfilling our contract with you, if we do not have your consent, if the transmission is not required for asserting, exercising or defending legal claims, and if no other exemption applies under Art. 49 GDPR, we will only transmit your data to a third country if in possession of an adequacy decision pursuant to Art. 45 GDPR or appropriate guarantees under Art. 46 GDPR.

One of these adequacy decisions is the Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the “EU-US Privacy Shield” for the USA. The level of data protection is generally considered to be appropriate according to Art. 45 GDPR for transfers to companies which are certified under the EU-US Privacy Shield.

Alternatively, or additionally, guarantees under Art. 46 (2) c) GDPR through the conclusion of the EU standard data protection clauses adopted by the European Commission with the receiving body provide appropriate safeguards and an adequate level of data protection. Copies of the standard EU data protection clauses are available on the website of the European Commission here

d)   Hosting at external service providers

Our data processing work is carried out to a large extent with the involvement of hosting service providers who provide us with storage space and processing capacities at their data centres and who also process personal data on our behalf according to our instructions. It may be the case that personal data are transmitted to hosting service providers in respect of all of the functions listed below. These service providers process data either exclusively in the EU or subject to guaranteed levels of data protection which we have put in place based on the standard EU data protection clauses (cf. subsection c).

e)   Transmission to government authorities

We send personal information to government authorities (including law enforcement agencies) when required to fulfil a legal obligation to which we are subject (legal basis: Art. 6 (1) c) GDPR) or when it is necessary for the assertion, exercise or defence of legal claims (legal basis: Art. 6 (1) f) GDPR).

f)     Period of storage

The time specified in the “period of storage” paragraph indicates how long we use the data for the relevant purposes in any given case. At the end of this period, the data will no longer be processed by us but will be erased at regular intervals, unless continued processing and storage are required by law (mainly because it is necessary to fulfil a legal obligation or for the establishment, exercise or defence of legal claims) or unless you grant us extended consent.

g)   Functional life from Cookies

The data processing operations described in the following sections are partly carried out with the aid of Cookies. The data stored in a cookie can only be accessed via the Internet by the operator of the web server that originally set the cookie. Access by third parties to this way is not possible. The Cookies have different functional durations. Some Cookies are only active during a browser session and are deleted afterwards, others work for longer periods of time, but usually for less than a year. After the function period has expired, a cookie gets deleted by the Browser. You can administrate Cookies using the browser functions (usually under “Options” or “Settings”). This allows that the saving of Cookies can be deactivated, makes the saving dependent on your consent in individual cases or otherwise being restricted. You can also delete Cookies at any time.

h)   Data categories

The category names listed below are used for specific types of data in the following sections:

•      Account data: Login/user ID and password

•      Personal master data: Title, salutation/gender, forename, surname, date of birth

•      Address data: Street, house number, additional address lines (where applicable), postcode, city, country

•      Contact data: Telephone number(s), fax number(s), email address(es)

•      Login data: Information about the service via which you logged on; times and technical information on login, authentication and logout; data entered by you
when logging on

•      Purchase order data: Products ordered, prices, payment and delivery information

•      Payment data: Account information, credit card details, data for other payment services like PayPal

•      Newsletter user profile data: Opening of newsletter (date and time), contents, selected links, as well as the following information relating to the computer
system accessing the newsletter: Internet Protocol address used (IP address), browser type, browser version, device type, operating system and similar
technical information.

•      Access data: Date and time of visit to our services; the page from which the system accessed our site; pages visited during the session; session identification
data (session ID), as well as the following information relating to the computer system accessing the service: Internet Protocol address used (IP address),
browser type, browser version, device type, operating system and similar technical information.

2.   Accessing our services

The passages below set out how your personal data are processed when you access our services (e.g. loading and viewing the website, opening the mobile app and navigating within the app). We would point out in particular that it is impossible not to send access data to external content providers (cf. subsection b) due to the technical processes involved in transmitting information over the Internet. The third-party providers are themselves responsible for the privacy-compliant operation of the IT systems which they use. The service providers are required to decide how long the data will be stored.

a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage

Data category:
Access data
Purpose:
Establishing connection; presenting contents of the service; detecting attacks on our site due to unusual activities; fault diagnosis
Legal basis:
Art. 6 (1) f) GDPR
Our legitimate interest: Proper functioning of the services; security of data and business processes; prevention of misuse; prevention of damage through interference in information systems
Period of storage:
Four weeks

b) Recipients of the personal data

Recipient category:
External content providers who provide content which is needed to display the service (e.g. images, videos, embedded postings from social networks, banner ads, fonts, update information, shortened links)
Data concerned:
Access data
Legal basis:
Art. 6 (1) f) GDPR
Our legitimate interest: Proper functioning of the services; (accelerated) display of content
Recipient category:
IT security service providers
Data concerned:
Access data
Legal basis:
Art. 6 (1) f) GDPR
Our legitimate interest:
Prevention of attacks through exploitation of security gaps/vulnerabilities

3.      Newsletter subscriptions

The tables below show how your personal data are processed when you subscribe to a newsletter:

a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage

Data category:
Email address
Purpose:
Verification of the application (double opt-in procedure); sending of the newsletter
Legal basis:
Art. 6 (1) b) GDPR
Period of storage:
Duration of newsletter subscription
Data category:
Personal master data
Purpose:
Personalisation of newsletter
Legal basis:
Art. 6 (1) b) GDPR
Period of storage:
Duration of newsletter subscription
Data category:
Login data
Purpose:
Traceability of newsletter registration/confirmation/deregistration
Legal basis:
Art. 6 (1) b) and f) GDPR
Our legitimate interest:
Proof of successful newsletter registration/confirmation/deregistration
Period of storage:
Duration of newsletter subscription
Data category:
Newsletter usage profile data
Purpose:
Reflection of interests in the composition of the newsletter
Legal basis:
Art. 6 (1) f) GDPR
Our legitimate interest:
Improvement of our service, promotional purposes
Period of storage:
Duration of newsletter subscription

b) Recipients of the personal data

Recipient category:
Newsletter distribution service providers
Data concerned:
All data listed under (a) in this section
Legal basis:
Art. 28 GDPR

4.      Applications

The tables below set out how your personal data are processed in connection with an application process between us and yourself to work.

Purpose of data processing, legal basis, legitimate interests (where applicable), and term of storage

Data category:
Address data; contact details
Purpose:
Identification; establishment of contact; communication for initial contract negotiations
Legal basis:
Art. 6 (1) b) GDPR
Period of storage:
Four months
Data category:
Personal master data
Purpose:
Identification; establishment of contact; age verification
Legal basis:
Art. 6 (1) b) GDPR
Period of storage:
Four months
Data category:
Information about appearance, such as body measurements, hair colour, eye colour
Purpose:
Candidate selection
Legal basis:
Art. 6 (1) b) GDPR
Period of storage:
Four months
Data category:
Images uploaded by you; information on occupation/hobbies; answers in profile questionnaire
Purpose:
Candidate selection
Legal basis:
Art. 6 (1) b) GDPR
Period of storage:
Four months

5.        Data processing on our Facebook fan page

We operate this fan page on the platform provided by Facebook Inc., 1601 S. California Avenue, Palo Alto, CA, 94304, USA (Facebook Privacy Policy). Every selection and interaction on our fan page will entail the processing of data, regardless of whether you have a Facebook account or not. If you are logged in through your account, Facebook Inc. will merge the fan page access information with your account information and may use this to create profiles. If you do not wish to be subject to such profiling, please log out before visiting our fan page.

The “Facebook Insights” tool allows us to process statistical data from our fan page, such as the total number of page views, information about “likes”, page usage, post interaction, video views, post reach, comments, shared content, responses, proportion of male and female visitors to our website, their origin by country and city, language, views and clicks in the shop, clicks on route planners and clicks on phone numbers. This is based on our legitimate interest (Art. 6 (1) f) GDPR) in making contributions to the site more attractive or finding the right time for publication.

You have the right of access to information, to erasure and rectification of your data, to restriction of processing and to data portability, and you have the right to object to the processing and to lodge a complaint with the supervisory authority. You may assert these rights both to Facebook Inc. [contact form] and to ourselves burdaeducation@datenschutzanfrage.de, in which case we will forward your requests to Facebook Inc. in accordance with our agreement with Facebook.

We are jointly responsible for the processing of your data therefore we have a Page Controller Addendum agreement with Facebook.

6.        Data processing on our Instagram fan page

We run this fan page on the “Instagram.com” platform provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) (Instagram Privacy Policy). Every selection and interaction on our fan page will entail the processing of data, regardless of whether you have an Instagram or Facebook account or not. If you are logged in through your account, the operators of Instagram and/or their affiliates will merge information about the fan page visit with your account information, where applicable, and may use this to create profiles. If you do not wish to be subject to such profiling, please log out before visiting our fan page.

The “Instagram Insights” tool allows us to process statistical data from our fan page, such as gender, age range, location, page views, interactions and information about paid-for interactions, reach, accounts reached, impressions and impressions per day. This is based on our legitimate interest (Art. 6 (1) f) GDPR) in making contributions to the site more attractive or finding the right time for publication.

You have the right of access to information, to erasure and rectification of your data, to restriction of processing and to data portability, and you have the right to object to the processing and to lodge a complaint with the supervisory authority. You may assert these rights both to Facebook Ireland Ltd [contact form] and to ourselves burdaeducation@datenschutzanfrage.de, in which case we will forward your requests to Facebook Ireland Ltd in accordance with our agreement with Facebook.

We are jointly responsible for the processing of your data therefore we have a Page Controller Addendum agreement with Facebook.

7.        Tracking: not in use

III.     Rights of data subjects

1. Right to object

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing with future effect, which includes profiling to the extent that it is related to such direct marketing.

You also have the right, at any time with future effect and for reasons pertinent to your particular situation, to object to the processing of your personal data in accordance with Art. 6 (1) e) or f) GDPR; this also applies to any profiling based on these provisions.

The right to object may be exercised free of charge. You can reach us via contact data mentioned in I.4.

Alternative ways of reaching us include the contact details in section I.3 or the following:

By email: burdaeducation@datenschutzanfrage.de

By telephone: 089 / 9250 – 0

2.     Right of access

You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed and, where that is the case, to access the personal data and the other information listed in Art. 15 GDPR.

3.     Right to rectification

You have the right to obtain from us without undue delay the rectification of incorrect personal data concerning you (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4.     Right to erasure (“right to be forgotten”)

You have the right to obtain from us the erasure of personal data concerning you without undue delay if one of the grounds listed in Art. 17 (1) GDPR is applicable and the processing operations are not required for one of the purposes approved in Art. 17 (3) GDPR.

5.     Right to restriction of processing

You are entitled to obtain from us the restriction of the processing of your personal data where one of the conditions laid down in Art. 18 (1) a) to d) GDPR is met.

6.     Right to data portability

You have the right, in respect of the personal data which you have given us, to be provided with these data in a structured, commonly used and machine-readable format and the right to send these data to another controller without any hindrance on our part, insofar as the requirements set out in Art. 20 (1) GDPR are met. In exercising your right to data portability, you have the right to have the personal data transmitted directly by us to another controller where technically feasible.

7.     Right to withdraw consent

If the processing is based on your consent, you have the right to revoke your consent at any time. This will not affect the legality of the processing operations on the basis of the consent until such time as the revocation takes effect.

8.     Right to object

You have the right to lodge a complaint with the supervisory authority responsible for our company. The supervisory authority responsible for our company is as follows:

Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, http://www.lda.bayern.de

Last revised: 24/05/2019