Data Privacy Policy

1. Definitions Under the GDPR

The privacy policy of this website is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand both for the public and for you as customers and business partners. To ensure this, we would first like to explain the terminology used.

In this privacy policy, we use the following terms, among others:

• a) Personal Data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

• b) Data Subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller. In case of doubt, this means you are a data subject.

• c) Processing

Processing means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

• d) Restriction of Processing

Restriction of processing means the marking of stored personal data with the aim of limiting its future processing.

• e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

• f) Pseudonymization

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not attributed to an identified or identifiable natural person.

• g) Controller or Controller Responsible for Processing

The controller or controller responsible for processing is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for its designation may be provided for by Union law or the law of the Member States.

• h) Processor

A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

• i) Recipient

A recipient is a natural or legal person, public authority, agency, or other body to which personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific inquiry under Union law or the law of the Member States are not considered recipients.

• j) Third Party

A third party is a natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process the personal data.

• k) Consent

Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, in the form of a statement or other clear affirmative action, by which the data subject signifies agreement to the processing of personal data relating to them.

The controller of this website within the meaning of the General Data Protection Regulation is:

DIU Dresden International University GmbH
Freiberger Straße 37
01067 Dresden
Germany

Phone: +49 351 40470-0
Email: info@di-uni.de
Website: www.di-uni.de

DIU Dresden International University GmbH is represented by Managing Director Dr. Merle Emre.

Each time you access our website, our website collects a range of general data and information from you. This general data and information is stored in the server log files. The following may be collected:

1. the browser types and versions used,
2. the operating system used by the accessing system,
3. the website from which an accessing system reaches our website, known as the referrer,
4. the subpages accessed on our website by an accessing system,
5. the date and time of access to the website,
6. an anonymized Internet Protocol address (IP address),
7. the internet service provider of the accessing system.

When using this general data and information, our company does not draw any conclusions about you. Rather, this information is required in order to:

1. deliver the content of our website correctly,
2. optimize the content of our website and the advertising for it,
3. ensure the long-term functionality of our information technology systems and the technology of our website, and
4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

This anonymously collected data and information is therefore evaluated by us statistically and also with the aim of increasing data protection and data security within our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data from the server log files is stored separately from all personal data you provide.

Due to statutory requirements, our website contains information that enables quick electronic contact with our company and direct communication with us. This also includes a general address for electronic mail, meaning an email address.

If you contact us by email, the personal data transmitted by you is automatically stored. Such personal data transmitted to us voluntarily by you is stored for the purpose of processing your request or contacting you. This personal data is not disclosed to third parties.

We process and store your personal data only for the period required to achieve the purpose of storage or insofar as this is provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.

If the storage purpose no longer applies, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or erased in accordance with statutory provisions.

Processing on the basis of a legitimate interest (Art. 6(1)(f) GDPR)

For the purpose of evaluating the courses you have attended, we conduct surveys.

Because some of these surveys are transmitted to you electronically and we, but not our lecturers, could trace the survey results back to you based on the answers provided, we also process personal data in this context.

Specifically, the following types of evaluations are conducted:

• course evaluation,
• module evaluation,
• alumni survey.

The evaluation is carried out on the basis of our legitimate interests in continuously improving our modules and curricula, as well as on the basis of our statutory obligation under the Saxon Accreditation Ordinance to continuously review the success of degree programs.

Within the framework of the General Data Protection Regulation, the European legislator has granted you a number of options for asserting your rights, including against us. To comply with our information obligation in this regard, your rights are presented below:

a) Right of Access

You have the right at any time to obtain information about which of your personal data we process.

b) Right to Rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of processing, you also have the right to have incomplete personal data completed, including by means of a supplementary statement.

c) Right to Erasure (Right to Be Forgotten)

You may request that we erase your personal data without undue delay if there is no longer a legal basis for further storage by our company. If we have made your personal data public and are obliged to erase it, we will take reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, to inform controllers that process the personal data that you have requested erasure by us of all links to, or copies or replications of, that personal data.

d) Right to Restriction of Processing

You have the right to request that we restrict processing where one of the following conditions applies:

•  You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
• The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead.
• We no longer need the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims.
• You have objected to processing pursuant to Art. 21(1) GDPR, and it has not yet been determined whether our legitimate grounds override yours.

e) Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to have this data transmitted to another controller without hindrance from us.

f) Right to Object

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is based on Art. 6(1)(e) or (f) GDPR. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims.

g) Complaint to a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that the legal requirements have not been fully observed when your personal data is processed. In such cases, you may of course also contact our company data protection officer, including confidentially, for example at zentrale@dids.de.

h) Right to Withdraw Consent Under Data Protection Law

You have the right to withdraw consent to the processing of personal data at any time.

If you would like to withdraw consent, you may contact the following office at any time:

DIU Dresden International University GmbH
Dr. Merle Emre
Freiberger Straße 37
01067 Dresden
Germany

Phone: +49 351 40470-150
Email: info@di-uni.de
Website: www.di-uni.de

You may create a user account on our website. As part of the registration process, users are informed of the required mandatory information, which is processed on the basis of Art. 6(1)(b) GDPR for the purpose of providing the user account. The data processed includes, in particular, login information such as name, password, and an email address. The data entered during registration is used for the purposes of using the user account and its intended purpose.

You may be informed by email about information relevant to your user account, such as technical changes. If users terminate their user account, their data relating to the user account will be erased, subject to any statutory retention obligation. It is the responsibility of users to back up their data before the end of the contract if the account has been terminated. We are entitled to irreversibly erase all user data stored during the term of the contract.

As part of the use of our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. This storage is based on our legitimate interests, as well as on your interest in protection against misuse and other unauthorized use.

As a general rule, this data is not disclosed to third parties unless disclosure is required to pursue our claims or there is a statutory obligation pursuant to Art. 6(1)(c) GDPR. IP addresses are anonymized or erased no later than after seven days.

You have the option to apply for degree programs on our website. Applications are submitted via the “DIU DIGIT@L” portal by providing your personal data and sending your application documents or via pdf formular. We process applicant data only for the purpose of and within the scope of the application process or the allocation of a study place in accordance with statutory requirements.

Applicant data is processed to fulfill our contractual or pre-contractual obligations within the application process within the meaning of Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR, insofar as data processing becomes necessary for us, for example in the context of legal proceedings. In Germany, Section 26 of the German Federal Data Protection Act (BDSG) also applies.

Applicant data generally includes your personal details, postal and contact addresses, and the documents belonging to the application, such as a cover letter, curriculum vitae, and certificates. Applicants may also voluntarily provide us with additional information.

By submitting your application to us, you agree to the processing of your data for the purposes of the application process in accordance with the nature and scope described in this privacy policy.

If special categories of personal data within the meaning of Art. 9(1) GDPR are voluntarily provided as part of the application process, they are also processed pursuant to Art. 9(2)(b) GDPR, for example health data such as severe disability status or ethnic origin. If special categories of personal data within the meaning of Art. 9(1) GDPR are requested from applicants as part of the application process, they are also processed pursuant to Art. 9(2)(a) GDPR, for example health data where this is required for professional practice.

Subject to a justified withdrawal by the applicant, erasure takes place once the purpose has been fulfilled or, if the applicant does not begin studying at Dresden International University, after a period of six months has expired, so that we can answer any follow-up questions about the application and meet our documentation obligations under the German General Equal Treatment Act.

We offer all interested individuals the opportunity to contact us via WhatsApp in order to receive advice on our degree programs and course offerings.

For this purpose, we have created a WhatsApp account that is used exclusively to provide consultation services. The legal basis for providing this service is Art. 6(1)(b) GDPR and, insofar as the use of WhatsApp is concerned, your consent pursuant to Art. 6(1)(a) GDPR, which is given by contacting us.

To safeguard all data protection interests, we will not store any personal data in the address book of the mobile phone used for our WhatsApp account. This data is kept exclusively in our CRM system, so that WhatsApp itself does not become aware of any data other than the data you have transmitted to the provider yourself.

With regard to all communication content, we refer to WhatsApp’s content encryption. Further information is also available at www.whatsapp.com/legal.

If you no longer wish to receive consultation or no longer wish to be contacted via WhatsApp, you may withdraw your consent at any time with effect for the future. The withdrawal may be sent directly to our WhatsApp account and to our general contact addresses.

Processing Purposes and Legal Basis

We process the personal data you provide for the initiation, maintenance, and administration of studies, for the use of services, and for compliance with statutory obligations.

This includes, in particular, the following processing purposes:

• application procedures and university admission,
• enrollment and exmatriculation,
• student administration,
• organization and administration of examinations,
• Study Advisory,
• communication/contact management and study-related event planning,
• where applicable, communication with practice partners, scholarship providers, funding bodies, etc.,
• where applicable, in the event of studies abroad, communication with the home or destination university,
• library,
• public relations,
• financial accounting, particularly tuition fees,
• IT administration and provision of IT services, including logging for security purposes where applicable,
• evaluation and quality management,
• documentation and evidence obligations imposed by law or regulation, as well as maintaining legally required registers and statistics.

Under certain circumstances, special categories of personal data pursuant to Art. 9 GDPR may also be processed. In the context of studies, this serves in particular to exercise rights or fulfill legal obligations under social security and social protection law, for example in the event of an accident. Processing of health data may also be necessary to assess your enrollment (§ 18(3) no. 5 SächsHSFG) and your ability to sit examinations, for example in the event of withdrawal due to illness.

As a general rule, all data is collected directly from you. Otherwise, you will be informed separately about collection from third parties pursuant to Art. 14 GDPR. Further information on specific processes can be found, where applicable, in the respective regulations, such as study and examination regulations, agreements, and other documents or forms.

The legal basis for data processing is the Saxon Higher Education Freedom Act (SächsHSFG) in conjunction with the Saxon Higher Education Personnel Data Ordinance (SächsHSPersDatVO) and the Saxon Data Protection Implementation Act (SächsDSDG). If we intend to process your personal data for a purpose not mentioned above, we will inform you in advance and, where necessary, obtain your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.

Recipients in the Event of Data Transmission

Your personal data is transmitted within DIU to the internal departments responsible for the above-mentioned purposes, or processed by them within the scope of the above-mentioned purposes.

Data is disclosed to third parties, in particular tax authorities, ministries, and similar bodies, as well as cooperation or practice partners, the home or destination university, funding bodies, scholarship providers, or potential employers where applicable, only insofar as this is required to achieve the processing purposes, you have given us or the third party corresponding consent, or we are legally required to transmit the data.

Service Providers

In addition, service providers used by us, particularly IT service providers, may access your data in order to fulfill their contractual duties with us. In these cases, it is contractually ensured that the data is not processed for any external purposes and is processed only on the instructions of DIU, through data processing agreements pursuant to Art. 28 GDPR.

Intended Transfer to Third Countries

As a general rule, we do not use service providers in third countries under data protection law. If this is unavoidable in individual cases, for example in the case of studies abroad or where no equivalent European provider is available, data transfers are carried out only if the special requirements of Art. 44 et seq. GDPR are met, for example through your consent or the conclusion of Standard Contractual Clauses. Further information is available from our data protection officer using the contact details provided above.

Storage Period

We process and store your data for as long as necessary to fulfill the above-mentioned purposes, in particular contractual and statutory obligations. If the data is no longer required to fulfill the purposes, it is regularly erased unless temporary further processing is required, for example due to statutory retention periods. The data referred to in § 18(2) SächsHSPersDatVO is also erased no later than 50 years after your exmatriculation. Further erasure periods are regulated by university regulations.

If data processing is based on consent, we erase the personal data concerned when the data subject withdraws consent and no other legal basis applies.

Information on Data Subject Rights Pursuant to Art. 15 et seq. GDPR

Data subjects may at any time request access to the personal data concerning them and, where applicable, rectification or erasure, restriction of processing, or object to processing. They also have a right to data portability. In addition, where data processing is based on consent, this consent may be withdrawn at any time with effect for the future.

For questions and to exercise your rights, our data protection officer is available using the contact details provided above.

Right to Lodge a Complaint With the Supervisory Authority

In addition, every data subject has the right pursuant to Art. 77 GDPR to lodge a complaint with a data protection supervisory authority if it is suspected that the processing of personal data is unlawful.

We process personal data of former students in order to maintain an active alumni network. This includes, in particular, the ability to contact you by email, provide information about events and participation formats, such as lectures, scholarships, and sponsorship, and support networking with the university and among alumni.

We use the data provided exclusively to inform you according to your interests, invite you specifically to suitable projects, and create anonymized analyses, for example by sector.

The legal basis is Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR (the university’s legitimate interest in maintaining long-term relationships with alumni, in particular to promote science, education, networks, and social exchange pursuant to § 13 SächsHSFG).

Data processing is based on voluntary information provided in the alumni form. Data is not disclosed to third parties without your express consent. You may object to the use of your data for alumni communication purposes at any time.

We have integrated a link to the company Facebook on our website. Facebook is a social network on which Dresden International University can also be found and contacted by you at any time.

As a social network, Facebook enables its users to communicate with one another and interact in a virtual space. It also serves as a platform for exchanging opinions and reports and enables the internet community to provide personal or company-related information.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If you live outside the United States or Canada, the controller responsible for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of this website operated by us and containing a Facebook link (Facebook plug-in) is accessed, your internet browser is automatically prompted by the respective Facebook component to download a display of the corresponding Facebook component from Facebook.

A complete overview of all Facebook plug-ins is available at developers.facebook.com/docs/plugins.

As part of this technical process, Facebook becomes aware of which specific subpage of our website you visit.

If you are logged into Facebook at the same time, Facebook recognizes each visit to our website and, for the entire duration of your stay on our website, which specific subpage of our website you have visited. This information is collected by the Facebook component and assigned by Facebook to your Facebook account.

If you click one of the Facebook buttons integrated into our website, for example the “Like” button, or leave a comment, Facebook assigns this information to your personal Facebook user account and stores this personal data.

Facebook always receives information via the Facebook component that you have visited our website if you are logged into Facebook at the same time as accessing our website. This happens regardless of whether you click the Facebook component or not.

If you do not want such information to be transmitted to Facebook, you can prevent this transmission by logging out of your Facebook account before accessing our website.

The privacy policy published by Facebook, available at facebook.com/about/privacy, provides information about the collection, processing, and use of personal data by Facebook. It also explains which settings Facebook offers to protect your privacy. In addition, various applications are available that make it possible to suppress data transmission to Facebook.

You may use such applications to suppress data transmission to Facebook.

Opt-out: facebook.com/settings?tab=ads and youronlinechoices.com.

Privacy Shield: privacyshield.gov participant entry.

We have integrated a link to the Instagram internet service on our website. Instagram is a platform that enables users to share photos and videos and also to redistribute such data on other social networks.

The operating company of Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Each time one of the individual pages of this website operated by us and containing an Instagram component (Insta button) is accessed, your internet browser is automatically prompted by the respective Instagram component to download a display of the corresponding Instagram component. As part of this technical process, Instagram becomes aware of which specific subpage of our website you visit.

If you are logged into Instagram at the same time, Instagram recognizes with each visit to our website and for the entire duration of your stay on our website which specific subpage you visit. This information is collected by the Instagram component and assigned by Instagram to your Instagram account.

If you click one of the Instagram buttons integrated into our website, the data and information transmitted in this way is assigned to your personal Instagram user account and stored and processed by Instagram.

Instagram always receives information via the Instagram component that you have visited our website if you are logged into Instagram at the same time as accessing our website. This happens regardless of whether you click the Instagram component or not.

If you do not want such information to be transmitted to Instagram, you can prevent this transmission by logging out of your Instagram account before accessing our website.

Further information and Instagram’s applicable privacy provisions are available at help.instagram.com and instagram.com/about/legal/privacy.

Opt-out: instagram.com/about/legal/privacy

In addition to Facebook, we use Meta Pixel on our website.

Meta Pixels allow Meta, on the one hand, to determine you as a visitor to our online offering as a target group for the display of advertisements, known as Meta Ads. Accordingly, we use Meta Pixel to display the Meta Ads placed by us only to Facebook or Instagram users who have also shown an interest in our online offering or who have certain characteristics, such as interests in specific topics or products determined based on the websites visited, that we transmit to Meta, known as Custom Audiences. With the help of Meta Pixel, we also want to ensure that our Meta Ads correspond to the potential interests of users and do not appear intrusive.

With the help of Meta Pixel, we can also track the effectiveness of Meta advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta advertisement, known as conversion.

If you do not agree to this collection of your data, please follow the guidance provided by Facebook on settings for usage-based advertising.

As part of our online marketing activities, we use so-called lead generation forms (“Lead Gen Forms”) on Meta platforms (Facebook and Instagram). Through these forms, you can provide us with personal data, such as name, email address, and telephone number, directly within the respective platform.

The data requested in the form on a voluntary basis is processed exclusively for the stated purpose, for example contacting you or sending information. Processing is based on your express consent pursuant to Art. 6(1)(a) GDPR. You may withdraw this consent at any time with effect for the future. This personal data is not disclosed to third parties.

As part of the Lead Gen Forms, you are referred to this privacy policy before submitting your data and are given the opportunity to view it. Your data is transmitted directly from Meta to us. We process your data exclusively internally and do not disclose it to third parties.

You have the right at any time to obtain access to the data stored about you, to have it rectified or erased, and to object to processing. Further information about your rights and data processing can be found in this privacy policy.

Note: The privacy policy of Meta Platforms Ireland Limited also applies to the use of Meta Lead Gen Forms and can be viewed at facebook.com/privacy/policy.

We have integrated the Google Analytics component, with anonymization function, on our website. Google Analytics is a web analytics service. Web analytics means the collection, compilation, and evaluation of data about the behavior of visitors to websites.

A web analytics service records, among other things, data about the website from which you came to a website, known as the referrer, which subpages of the website were accessed, or how often and for how long a subpage was viewed. Web analytics is primarily used to optimize a website and to carry out a cost-benefit analysis of internet advertising.

The provider of Google Analytics is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

For web analytics via Google Analytics, we use the “_gat._anonymizeIp” extension. By means of this extension, your internet connection’s IP address is shortened and anonymized by Google if access to our website takes place from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze visitor flows on our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing activities on our websites, and to provide other services related to the use of our website.

Google Analytics places a cookie on your information technology system. Cookies are explained in the section “Our Use of Cookies.” By placing the cookie, Google is enabled to analyze the use of our website.

Each time one of the individual pages of this website operated by us and containing a Google Analytics component is accessed, the internet browser on your information technology system is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis.

As part of this technical process, Google becomes aware of personal data, such as your IP address, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently enable commission accounting.

Through this measure, personal information may be stored, such as the access time, the location from which access originated, and the frequency of your visits to our website. Each time you visit our website, your personal data, including the IP address of the internet connection you use, may be transferred to and stored by Google, including, where applicable, in the United States of America.

Google may disclose the personal data collected via this technical process to third parties under certain circumstances.

As described above, you may prevent the setting of cookies at any time by adjusting the settings of the internet browser you use and thereby permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from placing a cookie on your information technology system. In addition, a cookie already placed by Google Analytics may be deleted at any time via the internet browser or other software programs.

You may also object to and prevent the collection of data generated by Google Analytics relating to your use of this website and the processing of this data by Google. To do so, you must download and install a browser add-on from tools.google.com/dlpage/gaoptout.

This browser add-on informs Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google to be an objection. If your information technology system is later deleted, formatted, or reinstalled, you must reinstall the browser add-on in order to deactivate Google Analytics.

If the browser add-on is uninstalled or deactivated by you or by another person attributable to your sphere of control, the browser add-on can be reinstalled or reactivated.

Further information and Google’s applicable privacy provisions are available at google.de/intl/de/policies/privacy and google.com/analytics/terms. Google Analytics is explained in more detail at google.com/analytics.

Google Tag Manager is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google’s privacy policy can be found at policies.google.com/privacy.

We use the AI model “Nano Banana Pro” (provided by Google Ireland Limited) to create and optimize our advertising materials as part of Google Ads.

1. Purpose of Processing: The use serves to create visual content (images/graphics) in order to present our degree programs in an appealing way. No personal data is used for image generation.
2. Labeling and Metadata: AI-generated images contain technical watermarks, such as Google SynthID, and metadata (C2PA) to make the origin of the content transparent and traceable in accordance with the requirements of the EU AI Act.
3. Legal Basis: Use is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in the modern and efficient design of our marketing activities.
4. Recipients of the Data: When using the tool, anonymized prompts (text commands) are transmitted to Google. Personal data of users of our website is not transmitted to the AI model.

Our website is operated, among other things, through the use of cookies. Cookies are text files that are placed and stored on your computer system via your internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish your individual browser from other internet browsers that contain other cookies.

A specific internet browser can be recognized and identified by the unique cookie ID.

By using cookies, our website can provide you with more user-friendly services that would not be possible without the setting of cookies.

Using a cookie, the information and offers on our website can be optimized in your interest. Cookies therefore allow us to recognize you. They are small files that are placed when websites are visited. With their help, your internet browser remembers that you have already visited our website once.

The purpose of this recognition is to make it easier for users to use our website. For example, when you use our website, you do not have to enter your login details each time you visit because this is handled by our website and the cookie stored on your computer system.

You may prevent the setting of cookies by our website at any time by adjusting the settings of the internet browser you use and thereby permanently object to the setting of cookies. In addition, cookies that have already been set may be deleted at any time via your internet browser or other software programs. This is possible in all common internet browsers.

If you deactivate the setting of cookies in the internet browser you use, not all functions of our website may be fully usable under certain circumstances.

We currently use the following cookies:

Google Search Console is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google’s privacy policy can be found at policies.google.com/privacy.

Our website uses map material from Google Maps. The use of this component requires Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), to receive users’ IP addresses. Without the IP address, Google would not be able to send the content to the respective user’s browser. The IP address is therefore required to display this content.

We make efforts to use only content for which Google uses the IP address solely to deliver the content. However, we have no influence over what happens to your data outside our sphere of influence, for example if Google stores the IP address for statistical purposes. To the extent this is known to us, we inform users about it.

The Terms of Service for Google Maps can be found at Google Maps Terms of Service.

Please also note the opt-out option: adssettings.google.com/authenticated.

To provide you with a more interesting browsing experience on our website, we have integrated YouTube videos on our pages. YouTube is an internet video portal that allows video publishers to post video clips free of charge and allows other users to view, rate, and comment on them free of charge.

YouTube permits the publication of all types of videos, which means that full films and television programs, music videos, trailers, and videos created by users themselves can be accessed via the internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time one of the individual pages of this website operated by us and containing such a YouTube video is accessed, your internet browser is automatically prompted by the respective YouTube component to download a display of the corresponding YouTube component from YouTube. Further information about YouTube is available at youtube.com/yt/about.

As part of this technical process, YouTube and Google become aware of which specific subpage of our website you visit.

If you are logged into YouTube at the same time, YouTube recognizes, when you access a subpage containing a YouTube video, which specific subpage of our website you are visiting. This information is collected by YouTube and Google and assigned to your YouTube account.

YouTube and Google always receive information via the YouTube video that you have visited our website if you are logged into YouTube at the same time as accessing our website. This happens regardless of whether you click a YouTube video or not.

If you do not want such information to be transmitted to YouTube and Google, you can prevent this transmission by logging out of your YouTube account before accessing our website.

The privacy provisions published by YouTube, available at google.de/intl/de/policies/privacy, provide information about the collection, processing, and use of personal data by YouTube and Google.

Opt-out: adssettings.google.com/authenticated.

Privacy Shield: privacyshield.gov participant entry.

We have also integrated a link to our presence at LinkedIn Corporation on our website. LinkedIn is an internet-based social network that enables users to connect with existing business contacts and establish new business contacts.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For data protection matters outside the United States, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

Each time our website is accessed with a LinkedIn component (LinkedIn plug-in), this component causes the browser you use to download a corresponding display of the LinkedIn component. Further information about LinkedIn plug-ins is available at developer.linkedin.com/plugins.

As part of this technical process, LinkedIn becomes aware of which specific subpage of our website you visit.

If you are logged into LinkedIn at the same time, LinkedIn recognizes with each visit to our website and for the entire duration of your stay on our website which specific subpage of our website you visit. This information is collected by the LinkedIn component and assigned by LinkedIn to your LinkedIn account.

If you use a LinkedIn button integrated into our website, LinkedIn assigns this information to your personal LinkedIn user account and stores this personal data.

LinkedIn always receives information via the LinkedIn component that you have visited our website if you are logged into LinkedIn at the same time as accessing our website. This happens regardless of whether you click the link or not.

If you do not want such information to be transmitted to LinkedIn, you can prevent this transmission by logging out of your LinkedIn account before accessing our website.

LinkedIn offers the option to unsubscribe from email messages, SMS messages, and targeted ads and to manage ad settings at linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may set cookies. Such cookies can be rejected at linkedin.com/legal/cookie-policy.

LinkedIn’s applicable privacy policy is available at linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy is available at linkedin.com/legal/cookie-policy.

Opt-out: linkedin.com/psettings/guest-controls/retargeting-opt-out.

Privacy Shield: privacyshield.gov participant entry.

We use the LinkedIn Insight Tag on our website, an analytics and marketing tool from LinkedIn, to measure the effectiveness of our LinkedIn advertising, record conversions, and retarget visitors to our website on LinkedIn. The Insight Tag is JavaScript code that enables LinkedIn to process information about the use of our website.

LinkedIn describes the Insight Tag as a tool for campaign reporting, conversion tracking, retargeting, and additional insights about website visitors.

In particular, information about pages viewed, actions performed, technical information about the browser and device, IP address, timestamp, and cookie or similar identifiers may be processed. The Insight Tag is cookie-based; implementation documentation also describes that first-party cookies may be used.

The LinkedIn Insight Tag is used only on the basis of your consent pursuant to Art. 6(1)(a) GDPR and, where required, § 25(1) TDDDG. You may withdraw your consent at any time with effect for the future via our privacy settings.

Further information about data processing by LinkedIn can be found in LinkedIn’s privacy notice.

As part of our online marketing activities, we use so-called lead generation forms (“Lead Gen Forms”) on the LinkedIn platform. Through these forms, you may voluntarily provide us with personal data, such as name, email address, and telephone number, directly within LinkedIn.

The data requested in the form is processed exclusively for the respectively stated purpose, for example contacting you or sending information. Processing is based on your express consent pursuant to Art. 6(1)(a) GDPR. You may withdraw this consent at any time with effect for the future. Your personal data is not disclosed to third parties.

Before submitting your data via the LinkedIn Lead Gen Form, you are referred to this privacy policy and given the opportunity to view it. Your data is transmitted directly from LinkedIn to us. We process your data exclusively internally and do not disclose it to third parties.

You have the right at any time to obtain access to the data stored about you, to have it rectified or erased, and to object to processing. Further information about your rights and data processing can be found in this privacy policy.

Note: The privacy policy of LinkedIn Ireland Unlimited Company also applies to the use of LinkedIn Lead Gen Forms and can be viewed at linkedin.com/legal/privacy-policy.

We use the Reddit Pixel on our website, an analytics tool from Reddit, to measure the effectiveness of our advertising on Reddit and optimize our ads. It may be used to track which actions users perform on our website after they have viewed or clicked on a Reddit ad.

In particular, information about pages visited, actions performed, technical device and browser data, IP address, and cookie or similar identifiers may be processed.

The Reddit Pixel is used only on the basis of your consent pursuant to Art. 6(1)(a) GDPR and, where required, § 25(1) TDDDG. You may withdraw your consent at any time with effect for the future via our privacy settings.

Further information about data processing by Reddit can be found in Reddit’s privacy notice.

We use the Microsoft Advertising UET Tag (Universal Event Tracking) on our website, an analytics and marketing tool from Microsoft, to measure the effectiveness of our advertising, record conversions, and create audiences for remarketing. Microsoft describes UET as a tool that can be used to track which actions users perform on our website after clicking on an ad.

In particular, information about pages viewed, actions performed, technical information about the browser and device, IP address, timestamp, and cookie or similar identifiers may be processed. Microsoft describes UET as a tag that is installed on the website to transmit user activity to Microsoft Advertising.

The Microsoft Advertising UET Tag is used only on the basis of your consent pursuant to Art. 6(1)(a) GDPR and, where required, § 25(1) TDDDG. For the EEA and the United Kingdom, Microsoft also presents Consent Mode as the relevant mechanism for taking consent decisions into account.

Further information about data processing by Microsoft can be found in Microsoft’s privacy notice and in the information on Microsoft Advertising.

We have also integrated a link to XING on our website. XING is also a social network that enables registered users to connect with existing business contacts and establish new business contacts. Individual users can create a personal profile on XING. Companies can, for example, create company profiles or publish job offers on XING.

The operating company of XING is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

When our website containing the XING button (XING plug-in) is accessed, your internet browser is automatically prompted by the respective XING component to download a display of the corresponding XING component from XING. Further information about XING plug-ins is available at dev.xing.com/plugins. As part of this technical process, XING becomes aware of which specific subpage of our website you visit.

If you are logged into XING at the same time while visiting our website, XING recognizes which specific subpage of our website you continue to visit. This information is collected by the XING component and assigned by XING to your XING account.

XING always receives information via the XING component that you have visited our website if you are logged into XING at the same time as accessing our website. This happens regardless of whether you click the XING component or not.

If you do not want personal data to be transmitted to XING, you can prevent such transmission by logging out of your XING account before accessing our website.

The privacy provisions published by XING, available at xing.com/privacy, provide information about the collection, processing, and use of personal data by XING. XING has also published privacy information for the XING Share Button at xing.com/app/share?op=data_protection.

Opt-out: privacy.xing.com.

Art. 6(1)(a) GDPR serves as the legal basis for the processing operations mentioned above where we obtain your consent for a specific processing purpose. If processing of personal data is necessary, for example, for the performance of a contract between you and us, such processing is based on Art. 6(1)(b) GDPR.

The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our company and our services.

If our company is subject to a legal obligation that requires the processing of personal data, for example to fulfill tax obligations, processing is based on Art. 6(1)(c) GDPR.

It may also occur that the processing of personal data becomes necessary in order to protect your vital interests or the interests of another natural person.

Finally, processing operations may be based on Art. 6(1)(f) GDPR. This legal basis applies to processing operations that are not covered by any of the aforementioned legal bases if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that your interests, fundamental rights, and freedoms do not override that interest.

Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator.

If the processing of personal data is based on Art. 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our customers, employees, and shareholders.

The criterion for the duration of storage of personal data is the respective statutory retention period. After this period expires, the corresponding data is routinely erased, provided it is no longer required for the performance or initiation of a contract.

We inform you that the provision of personal data may in part be legally required, for example under tax regulations, or may also result from contractual provisions, for example information about the contractual partner. In addition, it may be necessary for the conclusion of a contract that you provide us with personal data that must subsequently be processed by us.

For example, you are obliged to provide us with personal data if our company enters into a contract with you. Failure to provide the personal data would mean that the contract could not be concluded.

Before providing your personal data, you should contact one of our employees. Our employee will clarify for you on a case-by-case basis whether the provision of your personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what consequences failure to provide the personal data would have.

Consent to the processing of personal data may be given only by an adult. For information society services, a child’s consent is permitted from the age of sixteen pursuant to Art. 8 GDPR.

Finally, we would like to inform you that we do not use automated decision-making or profiling.

If you use an online form on our website to inquire about or register for a course we process the personal data you provide in that form. This may include, in particular, your course selection, name, email address, telephone number, information on previous knowledge and experience, and your current position or job title.

We process this data in order to handle your inquiry or registration, review participation- or admission-related information, contact you regarding the selected course, and prepare or carry out your participation or a potential contractual relationship.

The legal basis for this processing is Art. 6(1)(b) GDPR, insofar as the processing is necessary for the performance of pre-contractual measures or for the performance of a contract. Where we process data to comply with statutory retention obligations, the legal basis is Art. 6(1)(c) GDPR. Where additional internal documentation or follow-up is required, the processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.

The data is shared internally with the responsible staff members, in particular in student advisory services, course organisation or the professional review of participation requirements. Data is only disclosed to external third parties where this is necessary to process your inquiry or registration, where there is a legal obligation to do so, or where service providers are used on the basis of a data processing agreement.

We store the data submitted via the form only for as long as necessary to process your inquiry, conduct the course or comply with statutory retention obligations. If no course participation or contractual relationship is established, the data will be deleted as soon as it is no longer required for the purposes stated above, unless statutory retention obligations or legitimate interests prevent deletion.

The provision of the data marked as mandatory is required in order for us to process your inquiry or registration. Without this information, processing may not be possible or may only be possible to a limited extent. Further information on your rights can be found in the general sections of this Privacy Policy.

We use Microsoft Clarity, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, on our website.

Microsoft Clarity enables us to analyse how visitors use our website. In particular, information may be processed about how users interact with our website. This may include pages visited, clicks, scrolling behaviour, mouse movements, time spent on pages, technical information about the device and browser used, and interactions with individual page elements. The analysis is carried out in particular by means of heatmaps and session replays. The purpose is to improve the usability, structure and technical quality of our website.

Microsoft Clarity may use cookies and similar technologies. Pseudonymous identifiers may be used to assign individual page views to a session and to create aggregated usage analyses. According to Microsoft, Clarity cookies are typically used to store pseudonymous user and session identifiers and to associate interaction data.

Microsoft Clarity is used only on the basis of your consent. The legal basis is Art. 6(1)(a) GDPR. Where information is stored on or accessed from your device, this is based on Section 25(1) TDDDG. You can withdraw your consent at any time with effect for the future via our cookie settings.

When using Microsoft Clarity, a transfer of personal data to Microsoft in the USA or other third countries cannot be excluded. According to Microsoft, the data is processed in accordance with the applicable data protection requirements. Further information on data processing by Microsoft can be found in Microsoft’s privacy information.