Privacy

Privacy Policy

WHU – Otto Beisheim School of Management, Burgplatz 2, 56179 Vallendar (“WHU”) is happy to welcome you on our website.

 

General information about the processing of personal data

Below we inform you about the processing of your personal data when visiting our website.

Responsible according to Art. 4 (7) of the EU General Data Protection Regulation (“GDPR”) is WHU – Otto Beisheim School of Management, Burgplatz 2, 56179 Vallendar (see our imprint or e-mail: datenschutz(at)whu.edu).

You can contact our data protection officer with the data provided at the end of this Privacy Policy.

If we use contracted service providers for specific offerings or would like to use your data for advertising purposes, we will inform you in detail below about the respective procedures. In doing so, we also name the specified criteria for the storage duration.

Personal data

Personal data is any information that relates to an identified or identifiable natural person. A natural person is considered to be identifiable if, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, that expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person, can be identified.

This includes, for example, information such as your name, address, telephone number, language, location, e-mail address, bank details and date of birth.

Processing of personal data

When processing data, we handle your personal data responsibly and confidentially. Therefore, your personal data will of course be processed in compliance with the applicable national (in particular BDSG) and European data protection regulations (in particular GDPR), as described below.

Such processing of personal data applies to any operation performed with or without the aid of automated procedures or in any series of procedures related to personal data. In particular, data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

If we use a processor for the processing of your personal data, we conclude a data processing contract with them, which fulfills all the requirements of Art. 28 GDPR.

Automated decision-making in individual cases including profiling according to Art. 22 GDPR does not take place.

Purpose of processing personal data when visiting our website

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the requirement (concrete page)
  • Access Status / HTTP status code
  • Transmitted amount of data
  • Website that the request comes from
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

We process personal data in accordance with the requirements and conditions set out below in the context of automated processing. The purpose of processing your personal data is limited to the respective purposes.

In the case of merely informative use of the website, for example, if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you visit our website, we collect the following data that is technically necessary for us to show you our website and to ensure the stability and security (legal basis is Art. 6 para. 1 sentence 1 lt. f GDPR):

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and by which the place/site that sets the cookie (here us) receives certain information. Cookies can not run programs or transmit viruses to your computer. They generally serve by making the internet offerings more user-friendly and effective. The use of cookies is described below under the heading “Use of cookies”.

Use of Cookies

This website uses the following types of cookies, their scope and operation are explained below:

  • Transient cookies
  • Persistent cookies

Transient cookies are automatically deleted once you close the browser. In particular these include the session cookies. These store a session ID, with which various requests from your browser can be allocated to a common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please be aware that you may not be able to use all features of this site in that case.

We use cookies to identify you for follow-up visits if you have an account with us. Otherwise you would have to log in again for each visit.

Duration of data processing

The maximum duration of storage depends on the purpose of the respective data processing. The duration of the storage depends on the time required for the processing to fulfill the respective purpose or to fulfill legal obligations. The statutory storage obligations according to sec. 257 German Commerical Code (“HGB”) and sec. 147 German Tax Code (“AO”) (6 or 10 years) remain unaffected.

Recipient of personal data

If we use a processor for the processing of your personal data, we conclude a contract processing contract with the processor, which fulfills all the requirements of Art. 28 GDPR. The individual data processing versions are shown below.

Any further transmission of your personal data will not take place unless explicitly stated below.

Use of social media plug-ins

We currently use the following social media plug-ins: Facebook, Xing, Youtube, LinkedIn, Twitter, Instagram, Google+, Flickr, skype (for business), iTunes U

We use the two-click solution. In other words, when you visit our site, no personal data is initially passed on to the providers of the plug-ins. The provider of the plug-in can be identified by the marking on the box above its initial letter or by its logo. We provide you with the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and activate it, the provider of the plug-in receives the information that you have accessed the corresponding website of our online service. In addition, the above-mentioned data and possibly cookies are transmitted to the provider. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, personal data will be transmitted by you to the respective plug-in provider and stored there (with US providers in the USA). Since the plug-in provider carries out the data collection, in particular via cookies, we recommend that you delete all cookies before clicking on the greyed-out box via the security settings of your browser.

We have no influence on the collected data and data processing operations, nor are we aware of the full extent of data collection, the purpose of the processing, the retention periods. We also have no information on how to delete the data collected by the plug-in provider.

The plug-in provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and / or customized website design. Such an evaluation is carried out in particular (also for non-logged-in users) for the presentation of customized advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise it. Through the plug-ins we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user.

The legal basis is Art. 6 para. 1 sentence 1 lt. f GDPR.

The data transfer takes place regardless of whether you have an account with the plug-in provider and whether you are logged in. If you are logged in, the data collected from us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it with your contacts publicly. We recommend logging out regularly after using a social network, but especially before activating the button, as this will prevent your data from being associated with your profile with the plug-in provider.

For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy declarations of these providers provided below. There you will also find further information about your rights and settings options for the protection of your privacy.

Addresses of the respective plug-in providers and URL with their privacy notices:

Facebook Inc., 1601 S California Ave., Palo Alto, California 94304, USA, http://www.facebook.com/policy.php  For more information about data collection: http://www.facebook.com/help/186325668085084 http://www.facebook.com/help/186325668085084  //www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo Facebook has joined the EU-US Privacy -Shield subject, https://www.privacyshield.gov/EU-US-framework 

Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany, http://www.xing.com/privacy 

YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, Represented by: Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, https://policies.google.com/privacy?hl=en&gl=de 

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, https://help.instagram.com/155833707900388/?helpref=hc_fnav&bc[0]=instagramhelp&bc[1]=privacy%20and%20security 

Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, United States, https://twitter.com/privacy Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework 

Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA, https://www.google.com/policies/privacy/partners/?hl=en Google has submitted to the EU-US Privacy Shield, https: //www.privacyshield.gov/EU-US-Framework 

Flickr, Oath (EMEA) Limited, 5-7 Point Square, North Wall Quay, Dublin 1, https://policies.yahoo.com/privacy/flickr/ 

Skype (for business), One Microsoft Way, Redmond, WA 98052-6399, USA, https://privacy.microsoft.com/en-us/privacystatement 

iTunes U, Apple Inc., Infinite Loop, Cupertino, CA 95014, USA, https://www.apple.com/legal/privacy/en-ww/

Integration of YouTube Videos

We have included YouTube videos in our online offering, which are saved on www.YouTube.com and are directly playable on our website. These are all incorporated in the “extended privacy mode”, which means that none of your user data is transferred to YouTube if you are not playing the videos. Only when you play the videos, the above data will be transmitted. We don’t have any influence on this data transfer.

By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned above in this statement will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube saves your data as usage profiles and uses them for advertising, market research and / or custom design of its website. Such an evaluation is done in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have a right to object to the creation of these usage profiles, but you need to get in touch with YouTube in order to do so.

For more information on the purpose and scope of your data collection and processing through YouTube, please read the respective privacy policy. You’ll also get more information about your rights and privacy settings here: www.google.com/intl/en/policies/privacy. Google also processes your personal information in the US and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US Framework.

Integration of Google Maps

On this website we use Google Maps. This allows us to show you interactive maps directly on the website and enable you to conveniently use the map feature.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned above in this statement and, if applicable, cookies are transmitted. This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research, and / or tailor-made website design. Such an evaluation is done (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact respective provider to exercise this right.

For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the provider’s privacy policy. You can also find more information about your rights and privacy settings here: http://www.google.com/intl/en/policies/privacy. Google also processes your personal information in the United States and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

The legal basis is Art. 6 para. 1 sentence 1 lt. f GDPR.

Contact form

When you contact us by e-mail or through a contact form, we will collect the personal information you provide (e-mail address, first name, last name and, if applicable, your telephone number) to answer your questions. We will delete data for these purposes after storage is no longer required, or limit the processing if there are statutory retention requirements.

The legal basis is Art. 6 para. 1 sentence 1 lt. f GDPR.

Application form

When you contact us via our application form, we will store the personal data you provide in order to verify your application and to complete the application process. The legal basis is Art. 6 para. 1 sentence 1 lt. b GDPR. We will delete the related data after storage is no longer required (no longer than 6 months after your application has been rejected), or restrict processing in the case of statutory retention requirements.

Newsletter

With your voluntary consent, you can subscribe to our newsletter, which informs you about our current products and services. The advertised products and services are named in the declaration of consent.

To register for our newsletter, we use the double-opt-in procedure. This means that after you have registered, we will contact you on the e-mail address specified asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 14 days, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of this is to prove your registration and, if necessary, to inform you about possible misuse of your personal data.

The only requirement for sending the newsletter is your e-mail address. The specification of additional, separately marked, data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter.

Legal basis is Art. 6 para. 1 sentence 1 lt. GDPR in combination with Art. 7 GDPR.

You can revoke your consent to the sending of the newsletter at any time and unsubscribe. You can declare the revocation by clicking on the link provided in each newsletter e-mail, by e-mail to datenschutz(at)whu.edu, or by sending a message to the contact details stated in the imprint.

To send our newsletter, we use the e-mail tool CleverReach, which is operated by CleverReach GmbH & Co. KG, Rastede, Germany. Your data is also processed by CleverReach on basis of a data processing contract according to Art. 28 GDPR. CleverReach offers evaluation options on how the newsletters are opened and used. Your data will not be passed on to other third parties for the receipt of the newsletter and CleverReach does not acquire any right to transfer your data.

Furthermore, the newsletter software Newsletter2Go is used. Your data will be transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling and using your data for purposes other than sending newsletters. Newsletter2Go is a German, certified provider, which was selected according to the requirements of the General Data Protection Regulation and the Federal Data Protection Act. Further information can be found here: www.newsletter2go.de/informationen-newsletter-empfaenger/ Your data will also be processed by Newsletter2Go on basis of a data processing contract according to Art. 28 GDPR.

The granted consent to the storage of the data, the e-mail address and their use for sending the newsletter can be revoked at any time, for example via the “unsubscribe” link in the newsletter. The data protection measures are always subject to technical renewal, for this reason, we ask you to inform yourself about our data protection measures at regular intervals by reviewing our privacy policy.

Pardot Marketing Automation System

We use the Pardot Marketing Automation System (“Pardot MAS”) from Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (“Pardot”) on our websites. Pardot is a software that collects and evaluates the use of a website, by website visitors. Insofar as Pardot LLC processes personal data, the processing takes place exclusively on our behalf and in accordance with our instructions. A data processing contract according to Art. 28 GDPR has been established.

When visiting our website, the Pardot MAS captures your click path and creates an individual usage profile using a pseudonym. For this purpose, cookies are used to enable the recognition of your browser. By agreeing to the use of cookies when you first use our website with the confirmation of the Cookie Acceptance Banner, or by the continued use of our website, you also agree to the use of cookies by Pardot.

Legal basis is Art. 6 para. 1 sentence 1 lt. f GDPR.

Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted and stored at a Google server in the USA. However, if IP address anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. It is only in exceptional cases that the full IP address will be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website usage and internet usage to the website operator. A data processing contract according to Art. 28 GDPR has been established.

The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website fully. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google by using the browser plug-in available under the following link to download and install: http://tools.google.com/dlpage/gaoptout?hl=de.

The legal basis is Art. 6 para. 1 sentence 1 lt. f GDPR.

Use of CrazyEgg

This website uses CrazyEgg, a web analytics service from Crazy Egg, Inc., 16220 E. Ridgeview Lane, La Mirada, CA 90638, USA.

These analytics services allow you to use cookies to analyze how you use the website (for example, which content is clicked on). When using the analysis services, no personal data will be processed. Only usage profiles are created when using pseudonyms. You can retrieve an analysis (opt-out option) at the following link: https://www.crazyegg.com/opt-out

The legal basis is Art. 6 para. 1 sentence 1 lt. f GDPR.

Use of Sistrix

This website uses Sistrix, a web analysis service of SISTRIX GmbH, Thomas-Mann-Straße 37, 53111 Bonn, Germany.

This is an analysis tool to improve the searchability of our website in search engines. When creating this plugin, it was explicitly ensured that all data is encrypted (https). This plugin makes search queries to sistrix.de and sends an affiliate code with every search request to sistrix.de to support our developers of the website. The developer is to the best of his knowledge, however, under no circumstances able to view the requests made. Further information on the processing of data by Sistrix can be found at https://www.sistrix.de/sistrix/datenschutz/.

The legal basis is Art. 6 para. 1 sentence 1 lt. f GDPR.

Use of Google Adwords Conversion

We use the services of Google Adwords, in order to draw attention to our offers with the aid of advertising media (Google Adwords) on external web pages. In relation to the data of the advertising campaigns, we are able to determine how successful the individual advertising measures are. The aim of this is to present advertisements that are of interest to you, to design our website in a way that it is of more relevance to you and to attain a fair calculation of advertising costs.

These advertising media are supplied by Google via “ad servers”. For this purpose, we use ad server cookies, which enable the measurement of certain performance metrics such as the display of ads or user clicks. If you access our website through a Google ad, Google Adwords will store a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. Linked to each cookie, a unique cookie ID, the number of ad impressions per placement (Frequency), the last impression (relevant for post-view conversions), as well as opt-out information (a note that the user does not want to be addressed any longer)  are typically saved.

These cookies allow Google to recognize your Internet browser. If a user visits certain pages of an Adwords customer’s website and the cookie stored on their computer has not yet expired, Google and the customer will be able to detect that the user clicked on the ad and was redirected to those pages. Each Adwords customer is assigned a different cookie. Thus, cookies can not be tracked via the websites of Adwords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We merely receive statistical evaluations provided by Google. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media, in particular we can not identify the users on the basis of this information.

By reason of the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no control over the extent and the further use of the data, collected by Goolge through the employment of this tool and thus inform you according to our state of knowledge: By the incorporation of AdWords conversion, Google receives the information that you visited the respective part of our Internet appearance or clicked on one of our ads. Provided that you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will learn and store your IP address.

You can prevent participation in this tracking process in several ways: a) by adjusting your browser software accordingly, in particular, the suppression of third-party cookies will prevent you from receiving any third-party ads; b) by disabling the cookies for conversion-tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, www.google.com/settings/ads, whereby this settings will be deleted upon the deletion of your cookies; c) by deactivating the interest-based advertisements of the providers that are part of the “About Ads” self-regulation campaign via the link www.aboutads.info/choices, whereby this setting will be deleted upon deletion of your cookies; d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome via the link www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all the features of this offer in full.

The legal basis is Art. 6 para. 1 sentence 1 lt. f GDPR.

For more information about data privacy at Google, see http://www.google.com/intl/en/policies/privacy and https://services.google.com/sitestats.html. Alternatively, you can visit the Network Advertising Initiative (NAI) web site at http://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Google Remarketing

In addition to Adwords Conversion, we use the Google Remarketing application. This is a process by which we aim to address you again. The application allows you to see our ads after visiting our website as you continue to use the Internet. This is done by means of using cookies stored in your browser, through which your usage behavior when visiting various websites is recorded and evaluated by Google. In this way, Google is able to detetct your previous visit to our homepage. A combination of the data collected during the remarketing with your personal data, which may be stored by Google, does not occur according to Google. In particular, pseudonymization is used in remarketing according to Google.

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lt. f GDPR.

Place of data processing

The processing of your personal data by us takes place in principle in Germany or in member states of the European Union, so long as a transfer of your personal data to states outside the member states of the European Union (third states) or other international organizations has not been presented in the aforementioned cases.

Safety / Technical and organizational measures

We take all necessary technical and organizational measures in accordance with the provisions of Articles 24, 25 and 32 GDPR in order to protect your personal data from misuse and loss, destruction, access, modification or disclosure by unauthorized persons.

In this way, we comply with the legal requirements for pseudonymizing and encrypting personal data, the confidentiality, integrity, availability and resilience of systems and services related to processing, the availability of personal data and the ability to rapidly restore them in the event of a physical or technical incident as well as the establishment of procedures for periodic tests, assessment and evaluation of the effectiveness of technical and organizational measures to ensure the safety of processing.

Furthermore, we also follow the requirements of Art. 25 GDPR with regard to the principles of “privacy by design” (data protection by means of technical design) and “privacy by default” (data protection by means of privacy-friendly default settings).

Your rights

You have a right to free information (right of access) about your personal data as well as, subject to the relevant conditions, a right to rectification, blocking and eraser of your data, to the restriction of processing, to data portability as well as a right of objection.

You also have the opportunity to complain to the relevant regulatory authority.

If you have any questions regarding the processing of your personal data or questions related to the aforementioned rights as well as suggestions, please contact our external data protection officer:

Dr. Dornbach Consulting GmbH
Anton-Jordan-Straße 1
56070 Koblenz
Tel .: +49 (0) 261 9431-441
Fax: +49 (0) 261 9431-445
E-Mail: datenschutz(at)whu.edu 

As of: September 2019