Privacy Statement

Skillpipe Privacy Policy Website according to DSGVO and FDPA

The data protection instructions fulfill the information requirements according to the requirements of Item 12 ff. of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) and provide an overview of the processing of your personal data (on this website).

1. Who is responsible for the processing of my data?

Arvato Distribution GmbH
Carl-Bertelsmann-Straße 23
33332 Gütersloh
Germany

Telephone: +49 5241-80 0
E-mail to: info@arvato.com

is responsible for the processing of this data (hereinafter referred to as “Company”). The Company has collected personal data in connection with the DSGVO and the Federal Data Protection Act (hereinafter referred to as “FDPA”).

You can reach the data protection officer of the Company under the address above with the addition “To the data protection officer” or via email: [datenschutz@bertelsmann.de].

2. Which data is collected?

When you visit the website, the computer automatically collects information (hereinafter referred to as “access data”). This access data includes server log files, which usually consist of information about the browser type and version, the operating system, the Internet service provider, the date and time of use of the web page, previously visited web pages and other websites accessed for the first time via the website, as well as the IP address of the computer. With the exception of the IP address, the server log files are not personally identifiable. An IP address is personally identifiable when the IP address has been permanently assigned when using the internet connection and when the Internet provider can assign the IP address to an individual.

If you continue to use the services of the website, pseudonymous usage profiles and/or the data entered by you on the website (e.g. search words, login data, ratings, form or contract entries, click data) will be processed.

Some services of the website require that you provide personal information to the Company. In these cases, the data provided by you will be used to provide you with the service you require or to be able to process the respective request. The following personal data is processed on the website:

  • User data such as e-mail address, name
  • Course data, such as notes and display settings of the course content;
  • Email content sent from Skillpipe like a password reset link.

Furthermore, your learning progress will be stored continuously.

3. Which cookies are used?

Cookies are used on the website. Cookies are small text files stored on your computer when you visit a website. The stored cookies are assigned to the browser you are using. If the corresponding website is visited again, the web browser sends back the content of the cookies and thus enables user recognition. Certain cookies are deleted when you log out or end the browser session (so-called “transient cookies”). Other cookies are stored for a specified time or permanently (so-called “temporary cookies” or “persistent cookies”). The deletion of these cookies automatically takes place after the expiry of the defined time. You can also delete the cookies in the security settings of your browser at any time and configure the use of cookies according to your preferences. However, the Company points out that you may not be able to use all features of the website.

Basically, cookies are only an online identifier without personal reference. Cookies are personally identifiable, if the information generated by the cookies is combined with other information or data. A distinction can be made between the cookies that are required for the provision of the website and the cookies required for other purposes, such as user behavior analysis or advertising.

The cookies required for the provision of the website include, but are not limited to:

  • Cookies used to identify or authenticate users;
  • Cookies that store certain user preferences (e.g. search or language settings);
  • Cookies that store data to ensure trouble-free playback of video or audio content.
  • Analysis cookies, which are used to record the usage behavior (e.g. clicked advertising banners, visited subpages, search queries) of our users and to evaluate them in statistical form.

4. What data is collected for what purposes?

The purposes of the data processing may be the result of technical, contractual or legal requirements as well as consent.

  • Provision of the website and ensuring technical safety, in particular to remedy technical errors and to ensure that unauthorized persons do not gain access to the systems of the Website;
  • Web analytics to make the website more efficient, interesting, and to conduct market research;
  • To provide you with goods and services and related services, including identification of your identity;
  • For forwarding to Lab Hosting websites as part of on-demand courses;
  • To enable single sign-on from the Learning Management Systems of the Training Centers;
  • To enable Arvato to fulfill its contractual obligations and, to remit payment to a third party if a product has been purchased by a customer who has been redirected from the third party’s website to the Arvato website.
  • To assist Microsoft Learning Partners of the respective training organization to assist their students in course progress

For more information about these data processing purposes, see the following sections of this Privacy Notice.

4.1 Technical provision of the website
4.1.1 Description and scope of data processing

To ensure the functionality of the website, the execution of security analysis and the defense against attacks, records of the server log files are automatically stored, as part of the accruing access data according to item 2 for the computer system of the used computer upon entering and while using the website. Storage of the server log files together with other data does not take place. The Company uses the server log files for statistical analysis to analyze and correct technical incidents, to ward off attacks and fraud attempts, and to optimize the website’s functionality.

4.1.2 Purposes and legal basis of data processing

The legal basis for the collection of the server log files is Item. 6 para. 1 lit. f DSGVO. The functionality of the website, the performance of security analysis and the prevention of attacks and fraud attempts are of legitimate interest to the Company.

4.1.3 Duration of storage or criteria for determining this duration

After accessing the web pages, the server log files are stored on the web server and the IP address contained therein is stored as long as necessary for the purpose. An evaluation during this storage period takes place exclusively in the case of an attack.

4.1.4 Opposition and removal Option

You have the right to object to the processing of your data in the context of server log files, provided that there are reasons for this arising from your particular situation. If you would like to exercise your right of objection, please contact the contact address specified in section 1.

4.2 Contact form, e-mail and telephone contact
4.2.1 Description and scope of data processing

The website provides the possibility to contact the Company via a contact form, an e-mail address or a telephone number. If you wish to use this feature, the data entered in the contact form, your e-mail address and/or your telephone number, as well as your concerns will be transmitted to the Company. Depending on the request (e.g. questions about the Company’s products and services, assertion of your data subject rights, such as information), your contact details will be processed further (with the help of service providers). Your contact information may be shared with third parties (such as affiliates), to the extent necessary to process your request,

4.2.2 Purposes and legal basis of data processing

The legal basis for the processing of your contact data is based on Item 6 para. 1 lit. f DSGVO. Your legitimate interests lie in the processing of your request and further communication. If your contact is aimed at concluding a contract with the Company, the legal basis for the processing of your contact data is Item 6 para. 1 lit. b DSGVO.

4.2.3 Duration of storage or criteria for determining this duration

After processing your request and terminating further communication, the contact details will be deleted. However, if the intention behind your contacting the Company is to conclude a contract with the Company or if you wish to assert your data subject rights such as information inquiry. For this purpose, the data will be stored until the contractual and/or legal obligations have been fulfilled and statutory retention periods do not preclude deletion.

4.2.4 Opposition and removal options

You have the right to object to the processing of your contact details, provided there are reasons for this arising from your particular situation. If you would like to exercise your right of objection, please contact the contact address specified in section 1. If you object, communication cannot be continued. However, if the intention behind your contacting the Company, such as the initiation of a contract, fulfillment of a contract or assertion of your data subject rights, requires the processing of contact details, you cannot exercise your right to objection.

4.3 Web tracking

The website contains built-in services that optimize the user-friendliness and measure the reach of the website. Your access data (see section 2) will be recorded and the usage behavior will be evaluated by means of analysis cookies (see section 3). For web tracking, a personal identification is generally not required, so that when you enter your access data, the stored IP address is either not used or only shortened and pseudonymous usage profiles are created. These are not merged with other data and you have the possibility to opt out at any time. The creation of personal usage profiles is only carried out in exceptional cases and provided you have given your consent.

The web tracking services are usually provided by service providers who process the data only as directed by the person responsible and not for their own purposes as a so-called processor. This is ensured by contract processing contracts. If the service providers outside the European Union or the European Economic Area (hereinafter referred to as “EU or EEA”) process their data, a so-called third-country transfer takes place. This is permissible, provided that you have given your consent, the Company has provided guarantees for a data protection level that is appropriate to the European standard or the EU Commission has classified the respective third country as a safe third country. The third-country transfer of the respective service is indicated below. Further information on the recipients of your data can be found in section 5.

The web tracking services of the website are described in more detail below.

4.3.1 Google Analytics

The website uses the service Google Analytics. Provider of Google Analytics is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Analytics creates a pseudonymous usage profile to optimize the user-friendliness of the website. The pseudonimity is ensured by the fact that before you submit your data to Google, the IP address is shortened and no conclusion on your person is possible. The pseudonymous usage profile is evaluated after delivery for the purpose of optimizing usability. A merge with other data from Google does not take place. Through a contract processing contract, the Company ensures that Google processes the data only at its own discretion.

Through the use of Google Analytics, third country transfers take place (see paragraph 4.7). With a certification according to the EU-US Privacy Shield, however, Google ensures that the third-country transfer guarantees the European privacy level.

For more information about Google Analytics data processing, see the Google Privacy Policy: http://www.google.com/intl/en/analytics/privacyoverview.html.

4.3.2 Purposes and legal basis of data processing:

The legal basis for recording and evaluating pseudonymous usage profiles is Item 6 para. 1 lit. f DSGVO. In optimizing the user-friendliness of the website and the range measurement are the legitimate interests of the Company. Insofar as personal usage profiles are recorded and evaluated, the legal basis is your consent in accordance with Item 6 para. 1 lit. a GDPR.

4.3.3 Duration of storage or criteria for determining this duration:

The data collected and evaluated using the web tracking services is typically stored until you object to its use. If the data processing is based on your consent, your data will be stored until you revoke your consent.

4.3.4 Opposition and removal options:

You may opt-out of using the web tracking services at any time by modifying your browser settings or by using the following link(s) to download and install the available browser plug-ins: Google Analytics: [https://support.google.com / analytics / answer / 181881? hl = DE].

If the data processing is based on your consent, you can revoke your consent at any time by informing the Company of your revocation [courseware@bertelsmann.de, subject “revocation consent web tracking”].

5. Who receives my data?

Within the Company, those entities gain access to your data that are required to fulfill the purposes described in section 4 above. Also, service providers employed by the Company may gain access to your data (so-called “processors”, such as data centers, newsletters, sweepstakes, and customer service or debtor management). Order processing contracts ensure the adherence to instructions, data security and the confidential handling of your data by these service providers.

A data transfer to other recipients such as advertising partners, providers of social media services or credit institutions (so-called “third parties”) will take place if required by law or if you have consented

Personal data will not be rented or sold to third parties.

The following third parties are included in the data transfer:

  • Public sector bodies and institutions, such as law enforcement agencies, who gain access to your data for compliance with legal or regulatory obligations.
  • Arvato reserves the right to transfer your personal information to the relevant publisher, such as Microsoft Inc. or Microsoft affiliates, e.g. to forward the respective training organization.
  • Providers of Lab Hosting Websites

Forwarding is also possible to the following persons:

Companies working on behalf of Arvato: we hire companies to provide certain services to us, such as but not limited to customer hotlines or the processing of payments. In this context, it may be necessary for these companies to process your personal information. We are acting on these companies to use the data only for the provision of these services. Businesses are not allowed to pass this information on to third parties, unless this is necessary to provide the services.

Company sales: Arvato reserves the right to disclose your personal data or parts thereof to third parties in the event of a sale of the Company or Company objects, provided that the services provided via the website are transferred to a third party. In case of a sale, Arvato will give you the opportunity to object to a redirect. This may result in the acquiring company no longer being able to provide the services provided by Arvato.

Your consent: In all other cases, Arvato will obtain your consent before disclosing your data. Arvato can e.g. organize a special offer or contest with third parties in connection with which you are asked to consent to the disclosure of data to that third party.

Further information on the transfer of data to the respective third party can be found in the individual purposes according to Section 4.

6. Will my data be processed outside the EU or EEA (third-country transfer)?

If the service providers listed in section 5 and/or third parties outside the EU or the EEA process your data for the purposes specified in paragraph 4, this may result in your data being transmitted to a country where none of the EU or the EEA reasonable level of data protection can be guaranteed. However, such a level of data protection can be guaranteed with a suitable guarantee. A suitable guarantee may be standard contractual clauses provided by the EU Commission. You may request a copy of these warranties from the contact details in section 1. Exceptionally, any guarantees may be waived if you consent or the third country transfer is required for the performance of your contract with the Company. The EU Commission has also recognized certain third countries as safe third countries, so that it is not possible at this point to provide any suitable guarantees from the Company.

The following service providers process their data outside the EU or EEA:

  • We may transfer personal information to Microsoft Inc. and Microsoft affiliates and to third parties located outside the European Union. Please note, that the collection, storage and processing of your data is subject to this privacy policy, but countries outside the European Union offer less personal data protection than is the case in Germany.
  • For the use of web-tracking services, service providers are set up whose rights centers are located in a third country or which have access to data centers within the European Union or the EEA from a branch in a third country. The services, which are certified according to the EU-US Privacy Shield, ensure that the third-country transfer guarantees the European level of data protection.

7. What privacy rights do I have?

At any time you have the right to request information about the personal data stored with us. If any personal information about you is false or out of date, you have the right to ask for its correction. You also have the right to request the deletion or restriction of the processing of your data in accordance with Item 17 or Item 18 GDPR. You may continue to have the right to disclose the data you provide in a common and machine-readable format (data transferability right).

If you have given consent to the processing of personal data for specific purposes, you may revoke your consent at any time with future effect. The revocation must be sent to the Company at the contact address specified in section 1.

In accordance with Art. 21 GDPR, the right to object, at any time for reasons arising from your particular situation, to the processing of your data according to the legal basis of Art. 6 para. 1 lit. f DSGVO. You also have the right to object to the processing of your personal data for the purpose of direct mail at any time. The same applies to the automated procedures for the use of individual cookies, if these are not mandatory for the provision of the website.

In addition, you have the opportunity to contact a data protection authority and file a complaint there. The authority responsible for the Company is the

Country Representative for Data Protection and Freedom of Information North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen)

Kavalleriestr. 2-4

40213 Düsseldorf

Telephone: 0211 / 38424-0

Fax: 0211 / 38424-10

E-Mail: poststelle@ldi.nrw.de

You can also contact the data protection authority responsible for your place of residence.

8. To what extent is there an automated decision-making process?

For the purposes mentioned in section 4, we do not use fully automated decision-making.

9. Is profiling taking place?

For the purposes mentioned under Item 4, no profiling takes place.

10. Final / Version information

As the site evolves and new technologies are introduced to improve our service to you, changes to these privacy notices may be required. Therefore, we recommend that you review these privacy statements from time to time.

Status of the privacy policy: 24.05.2018