Skillpipe Privacy Policy Website according to GDPR and FDPA
- Who is responsible for the processing of my data?
- Which data is collected?
- Which cookies are used?
- What data is collected for what purposes?
- Who receives my data?
- Will my data be processed outside the EU or EEA (third-country transfer)?
- What privacy rights do I have?
- To what extent is there an automated decision-making process?
- Is profiling taking place?
- California Residents
- Final/Version information
Skillpipe Privacy Policy Website according to GDPR and FDPA
The data protection instructions fulfill the information requirements according to the requirements of Item 12 ff. of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) and provide an overview of the processing of your personal data (on this website).
This privacy policy informs you about the possibility of asserting the data subject rights under data protection law. In order to be able to answer your request comprehensively, we are obliged by law to verify your identity. This is to protect your data from unauthorized access. For this purpose, it may be necessary for you to provide a copy of your passport or similar information about yourself and the individual data processing. Within this provided information, you may omit information that is not necessary to prove your identity (for example, on a passport copy, eye color, height, or nationality may be blacked out). Without providing information, we are unable to fulfill your data subject rights.
1. Who is responsible for the processing of my data?
Arvato Supply Chain Solutions SE
Reinhard-Mohn-Str. 22
33333
Gütersloh
Germany
Telephone: +49 5241-80 0
E-mail to: info@arvato-supply-chain.com
is
responsible for the processing of this data (hereinafter referred to as
“Company”). The Company has collected personal data in connection
with the GDPR and the Federal Data Protection Act (hereinafter referred to as
“FDPA”).
You can reach the data protection officer of the Company
under the address above with the addition “To the data protection
officer” or via email: data-privacy@arvato-supply-chain.com.
2. Which data is collected?
When you visit the website, the computer automatically collects information
(hereinafter referred to as “access data”). This access data
includes server log files, which usually consist of information about the
browser type and version, the operating system, the Internet service provider,
the date and time of use of the web page, previously visited web pages and other
websites accessed for the first time via the website, as well as the IP address
of the computer. With the exception of the IP address, the server log files are
not personally identifiable. An IP address is personally identifiable when the
IP address has been permanently assigned when using the internet connection and
when the Internet provider can assign the IP address to an individual.
If you
continue to use the services of the website, pseudonymous usage profiles and/or
the data entered by you on the website (e.g. search words, login data, ratings,
form or contract entries, click data) will be processed.
Some services of the
website require that you provide personal information to the Company. In these
cases, the data provided by you will be used to provide you with the service you
require or to be able to process the respective request. The following personal
data is processed on the website:
- User data such as e-mail address, name
- Course data, such as notes and display settings of the course content;
- Email content sent from Skillpipe like a password reset link.
Furthermore, your learning progress will be stored continuously.
3. Which cookies are used?
Arvato uses cookies when you visit our website. Cookies are small text-files which in principle are not personally identifiable and are stored on your end device (computer, tablet or smartphone) when you access the website. Information generated in each case in connection with your end device is stored in the cookies. However, this does not mean that Arvato is given knowledge directly about your identity. Certain cookies are deleted when you sign out or end the browser session (so-called “session cookies”). Other cookies are saved for a certain time or permanently (so-called “temporary cookies” or “persistent cookies”). These cookies are deleted automatically after expiry of a specified period. You can also delete cookies at any time in the security settings of your browser and configure the use of cookies as you wish.
In the use of cookies, Arvato differentiates between those that are necessary for the technical provision of the website and cookies that are used for further, optional purposes such as analysis of user behaviour or advertising.
Arvato uses only technically necessary, i.e. functional cookies, which are required for the operation of the website. They enable navigation through the website as well as further, essential functions. The legal basis for the processing of your data through the use of technically necessary cookies is Art. 6, paragraph 1(f) GDPR. The website user has no right of objection with regard to the data processing that is necessary for the operation of the website.
The cookies required for the provision of the website include, but are not limited to:
- Cookies used to identify or authenticate users;
- Cookies that store certain user preferences (e.g. search or language settings);
- Cookies that store data to ensure trouble-free playback of video or audio content.
4. What data is collected for what purposes?
The purposes of the data processing may be the result of technical, contractual or legal requirements as well as consent.
- Provision of the website and ensuring technical safety, in particular to remedy technical errors and to ensure that unauthorized persons do not gain access to the systems of the Website;
- Web analytics to make the website more efficient, interesting, and to conduct market research;
- To provide you with goods and services and related services, including identification of your identity;
- For forwarding to Lab Hosting websites as part of on-demand courses;
- To enable single sign-on from the Learning Management Systems of the Training Centers;
- To enable Arvato to fulfill its contractual obligations and, to remit payment to a third party if a product has been purchased by a customer who has been redirected from the third party’s website to the Arvato website.
- To assist Microsoft Learning Partners of the respective training organization to assist their students in course progress
For more information about these data processing purposes, see the following sections of this Privacy Notice.
4.1 Technical provision of the website
4.1.1 Description and scope of data processing
To ensure the functionality of the website, the execution of security analysis and the defense against attacks, records of the server log files are automatically stored, as part of the accruing access data according to item 2 for the computer system of the used computer upon entering and while using the website. Storage of the server log files together with other data does not take place. The Company uses the server log files for statistical analysis to analyze and correct technical incidents, to ward off attacks and fraud attempts, and to optimize the website’s functionality.
4.1.2 Purposes and legal basis of data processing
The legal basis for the collection of the server log files is Item. 6 para. 1 lit. f GDPR. The functionality of the website, the performance of security analysis and the prevention of attacks and fraud attempts are of legitimate interest to the Company.
4.1.3 Duration of storage or criteria for determining this duration
After accessing the web pages, the server log files are stored on the web server and the IP address contained therein is stored as long as necessary for the purpose. An evaluation during this storage period takes place exclusively in the case of an attack.
4.1.4 Opposition and removal Option
You have the right to object to the processing of your data in the context of server log files, provided that there are reasons for this arising from your particular situation. If you would like to exercise your right of objection, please contact the contact address specified in section 1.
4.2 Contact form, e-mail and telephone contact
4.2.1 Description and scope of data processing
The website provides the possibility to contact the Company via a contact form, an e-mail address or a telephone number. If you wish to use this feature, the data entered in the contact form, your e-mail address and/or your telephone number, as well as your concerns will be transmitted to the Company. Depending on the request (e.g. questions about the Company’s products and services, assertion of your data subject rights, such as information), your contact details will be processed further (with the help of service providers). Your contact information may be shared with third parties (such as affiliates), to the extent necessary to process your request,
4.2.2 Purposes and legal basis of data processing
The legal basis for the processing of your contact data is based on Item 6 para. 1 lit. f GDPR. Your legitimate interests lie in the processing of your request and further communication. If your contact is aimed at concluding a contract with the Company, the legal basis for the processing of your contact data is Item 6 para. 1 lit. b GDPR.
4.2.3 Duration of storage or criteria for determining this duration
After processing your request and terminating further communication, the contact details will be deleted. However, if the intention behind your contacting the Company is to conclude a contract with the Company or if you wish to assert your data subject rights such as information inquiry. For this purpose, the data will be stored until the contractual and/or legal obligations have been fulfilled and statutory retention periods do not preclude deletion.
4.2.4 Opposition and removal options
You have the right to object to the processing of your contact details, provided there are reasons for this arising from your particular situation. If you would like to exercise your right of objection, please contact the contact address specified in section 1. If you object, communication cannot be continued. However, if the intention behind your contacting the Company, such as the initiation of a contract, fulfillment of a contract or assertion of your data subject rights, requires the processing of contact details, you cannot exercise your right to objection.
4.3 Web tracking
The website contains built-in services that optimize the user-friendliness and
measure the reach of the website. Your access data (see section 2) will be
recorded and the usage behavior will be evaluated by means of analysis cookies
(see section 3). For web tracking, a personal identification is generally not
required, so that when you enter your access data, the stored IP address is
either not used or only shortened and pseudonymous usage profiles are created.
These are not merged with other data and you have the possibility to opt out at
any time. The creation of personal usage profiles is only carried out in
exceptional cases and provided you have given your consent.
The web tracking
services are usually provided by service providers who process the data only as
directed by the person responsible and not for their own purposes as a so-called
processor. This is ensured by contract processing contracts. If the service
providers outside the European Union or the European Economic Area (hereinafter
referred to as “EU or EEA”) process their data, a so-called
third-country transfer takes place. This is permissible, provided that you have
given your consent, the Company has provided guarantees for a data protection
level that is appropriate to the European standard or the EU Commission has
classified the respective third country as a safe third country. The
third-country transfer of the respective service is indicated below. Further
information on the recipients of your data can be found in section 5.
The web
tracking services of the website are described in more detail below.
4.3.1 Google Analytics
The website uses the service Google Analytics. Provider of Google Analytics is
Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google
Analytics creates a pseudonymous usage profile to optimize the user-friendliness
of the website. The pseudonimity is ensured by the fact that before you submit
your data to Google, the IP address is shortened and no conclusion on your
person is possible. The pseudonymous usage profile is evaluated after delivery
for the purpose of optimizing usability. A merge with other data from Google
does not take place. Through a contract processing contract, the Company ensures
that Google processes the data only at its own discretion.
For more
information about Google Analytics data processing, see the Google Privacy
Policy: http://www.google.com/intl/en/analytics/privacyoverview.html.
4.3.2 Purposes and legal basis of data processing:
The legal basis for recording and evaluating pseudonymous usage profiles is Item 6 para. 1 lit. f GDPR. In optimizing the user-friendliness of the website and the range measurement are the legitimate interests of the Company. Insofar as personal usage profiles are recorded and evaluated, the legal basis is your consent in accordance with Item 6 para. 1 lit. a GDPR.
4.3.3 Duration of storage or criteria for determining this duration:
The data collected and evaluated using the web tracking services is typically stored until you object to its use. If the data processing is based on your consent, your data will be stored until you revoke your consent.
4.3.4 Opposition and removal options:
You may opt-out of using the web tracking services at any time by modifying your
browser settings or by using the following link(s) to download and install the
available browser plug-ins: Google Analytics: https://support.google.com
/ analytics / answer / 181881? hl = DE.
If the data processing is
based on your consent, you can revoke your consent at any time by informing the
Company of your revocation courseware@arvato-scs.com
(subject “revocation consent web tracking”).
5. Who receives my data?
Within the Company, those entities gain access to your data that are required to
fulfill the purposes described in section 4 above. Also, service providers
employed by the Company may gain access to your data (so-called
“processors”, such as data centers, newsletters, sweepstakes, and
customer service or debtor management). Order processing contracts ensure the
adherence to instructions, data security and the confidential handling of your
data by these service providers.
A data transfer to other recipients such as
advertising partners, providers of social media services or credit institutions
(so-called “third parties”) will take place if required by law or if
you have consented
Personal data will not be rented or sold to third
parties.
The following third parties are included in the data transfer:
- Public sector bodies and institutions, such as law enforcement agencies, who gain access to your data for compliance with legal or regulatory obligations.
- Arvato reserves the right to transfer your personal information to the relevant publisher, such as Microsoft Inc. or Microsoft affiliates, e.g. to forward the respective training organization.
- Providers of Lab Hosting Websites
Forwarding is also possible to the following persons:
Companies working on
behalf of Arvato: we hire companies to provide certain services to us, such as
but not limited to customer hotlines or the processing of payments. In this
context, it may be necessary for these companies to process your personal
information. We are acting on these companies to use the data only for the
provision of these services. Businesses are not allowed to pass this information
on to third parties, unless this is necessary to provide the
services.
Company sales: Arvato reserves the right to disclose your personal
data or parts thereof to third parties in the event of a sale of the Company or
Company objects, provided that the services provided via the website are
transferred to a third party. In case of a sale, Arvato will give you the
opportunity to object to a redirect. This may result in the acquiring company no
longer being able to provide the services provided by Arvato.
Your consent:
In all other cases, Arvato will obtain your consent before disclosing your data.
Arvato can e.g. organize a special offer or contest with third parties in
connection with which you are asked to consent to the disclosure of data to that
third party.
Further information on the transfer of data to the respective
third party can be found in the individual purposes according to Section 4.
6. Will my data be processed outside the EU or EEA (third-country transfer)?
If the service providers listed in section 5 and/or third parties outside the EU
or the EEA process your data for the purposes specified in paragraph 4, this may
result in your data being transmitted to a country where none of the EU or the
EEA reasonable level of data protection can be guaranteed. However, such a level
of data protection can be guaranteed with a suitable guarantee. A suitable
guarantee may be standard contractual clauses provided by the EU Commission. You
may request a copy of these warranties from the contact details in section 1.
Exceptionally, any guarantees may be waived if you consent or the third country
transfer is required for the performance of your contract with the Company. The
EU Commission has also recognized certain third countries as safe third
countries, so that it is not possible at this point to provide any suitable
guarantees from the Company.
The following service providers process their
data outside the EU or EEA:
- We may transfer personal information to Microsoft Inc. and Microsoft affiliates and to third parties located outside the European Union. Please note, that the collection, storage and processing of your data is subject to this privacy policy, but countries outside the European Union offer less personal data protection than is the case in Germany.
- For the use of web-tracking services, service providers are set up whose rights centers are located in a third country or which have access to data centers within the European Union or the EEA from a branch in a third country.
7. What privacy rights do I have?
At any time you have the right to request information about the personal data
stored with us. If any personal information about you is false or out of date,
you have the right to ask for its correction. You also have the right to request
the deletion or restriction of the processing of your data in accordance with
Item 17 or Item 18 GDPR. You may continue to have the right to disclose the data
you provide in a common and machine-readable format (data transferability
right).
If you have given consent to the processing of personal data for
specific purposes, you may revoke your consent at any time with future effect.
The revocation must be sent to the Company at the contact address specified in
section 1.
In accordance with Art. 21 GDPR, the right to object, at any time
for reasons arising from your particular situation, to the processing of your
data according to the legal basis of Art. 6 para. 1 lit. f GDPR. You also have
the right to object to the processing of your personal data for the purpose of
direct mail at any time. The same applies to the automated procedures for the
use of individual cookies, if these are not mandatory for the provision of the
website.
In addition, you have the opportunity to contact a data protection
authority and file a complaint there. The authority responsible for the Company
is the
Country Representative for Data Protection and Freedom of Information
North Rhine-Westphalia (Landesbeauftragte für Datenschutz und
Informationsfreiheit Nordrhein-Westfalen)
Kavalleriestr. 2-4
40213
Düsseldorf
Telephone: +49 211 / 38424-0
Fax: +49 211 / 38424-10
E-Mail:
poststelle@ldi.nrw.de
You can also
contact the data protection authority responsible for your place of residence.
8. To what extent is there an automated decision-making process?
For the purposes mentioned in section 4, we do not use fully automated decision-making.
9. Is profiling taking place?
For the purposes mentioned under Item 4, no profiling takes place.
10. California Residents
If you are a California resident, the information below also applies to you.
10.1 California Consumer Privacy Act
California residents may request copies of the data collected about them in the
past 12 months or request that we delete personal information about them.
You may exercise your rights by contacting us via email at data-privacy@arvato-supply-chain.com
or writing to us at:
Arvato
c/o Courseware Marketplace
29011 Commerce
Center Dr.
Valencia, CA 91355.
Please see the other provisions of this Privacy Policy for information regarding the categories of personal information we collect, the business or commercial purposes for which the data is collected, our methods of collection, and categories of third parties we disclose information to. We do not sell personal information about you to third parties.
10.2 California Privacy Rights
10.2.1 Shine the Light
California Civil Code Section 1798.83 gives California residents the right to request, from a business with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party, and the identities of the third parties with whom the business has shared such information during the immediately preceding year. To request further information pursuant to California Civil Code Section 1798.83, please contact us via email at data-privacy@arvato-supply-chain.com.
10.2.2 California Minor Content Removal
If you are a resident of California, under 18 and a registered user of our services, you may ask us to remove content or information that you have posted to these services by contacting us via email at data-privacy@arvato-supply-chain.com. Please note that your request does not ensure complete or comprehensive removal of the content or information, as, for example, some of your content may have been reposted by another user.
We do not knowingly collect personal information directly from children under the age of 13 without parental consent. Our websites are general audience sites and are not specifically targeted to or intended for use by children.
10.2.3 California Do Not Track Disclosure
Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, we do not respond to Do Not Track browser settings or signals. For information about Do Not Track, please visit: www.allaboutdnt.org.
11. Final / Version information
As the site evolves and new technologies are introduced to improve our service to
you, changes to these privacy notices may be required. Therefore, we recommend
that you review these privacy statements from time to time.
Status of the
privacy policy: 01.04.2020