We have written this privacy statement (version 01.02.2021-311257091) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679, what information we collect, how we use data and what decision-making options you have as a visitor to this website.
Unfortunately, it is in the nature of the matter that these explanations sound very technical, but we have tried to describe the most important things as simply and clearly as possible when writing them.
Automatic data storage
Nowadays, when you visit websites, certain information is automatically created and stored, including on this website.
When you visit our website, as you are doing right now, our web server (computer on which this website is stored) automatically stores data such as
- the address (URL) of the visited web page
- browser and browser version
- the operating system used
- the address (URL) of the previously visited page (referrer URL)
- the host name and IP address of the device from which access is made
- the date and time
- in files (web server log files).
As a rule, web server log files are stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot exclude the possibility that this data may be viewed in the event of unlawful behavior.
Our website uses HTTP cookies to store user-specific data.
What exactly are cookies?
Whenever you browse the Internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the “user-related” information back to our site. Thanks to cookies, our site knows who you are and offers you your usual default setting. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. Also, the expiration time of a cookie varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other “pests”. Cookies also cannot access information on your PC.
For example, cookie data may look like this
Expiration time: 2 years
Usage: Differentiation of website visitors
Example value: GA1.2.1326744211.152311257091
A browser should support the following minimum sizes:
A cookie should be able to contain at least 4096 bytes
It should be possible to store at least 50 cookies per domain
A total of at least 3000 cookies should be able to be stored
What types of cookies are there?
We can distinguish between 4 types of cookies:
Absolutely necessary cookies.
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing on other pages, and only later goes to the checkout. These cookies do not delete the shopping cart even if the user closes his browser window.
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behavior of the website with different browsers.
These cookies provide a better user experience. For example, entered locations, font sizes or form data are stored.
These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very convenient, but also very annoying.
Usually, when you visit a website for the first time, you are asked which of these cookie types you want to allow. And of course, this decision is also stored in a cookie.
How can I delete cookies?
If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find it in your browser settings:
If you generally don’t want cookies, you can set your browser to notify you whenever a cookie is about to be set. This way, you can decide for each cookie whether to allow it or not. The procedure varies depending on the browser. The best way is to search the instructions in Google with the search term “delete cookies Chrome” or “disable cookies Chrome” in case of a Chrome browser or replace the word “Chrome” with the name of your browser, e.g. Edge, Firefox, Safari.
What about my privacy?
Since 2009, there have been the so-called “Cookie Guidelines”. This states that storing cookies requires your consent. Within the EU countries, however, there are still very different reactions to these directives. In Germany, the Cookie Directives have not been implemented as national law. Instead, this directive was largely implemented in Section 15 (3) of the German Telemedia Act (TMG).
If you want to know more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
Storage of personal data
Personal data that you submit to us electronically on this website, such as name, e-mail address, address or other personal information in the context of submitting a form or commenting on the blog, will be used by us together with the time and IP address only for the purpose stated in each case, kept secure and not disclosed to third parties.
We thus use your personal data only for communication with those visitors who expressly request contact and for the processing of the services and products offered on this website. We do not disclose your personal data without your consent, but we cannot exclude the possibility that this data may be accessed in the event of unlawful conduct.
If you send us personal data by e-mail – thus away from this website – we cannot guarantee secure transmission and protection of your data. We recommend that you never send confidential data by e-mail without encryption.
According to Article 6(1)(a) DSGVO (lawfulness of processing), the legal basis is that you give us consent to process the data you have entered. You can revoke this consent at any time – an informal e-mail is sufficient, you will find our contact details in the imprint.
Rights according to the Basic Data Protection Regulation
According to the provisions of the DSGVO, you are generally entitled to the following rights:
- Right to rectification (Article 16 GDPR)
- Right to erasure (“right to be forgotten”) (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to notification – obligation to notify in connection with the rectification or erasure of personal data or the restriction of processing (Article 19 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right not to be subject to a decision based solely on automated processing – including profiling (Article 22 GDPR).
If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
TLS encryption with https
We use https to transmit data in a tap-proof manner on the Internet (data protection by design of technology Article 25(1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission protection by the small lock symbol in the upper left corner of the browser and the use of the scheme https (instead of http) as part of our internet address.
On our website we use Google Fonts. These are the “Google Fonts” of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
For the use of Google Fonts you do not have to log in or provide a password. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account information, while using Google Fonts, will be transmitted to Google. Google records the usage of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We’ll take a detailed look at exactly what this data storage looks like.
What are Google Fonts?
Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users free of charge.
Many of these fonts are released under the SIL Open Font License, while others are released under the Apache license. Both are free software licenses.
Why do we use Google Fonts on our website?
Google Fonts allows us to use fonts on our own website, but we don’t have to upload them to our own server. Google Fonts is an important component in keeping the quality of our website high. All Google Fonts are automatically optimized for the web and this saves data volume and is a big advantage especially for mobile use. When you visit our site, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can sometimes visually distort texts or entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So, we use Google Fonts so that we can display our entire online service as beautifully and consistently as possible.
What data is stored by Google?
When you visit our website, the fonts are reloaded via a Google server. Through this external call, data is transmitted to the Google servers. In this way, Google also recognizes that you or your IP address are visiting our website. The Google Fonts API is designed to reduce the use, storage, and collection of end-user data to what is necessary for proper font delivery. API, by the way, stands for “Application Programming Interface” and is used, among other things, as a data transmitter in software.
Google Fonts stores CSS and font requests securely at Google and is therefore protected. Through the collected usage figures, Google can determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites are using Google fonts. This data is published to the Google Fonts BigQuery database. Entrepreneurs and developers use Google’s BigQuery web service to be able to examine and move large amounts of data.
However, it is still important to remember that each Google Font request also automatically transmits information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google’s servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.
How long and where is the data stored?
Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This allows us to use fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to easily and quickly change the design or font of a website, for example.
The font files are stored by Google for one year. Google thus pursues the goal of fundamentally improving the loading time of web pages. If millions of web pages refer to the same fonts, they are cached after the first visit and immediately reappear on all other web pages visited later. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.
How can I delete my data or prevent data storage?
Those data that Google stores for a day or a year cannot be easily deleted. The data is automatically transmitted to Google when the page is called up. In order to delete this data prematurely, you must contact Google support at https://support.google.com/?hl=de&tid=311257091. Data storage you prevent in this case only if you do not visit our site.
Unlike other web fonts, Google allows us unlimited access to all fonts. So we can have unlimited access to a sea of fonts and get the most out of our website. You can find out more about Google Fonts and other issues at https://developers.google.com/fonts/faq?tid=311257091. Google does address privacy-related issues there, but it doesn’t really include detailed information about data storage. It is relatively difficult to get really precise information from Google about stored data.
What data is basically collected by Google and what it is used for can also be found at https://www.google.com/intl/de/policies/privacy/.
Registration for the event series Zirkel.Training (rapidmail)
Registration for the Zirkel.Training event series takes place via a form on our website. We use the so-called double opt-in procedure. First, a confirmation e-mail is sent to the e-mail address you provided, with a request for confirmation. The registration only becomes effective when you click on the activation link contained in the confirmation email. We use your data transmitted to us exclusively for sending information about the event series.
We use rapidmail to send the notifications. Your data will therefore be transmitted to rapidmail GmbH. In doing so, rapidmail GmbH is prohibited from using your data for purposes other than sending the newsletter. The rapidmail GmbH is not permitted to pass on or sell your data. rapidmail is a German, certified newsletter software provider, which was carefully selected according to the requirements of the DSGVO and the BDSG.
You can revoke your consent to the storage of data and its use for sending mail at any time, e.g. via the unsubscribe link in the messages you receive from us.
Use of Zoom
We would like to inform you below about the processing of personal data in connection with the use of “Zoom”.
Purpose of processing
We use the “Zoom” tool to conduct conference calls, online meetings, video conferences (hereinafter: “Online Meetings’ ‘). “Zoom” is a service provided by Zoom Video Communications, Inc. which is based in the USA. The responsible party for data processing directly related to the conduct of “Online Meetings” is Prosperkolleg e.V. Note: Insofar as you call up the website of “Zoom”, the provider of “Zoom” is responsible for data processing. However, calling up the Internet page is only necessary for using “Zoom” in order to download the software for using “Zoom”.
You can also use “Zoom” if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the “Zoom” app. If you do not want to or cannot use the “Zoom” app, then the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.
What data is processed?
Various types of data are processed when using “Zoom”. The scope of the data also depends on the data you provide before or during participation in an “online meeting”. The following personal data are subject to processing: user details: first name, last name, telephone (optional), e-mail address, password (if “single sign-on” is not used), profile picture (optional), department (optional) meeting metadata: Topic, description (optional), attendee IP addresses, device/hardware information If recording (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
For dial-in with the telephone: information about the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored. Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. To this extent, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the “Zoom” applications. To participate in an “online meeting” or to enter the “meeting room,” you must at least provide information about your name.
If we want to record “online meetings”, we will transparently inform you of this in advance and – if necessary – ask for your consent. The fact of the recording will also be displayed to you in the “Zoom” app. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content.
In the case of webinars, we may also process questions asked by webinar participants for purposes of recording and following up on webinars. If you are registered as a user at “Zoom”, then reports of “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored at “Zoom” for up to one month. Automated decision-making within the meaning of Art. 22 DSGVO is not used.
Legal basis of data processing
Insofar as personal data of employees of Prosperkolleg e.V. are processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of “Zoom”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of “Zoom”, Article 6 (1) f) DSGVO is the legal basis for data processing. In these cases, our interest is in the effective implementation of “online meetings”. For the rest, the legal basis for data processing when conducting “online meetings” is Art. 6 (1) lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships. Should no contractual relationship exist, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective implementation of “online meetings”. Recipients / disclosure of data Personal data processed in connection with participation in “Online Meetings” will not be disclosed to third parties as a matter of principle, unless it is specifically intended for disclosure. Please note that the content of “online meetings”, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on. Other recipients: the provider of “Zoom” necessarily obtains knowledge of the above data to the extent provided for in our order processing agreement with “Zoom”.
“Zoom” is a service provided by a provider from the USA. A processing of personal data thus also takes place in a third country. We have concluded an order processing agreement with the provider of “Zoom” that complies with the requirements of Art. 28 DSGVO. An adequate level of data protection is guaranteed on the one hand by the “Privacy Shield” certification of Zoom Video Communications, Inc. and on the other hand by the conclusion of the so-called EU standard contractual clauses.
You can also read about which data is basically collected by Zoom and what this data is used for at https://zoom.us/de-de/privacy.html.