Data Protection Policy
1. Responsible Department
VPA Prüf- und Zertifizierungs GmbH
Papenberger Str. 49
D-42859 Remscheid
Tel.: +49(2191) 5921-0
Fax: +49(2191) 5921-100
2. Data Protection Policy
The operators of these pages take the protection of your personal data very seriously. We treat your personal data in confidence and in line with the statutory data protection requirements as well as this Data Protection Policy. Rennings Umsetzungsberatung Neuss renders services in respect of the external data protection commissioning.
Our website can normally be used without providing personal data. Insofar as personal data (e.g., name, address or e-mail addresses) are gathered on our pages, this applies, where possible, at all times on a voluntary basis. Such data shall not be forwarded to third parties without your express approval.
We draw attention to the fact that the transmission of data on the internet (e.g. in the case of communication by e-mail) may be subject to security gaps. Data cannot be completely protected against access by third parties.
3. Collecting and Processing Personal Data on the Website
As a matter of principle you can use our online service range without disclosing your identity. If we request personal data (such as a name, address or e-mail address) on the website, e.g. as part of the contact forms or during registration, this applies on a voluntary basis. We use this information for our own business purposes (such as sending the requested materials/information).
Contact Form
We offer you the option of contacting us via a form provided on our website for questions of any kind. The data marked as compulsory are required to allocate and answer the enquiry. Additional information can be provided voluntarily. Data processing for the purpose of contacting us applies in accordance with Article 6(1), Sentence 1, Point (a), GDPR, on the basis of the consent you have granted voluntarily.
The personal data we collect to be used in the contact form shall be deleted after the enquiry you have made has been dealt with and following expiry of the tax and commercial law storage obligations.
Forwarding the Data
Your personal data shall not be forwarded to third parties for commercial or non-commercial purposes without your express consent. We only forward your personal data to third parties if this is legally permissible [e.g. on the basis of Article 6 GDPR] and/or necessary. We use, in part, service providers for the legally required order processing of data; for example, the website is hosted by <Papoo-Media>. We retain full responsibility for the data processing. Furthermore, in part we use Plug-ins from other providers on our website. You can find more details below.
We would like to draw your attention to the fact that we may also forward your personal data to other IT service providers within our Group for the aforementioned purposes. Data are transferred on the basis of a legitimate interest to offer you a comprehensive range of services.
Cookies
The website uses, in part, so-called Cookies. These are set if you have granted your consent in that respect. Only Cookies that are necessary in a technical sense are used without your consent. The website would not function properly without such Cookies.
Cookies do not cause any damage on your computer, and do not contain any viruses. They are aimed at making our service more user-friendly, more effective and safer. Cookies are small text files that are placed on your computer and which your browser stores.
Most of the Cookies we use are so-called "Session Cookies". They are automatically deleted at the end of your visit. Other Cookies remain stored on your terminal until you delete them. These Cookies enable us to recognise your browser during the next visit.
You can adjust your browser so that you are informed of the setting of Cookies and only permit Cookies in an individual case, exclude the acceptance of Cookies for certain cases or in general, and activate the automatic deletion of Cookies when the browser is closed. The functionality of this website may be restricted in the event of deactivating Cookies.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files that your browser automatically forwards to us. These are:
• Browser type and version
• Used operating system
• Referrer URL
• Host name of the accessing computer
• Time of the server enquiry
We process the stated data on the basis of our justified interest in accordance with Article 6(1), Sentence 1, Point (f), GDPR, for the following reasons:
• Guaranteeing a smooth connection set up of the website,
• Guaranteeing comfortable use of our website
• Evaluating system security and stability as well as for other administrative purposes.
Such data cannot be allocated to certain persons. Such data shall not be grouped together with other data sources. We reserve the right to check such data retroactively if we become aware of specific indications of illegal use.
The data shall be deleted immediately if they are no longer required to achieve the purpose, but at the latest after six months.
4. Registration for VPA Academy Programmes
We offer training sessions via our VPA Academy. If you would like to register for one of our e-learning programmes via live web seminars or video training sessions, we shall collect data about you via the registration form, which we need to complete the event registration and hold the event. The data are processed on the legal basis of Article 6(1), Point (b), GDPR, to execute the contract and send the access data for the course content. By way of this we ensure that you can participate in the event. Unfortunately, a person cannot be registered if the necessary data are not made available.
In the confirmation e-mail for your registration you will receive further information in advance about the data processing in conjunction with your participation in the VPA Academy event.
External instructors (e.g. the Lev Academy) shall, in part, conduct training sessions. Therefore, your data shall be forwarded to the external instructor so that they can conduct the training session. The external instructors work at their own responsibility and subsequently issue invoices. Similarly, data may be processed by our service providers if they act as order processors on our behalf. However, they are bound by contract to us and do not pursue their own objectives.
We shall store the data for as long as is necessary to stage the event. Data that are required for invoicing purposes are stored in accordance with the statutory tax and commercial law provisions, and are thereafter deleted.
5. Additional Notices about Technology and Data Protection in Conjunction with our Seminar Programme
You can access the training sessions and workshops via all common devices (PC, tablet, smartphone), operating systems (Windows, iOS, Android) and browsers, and work on the quizzes. Your device only requires an audio output (speakers, headphones) to hear the sound of the videos.
If you book a training session with our external instructors from the Lev Academy, a buyer account shall be created for you at the time of purchase via Elopage, a provider of online payment systems in Berlin. Elopage, which has its registered office in Germany, hosts the video training session. This means the seminar platform and payment provider are from a single source. You can pay by PayPal, credit card, instant bank transfer or in advance. You shall, of course, receive a proper invoice stating the VAT. The invoicing party is the Lev Academy of our lecturer Stephan Joseph. The Lev Academy is responsible for the data protection requirements resulting from GDPR.
If you purchase the workshop as a company, please state the surname, first name and e-mail address of the participant when placing your order. The name is required for the certificate.
6. Customer Data Processing (Private Customers)
The following contains information about the processing of your personal data:
We process personal data with regard to you in conjunction with the establishment, implementation and execution of contracts and their initiation on the basis of Article 6(1), Sentence 1, Point (b), GDPR, and to honour legal obligations (e.g. commercial and tax law) on the basis of Article 6(1), Sentence 1, Point (c), GDPR.
Furthermore, data are also processed for legitimate purposes according to Article 6(1), Sentence 1, Point (f), GDPR, such as marketing, internal market research and marketing purposes, internal company statistics and optimisation of programmes. The justified interests lie, in particular, in the optimisation of processes and cost-appropriate allocation. In this respect, your interests, fundamental rights and freedoms are duly taken into account.
The data you provide are required to implement the contractual relationship. Without such data, we cannot execute the contract that has been entered into.
If you have given us your consent, we will use your data to send you information about products, services, events and other interesting information about our company. You may object to such sending at any time with effect for the future.
Forwarding / Service Providers
Your personal data shall, in part, be passed on to external service providers (e.g. tax advisers and legal advisers). External IT service providers may, in part, gain access your data (as part of commissioned order data processing in accordance with Article 28 GDPR). In this case, the service providers act in accordance with instructions. This has been guaranteed by way of corresponding contracts. These service providers are, in part, located outside the EU/EEA. These service providers guarantee an appropriate level of data protection by entering into EU standard contract clauses.
Storing and Deleting Data
Your data shall be stored for as long as is necessary for the aforementioned purposes. The data shall be deleted at the latest following termination of the contractual relationship and expiry of the statutory storage periods set out in civil, commercial and tax law.
7. Customer Data Processing (Business Customers)
The following contains information about the processing of your personal data (personal data are all data relating to you as a natural person):
As a contracting party of your company, we process personal data relating to you on the basis of our justified interest in preparing offers and executing contracts on the basis of Article 6 (1), Point (f), GDPR. Processing for the purposes of accounting and cost accounting and to honour legal obligations (e.g. commercial and tax law) are based on Article 6(1), Sentence 1, Point (c), GDPR. The business relationship is in place between us and your company. If you act as a natural person (e.g. as a sole trader or self-employed person), your data shall be processed to implement pre-contractual measures and execute of contracts on the legal basis of Article 6(1), Point (b), GDPR.
Furthermore, data are also processed for justified purposes in accordance with Article 6(1), Sentence 1, Point (f), GDPR, such as marketing, internal market research and marketing purposes and internal company statistics. The justified interests lie, in particular, in the optimisation of processes and cost-appropriate allocation. In this respect, your interests, fundamental rights and freedoms are duly taken into account.
We shall only use your data to send you information about products, services, events and other interesting facts about our company if you have given us your consent to do so or if we have informed you appropriately as part of data collection in accordance with Section 7 UWG (German Unfair Competition Act). You may object to such sending at any time with effect for the future.
The data you provide are required to implement the contractual relationship. Without such data, we cannot execute the contract that has been entered into.
Forwarding
Your personal data shall, in part, be forwarded to external service providers (e.g. tax advisers, legal advisers). External IT service providers may, in part, gain access your data (as part of commissioned order data processing in accordance with Article 28 GDPR). In this case, the service providers act in accordance with instructions. This has been guaranteed by way of corresponding contracts. These service providers are, in part, located outside the EU/EEA. These service providers guarantee an appropriate level of data protection by entering into EU standard contract clauses.
Storing and Deleting Data
Your data shall be stored for as long as is necessary for the aforementioned purposes. The data shall be deleted at the latest following termination of the contractual relationship and expiry of the statutory storage periods set out in civil, commercial and tax law.
8. Data Processing as Part of a Video Conference System (without Webinars)
The following contains information about the processing of your personal data:
We use the MS Teams video conference system. This involves processing your login data, video and audio data, shared documents and, when using the chat function, textual information. In this context, we process the information you provide for the purpose of conducting a video conference on the basis of Article 6(1), Sentence 1, Point (b), GDPR, or, in the case of a job interview, on the basis of Section 26 BDSG (German Data Protection Act) / Article 6(1), Sentence 1, Point (a), GDPR.
In addition, log data may be collected by the provider of the video conferencing software (MS Teams). The logs contain the following information:
» IP address, surname, first name, e-mail address, potential group affiliation
» Date, time and duration of the access
» Browser, operating system, installed Plug-ins and monitor resolution
No further data, in particular no service data or behaviour and/or health data, are stored in the Microsoft-Cloud.
The aforementioned data are processed by the provider on the basis of a justified interest in accordance with Article 6(1), Sentence 1, Point (f), GDPR, for the following purposes:
» Guaranteeing a smooth connection set up of the conference system
» Guaranteeing comfortable use of the conference system
» Evaluating system security and stability as well as for other administrative purposes
Your personal data shall, in part, be forwarded to external service providers (e.g. tax advisers, legal advisers). External IT service providers may, in part, gain access your data (as part of commissioned order data processing in accordance with Article 28 GDPR). In this case, the service providers act in accordance with instructions. This has been guaranteed by way of corresponding contracts. These service providers are, in part, located outside the EU/EEA. These service providers guarantee an appropriate level of data protection by entering into EU standard contract clauses.
Forwarding / Service Providers
The provider of the video conferencing system, Microsoft Corporation, is partly located outside the EU/EEA. An order processing agreement has been entered into with this provider, which binds the service provider to us. According to a contractual commitment by Microsoft, data processing is performed exclusively in the EU. Additionally entering into EU standard contractual clauses ensures an appropriate level of data protection if transferring data to a third country is necessary.
Your personal data shall not be forwarded to other third parties beyond the described framework without your express consent.
Storing and Deleting Data
We do not record, save or stream any image and/or audio data during the video conference. In principle, your data shall only be stored for as long as it is necessary to conduct the video conference. No data shall be stored following conclusion of the video conference.
9. Data Processing as Part of the Application Procedure
We process your personal data in conjunction with the implementation of your application procedure and to check your potential work-related employability. In this respect we process the information you provide for the purpose of making a well-founded personnel decision on the basis of Section 26 BDSG and Article 6(1), Sentence 1, Point (b), GDPR. Evaluations based on objective, non-discriminatory, criteria are additionally stored. Insofar as this is permissible in individual cases, publicly available personal data about you are also stored.
The data you provide are required to implement the application process. We cannot consider your application without such data.
Forwarding / Service Providers
Your personal data shall be forwarded to other companies in our Group as external service providers to support us in the personnel selection process. External IT service providers may, in part, access your data. In all cases, the service providers act in accordance with instructions, which has been guaranteed by way of corresponding contracts. These service providers are, in part, located outside the EU/EEA. These service providers guarantee an appropriate level of data protection by entering into EU standard contract clauses.
Storing and Deleting Data
Your data will be retained for as long as is necessary for the aforementioned purposes of the personnel selection procedure. If you object to the data processing during the personnel selection procedure, the data shall be deleted unless otherwise required by law.
The data shall then be deleted following the end of the application procedure and expiry of any legal action periods, unless you have given your consent to save your application for further job offers. Unsolicited applications are stored for a maximum of six months or until you revoke your consent and are then deleted.
10. Liability for Own Content
The contents of these pages were created with the greatest care. However, we cannot provide a guarantee to the extent that the content is accurate, complete or up-to-date. As a service provider we are responsible for our own content in accordance with the general laws.
11. Liability for Links (External Supplier Content)
A distinction must be made between our own content and cross-references ("links") to content provided by other providers. The respective supplier, or operator, of the websites is responsible at all times for the content of the linked pages.
12. YouTube
Our website uses Plug-ins from the YouTube site operated by Google for marketing purposes. The operator is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. A connection is established to the YouTube servers when you visit our website equipped with the YouTube Plug-in. In the process the YouTube server is informed of the IP address of the visitors to our website as well as which of our pages you have visited, provided you have given us your consent to the collection and transmission of your personal data in accordance with Article 6(1), Point (a), GDPR. This applies regardless of whether or not you have a YouTube user account. If you have logged into your YouTube account, you enable YouTube to directly allocate your surf behaviour to your personal profile. You can prevent this by logging out of your YouTube account. Further information on the handling of user data can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy [external page].
13. Google Maps
We give you the option of using Google Maps to facilitate your journey, display maps and create directions on the legal basis of your consent (Article 6(1), Point (a), GDPR). Google Maps is operated by Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. These pages shall be displayed to you accordingly. If you visit a website on which Google Maps is embedded in our website and activate it, a connection shall be established to Google's servers and your IP and browser data are transmitted to Google. By using this service, you also consent to the processing by Google of the data you enter in that respect. The terms of use of Google Maps can be found at http://www.google.com/intl/de_de/help/terms_maps.html [external page].
14. SSL Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential information such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted link in that the address line of the browser changes from "http://" to "https://" and via the padlock symbol in your browser line.
If the SSL or TLS encryption is activated, the data that you forward to us cannot be read by third parties.
15. Data Subjects' Rights
We are hereby informing you that in accordance with Article 15 et seq. GDPR and the conditions set out therein, you have the right, in dealings with us, to information about the respective personal data, as well as the right to rectification or erasure or restriction of processing or a right to object to processing, as well as the right to data portability. You also have the right to lodge a complaint with a data protection supervisory authority in accordance with Article 77 GDPR if you consider that the processing of personal data concerning you violates this regulation. Furthermore, if the processing is based on Article 6(1), Point (a), GDPR, or Article 9(2), Point (a), GDPR, (consent), you have the right to withdraw your consent at any time without affecting the lawfulness of the processing performed on the basis of the consent up until the withdrawal.
16. Amending our Data Protection Provisions
We reserve the right to occasionally amend this Data Protection Policy so that it complies with the current legal requirements at all times or to implement changes to our services in the Data Protection Policy, e.g. when introducing new services. The new Data Protection Policy shall then apply to your next visit.
17. Questions and Contacting the Data Protection Officer
If you have any questions regarding the processing of your personal data, you can contact our Data Protection Officer directly, who is also available with his team in the event of requests for information, applications or complaints:
Rennings Umsetzungsberatung Neuss
Daniela Rennings
Am Hagelkreuz 6
41469 Neuss
Tel.: +49 (0) 211-87 939 160
Email: dsb@run-neuss.de