[vc_row][vc_column width=”1/1″][vc_column_text]
Data privacy policy
1 Name and contact details of data controller
The controller with regards to the General Data Protection Regulation (GDPR) and national data protection laws and standards is:
Zentor GmbH, represented by Dr. Valentin Schellhaas
Atelierstr. 29 / Werk 1
81671 Munich
Germany
Phone: +49 (89) 32405287
email: info[at]zentor.me
Website: www.zentor.me
2 Principles of data processing
2.1 Scope of processing personal data
We generally only process personal data to the extent of which it is necessary to deliver and operate a functional website and online platform as well as to provide our content and services. The processing of personal data of a user (in general) is based on the consent of that user, except when a prior consent cannot be obtained by factual reasons or if the processing of data is allowed by law.
2.2 Legal basis for processing personal data
In cases of user consent for processing personal data, the legal basis can be found in Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR).
In cases that personal data is necessary for the performance of a contract to which the data subject is party, the legal basis for processing this data can be found in Art. 6 para. 1 lit. b of GDPR. This also applies for data processing for pre-contractual measures.
In cases personal data is necessary for compliance with legal obligations of our company, the legal basis for processing data can be found in Art. 6 para. 1 lit. c of GDPR.
In cases that personal data is necessary to protect vital interests of the data subject or another natural person, the legal basis for processing data can be found in Art. 6 para. 1 lit. d of GDPR.
In cases that processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and the interests outweigh the interests or fundamental rights and freedoms of the data subject which require protection of personal data, the legal basis for processing personal data can be found in Art. 6 para. 1 lit. f of GDPR.
2.3 Data erasure and duration of storage
Personal data of data subjects will be deleted or blocked once the basis for processing and storing has served its purpose. Storage of data can occur if European or national legislators advise data storage in regulation, law and guiding principles to which the controlled is required to abide to. Data will also be erased or blocked, if the legal or regulatory time limit for data storage is exceeded, except when keeping the data is required for contract execution or performance duration.
3 Provision of the website and creation of log files
3.1 Scope of personal data processing
Every time you access our website, our system automatically records data and information from the requesting computer or mobile device.
Therefore the following data are collected:
- Information on the browser type and version
- The user’s operating system
- The user’s Internet Service Provider
- The user’s IP address
- Date and time of the access
- Websites, from which the user’s system has reached our website
- Websites, which where accessed by the user’s system through our website
This data is saved to our system’s log files. This does not apply to the user’s IP address or any other data which can be associated with a user. This data will not be stored together with other personal data
3.2 Legal basis for data processing
The legal basis for the temporary storage of the data can be found in Art. 6 para. 1 lit. f GDPR.
3.3 Purpose of data processing
The temporary storage of the IP address is required to deliver the website to the user’s system. For this, the IP address needs to be stored for the duration of each session.
The purpose of storing data in log files is to ensure technical functionality of our website. In addition, the data enables us to optimize our website and to ensure the security of our IT systems. We do not process this data for marketing purposes.
The purposes constitute legitimate interests for data processing according to Art. 6 para. 1 lit. f GDPR.
3.4 Duration of data processing
The data will be deleted once the purpose for processing and storage has become obsolete. In the case of delivering the website to the user’s system it is when the session ends.
In the case of data processing in log files, this occurs latest after seven days. In some instances, the duration of processing and data storage can occur, in which case the IP address will be altered or deleted, so that it cannot be traced backed to the individual client.
3.5 Right to object or delete
Processing of data is a technical requirement for the delivery of the website and storage of data in log files is necessary to operate the platform. Due to this requirement, the user cannot object to this data processing.
4 Use of Cookies
4.1 Scope of data processing
On our website we use so called „Cookies“. Cookies are small text files that are stored on your computer or mobile device. If a user accesses our website, Cookies may be stored on the operating system of the users. These Cookies contain a string of characteristic numbers and letters which enable a unique identification of the browser at subsequent visits to our site.
We employ Cookies in order for our websiteto be more user friendly. Some elements of our website require the browser to be identified also after moving to another site.
The following data are processed and stored in these Cookies:
- Language settings
- Pages visited on our Website
If a user of our platform registers on our website with a user account (also cf. section 6 of this privacy policy), we additionally employ cookies for the technical operation of this website. Core features or out platform require to match the registered user to relevant content (such as projects, activities, events, resources, groups, comments, etc.) on our website and to track usage of the account.
The following data are processed and stored in these Cookies:
- Login data
- Search terms entered
- Frequency of individual page visits
- Use of website functions and features
For the technical operation of our platform we have contracted the cloud service provider Google Firebase, consequently data generated by the Cookie will be transferred to Firebase according to our Data Processing Addendum with the service provider. This data is usually transferred to server locations of Google in the USA and stored there.
With registration on our platform, the user is informed about the use of Cookies and the data transfer to Firebase, and a user consent for personal data processing in this context is obtained. The information also holds a reference to this privacy policy.
4.2 Legal basis for data processing
The legal basis for personal data processing via Cookies which are necessary for technical purposes can be found in Art. 6 para. 1 lit. f GDPR.
The legal basis for personal data processing via Cookies for analytical purposes based on informed user consent can be found in Art. 6 para. 1 lit. a GDPR.
The recipient of this processed data is Google. To ensure compliance with existing data processing regulation, any data processing is based on standardized contracts with subcontractors.
4.3 Purpose of data processing
Cookies are a technical necessity to allow the user to use our website. Core functions on our website cannot be offered without employing Cookies. To use our website, it is necessary that a browser is identified again after moving from one page of our website to another and that a user can be matched to relevant content on our platform.
Cookies are used for certain core functions including:
- Storage of language preferences
- Storage of search terms
- Matching of users to platform content (such as projects, activities, events, resources, groups, comments, etc.) for which the user expresses interest
- Suggestions of further relevant content on our platform
The purpose of using Cookies is to provide our users with a tailored offering on our website, display previously visited content, provide updates about relevant content and continuously improve the quality of our platform and content. A central goal of our platform is to match users to purposeful projects and activities and Cookies allows us to improve the selection and preference of this content.
These purposes constiute a legitimate interest for processing personal data based on Art. 6 para. 1 lit. f GDPR.
4.4 Duration of storage, right to object and delete
Cookies are stored on the user’s system and are transferred from that system to our website. Consequently, you hold full control over the use of Cookies on your system. By adjusting the settings of your internet browser, you can deactivate or limit the transfer of Cookies. Previously stored Cookies can be deleted any time. This can also be done automatically. Deactivating Cookies for our website, might disable certain functions of our platform.
5 Newsletter sending and tracking
5.1 Scope of data processing
On our platform, we offer a complimentary service to sign-up for a newsletter which informs users about purposeful content on our platform. When registering for the newsletter, data from the sign-up forms will be transferred to us and our email service provider MailChimmp. This data may also be transferred to server locations of MailChimp in the USA.
Data processed during the sign-up to our newsletter contains:
- Salutation
- First and last name
- Email address
- Interest for certain services on our platform, e.g. a personal consultation
- Source of the sign-up
- Date and time of sign-up
After signing up we employ a so-called Double Opt-In (DOI), in which the user receives a first email asking to confirm the email address with a click on a button. With successful DOI we regularly send a newsletter to users informing them about new content (such as projects, activities, events, resources, groups, comments, etc.) and updates to existing content. To keep proof of the DOI, control over relevant content for the user and to analyse the user reactions to our emails the following data is processed and stored by our email service provider Mailchimp:
- Language settings
- Preferred email client and email format
- Email campaign ID
- Reactions to email campaigns (e.g. open, click)
- Date and time of the reaction
- IP address
- Geo data
For the technical operation of sending emails and tracking responses we have contracted the use of the email service provider MailChimp, consequently data employed for sending and tracking the newsletter will be transferred to MailChimp according to our Data Processing Addendum with the service provider. This data is usually transferred to server locations of MailChimp in the USA and stored there. The data is only being used to send, manage and analyse the newsletter.
If a link from the newsletter takes you to our website, you will also be deemed to have permitted us to process and use your IP-address, geo-data, web beacons or similar technologies in order to check whether the content which is sent to you is in accordance with your requirements.
With the sign-up to the newsletter on our platform, the user is informed about the processing of data and transfer to MailChimp, and a user consent for personal data processing in this context is obtained. The information also holds a reference to this privacy policy.
5.2 Legal basis for data processing
The legal basis for personal data processing for the purpose of sending and tracking the newsletter based on informed user consent can be found in Art. 6 para. 1 lit. a GDPR.
The recipient of this processed data is the Rocket Science Group LLC d/b/a MailChimp („MailChimp“). To ensure compliance with existing data processing regulation, any data processing is based on standardized contracts with subcontractors.
5.3 Purpose of data processing
The purpose of processing the user’s emails is to deliver the newsletter.
The purpose of processing personal data in the context of sign-up is to inform the user about relevant content on our platform. In addition, the data is being used to avoid misuse of our platform and/or of the email address used. The purpose of processing other data after sign-up is to control frequency of our newsletter and optimize the quality and content of our newsletter campaigns.
5.4 Duration of storage
Data in the context of the newsletter will be deleted once the basis for processing and storing the data has served its purpose. The email address as well as personal data are thus stored for as long as the user remains a subscriber to the newsletter. Additional data to control the newsletter will be deleted once the frequency and quality of an email campaign has been optimised, latest after 12 months.
5.5 Right to object and delete
Subscription to the newsletter can be cancelled at any time by the user. A corresponding link can be found in each newsletter.
The consent to processing personal data given at sign-up can be revoked anytime by deleting the user account. A corresponding link can be found in the profile section of the user account.
6 Registration on the platform
6.1 Scope of data processing
On our website we offer users the option to create a user account with personal data and to register for the closed member area of our platform. In the closed member area, users can view the user name and as applicable also the picture and further profile information. The data is generated via an input form and processed and stored by us and our cloud service provider Google Firebase and their sub processors (see list here). This data can be transferred in parts or whole to Google server locations in the USA.
The following data is processed during registration and is stored in the user account with subsequent use of our platform:
- Salutation
- First and last name
- User name
- A unique user ID
- User role
- Email address
- Profile picture or avatar
- Region and/or postal code of user’s given location
- Language setting
- Optional: Categories for (hobby or professional) interests of the user
- Optional: Replies of the user to a set of standardised questions wrt preference of projects and activities
- Date and time of consent for registration, newsletter, creating own content, and recommending content to others
- User generated content and comments
At the point of registration, the following data is processed additionally:
- IP address of the user
- Information about internet browser, operating system and hardware
- Date and time of the registration
For the technical process of registration, storage of the user account, and operation of our platform we have contracted the cloud service provider Google Firebase, consequently data generated in the context of registration and use of the user profile will be transferred to Firebase according to our Data Processing Addendum with the service provider. This data is usually transferred to server locations of Google in the USA and stored there. The data is exclusively used for registration and operation of our service. In the closed member area, users can view the user name and as applicable also the picture and further profile information.
With registration on our platform, the user is informed about the use of said data and transfer to Firebase, and a user consent for personal data processing in this context is obtained. The information also holds a reference to this privacy policy.
6.2 Legal basis for data processing
The legal basis for personal data processing based on informed user consent can be found in Art. 6 para. 1 lit. a GDPR.
The recipient of this processed data is Google. To ensure compliance with existing data processing regulation, any data processing is based on standardized contracts with subcontractors.
After registration, we may offer the user an option to purchase premium services from our platform. In this case, data obtained through registration is used for execution and performance of a contract or for precontractual measures; the legal basis for processing personal data in this case can be found in Art. 6 para. 1 b GDPR.
6.3 Purpose of data processing
The registration of a user is a key necessity to provide certain content and services, and to operate our platform.
The main goal of our platform is to provide to our users purposeful content (such as projects, activities, events, resources, groups, comments, etc.) for our users, allow them to create their own projects, and enable users with similar interests to form groups. Core functionality of our platform thereby is to suggest relevant content to our users, allow them to join said content, manage progress of projects, and join groups. All these functions require us to be able to identify the user over time, and thus processing and storage of user data for the duration of the registration.
If a contract for a premium offering on our platform (e.g. premium content or in-person consultation) is initiated after registration, this data is additionally necessary to execute and perform a contract with the user or for precontractual measures.
6.4 Duration of data processing
Data in the context of registration will be deleted once the basis for processing and storing the data has served its purpose.
This will occur, when the registration on the platform is cancelled or altered or when the user account gets deleted.
If a contract for a premium offering on our platform is initiated after registration, any data relevant for performance or a contract or precontractual measure will be deleted when the data is not required any longer for executing the contract. Certain contractual, legal or regulatory requirements may require us, however, to store data even after a contract has been executed.
6.5 Right to object and delete
As user, you can always cancel the registration by deleting the user account. Any data stored in the profile or account can also be changed by the user.
Deleting the account or changing user data can directly be done in the user profile.
In case this data is required to execute a contract or for precontractual measures, deletion of data is only possible if there are no opposing contractual, legal, or regulatory reasons.
7 Creating own content (incl. comments)
7.1 Scope of data processing
On our platform we provide the functionality to our user to create – with the use of their user profile – own content (such as projects, activities, events, resources, groups, comments, etc.) and to publish comments in existing content. If the user decides to make use of this functionality, any user generated content and comments will be made available to other users in the closed member area of our platform in conjunction with the user name of the author. Such data is obtained via input forms on our platform and is processed by us and transferred to and stored by our cloud service provider Google Firebase. In that context the data can be transferred in parts or as a whole to Google server locations in the USA.
The following data is processed with the creation and updating of content (incl. comments) and is stored:
- user account
- Free text information of each content, such as title, description, weblinks, and – as applicable – milestones, dates, addresses, costs, and contact details
- Classification of each content by category and type of content, including language, and region
- An icon, picture or logo of the content
- Interdependence of content (e.g. activities which belong to a project)
- Free text comments to certain content
- User names (and respective IDs), of those users, who express an interest in a certain content or join a project or group
- Date and time of creation and last update of a content
For the technical process of creating and providing content (incl. comments) on our platform we have contracted the cloud service provider Google Firebase, consequently data generated in the context of content creation will be transferred to Firebase according to our Data Processing Addendum with the service provider. This data is usually transferred to server locations of Google in the USA and stored there. In the closed member area, users can view user generated content in combination with the author’s user name and profile picture/avatar. The data is exclusively used for creating and providing content on our platform.
With registration on our platform, the user is informed about the use of said data and transfer to Firebase, and a user consent for personal data processing in this context is obtained. The information also holds a reference to this privacy policy.
7.2 Legal basis for data processing
The legal basis for personal data processing based on informed user consent can be found in Art. 6 para. 1 lit. a GDPR.
The recipient of this processed data is Google. To ensure compliance with existing data processing regulation, any data processing is based on standardized contracts with subcontractors.
7.3 Purpose of data processing
Allowing users to create their own content and comment on others’ content is a core feature of our platform. To allow the forming of groups and foster interaction amongst users with similar interests in our closed member area, it is a technical necessity to be able to map users to their generated content (incl. comments) and identify users. Therefore, processing of this data is essential for operating our platform.
The main goal of our platform is to provide to our users purposeful content (such as projects, activities, events, resources, groups, comments, etc.) for our users, allow them to create their own projects/content, and enable users with similar interests to form groups. Core functionality of our platform thereby is to suggest relevant content to our users, allow them to join said content, manage progress of projects, and join groups. All these functions require us to be able to identify the user over time, and thus processing and storage of user data for the duration of the registration.
7.4 Duration of data processing
Data in the context of creating content will be deleted once the basis for processing and storing the data has served its purpose.
This will occur, when the created content is deleted or altered.
7.5 Right to object or delete
As a user, you can always delete or alter your user generated content. In addition you also delete al personal data by deleting the user account.
Deleting or changing user generated content can be done directly on the pages of the relevant content (i.e. project page or activity page); deleting the account or changing user data directly your user profile.
8 Functionality to recommend and communicate via email
8.1 Scope of data processing
Our platform offers certain functionality, which allows users to recommend content (such as projects, activities, events, resources, groups, comments, etc.) on our platform to others via email. If a user makes use of that functionality, data collected through the recommendation form will be processed by us, transferred to our email service provider MailChimp and eventually forwarded via email to the recipient of the recommendation (as entered by the user). This data can be transferred in parts or as a whole to server locations of MailChimp in the USA.
With use of the recommendation form and functionality, the following data is processed and stored:
- Profile data of the user
- Email address of the person, who is the target subject of receiving the recommendation
- Object of the recommendation, i.e. name, description, and details of the targeted content
At the point of use of the recommendation, the following data is processed additionally:
- IP address of the user
- Information about internet browser, operating sytem and hardware
- Date and time of the recommendation
For the technical operation of sending recommendation emails and tracking responses we have contracted the use of the email service provider MailChimp, consequently data employed for sending and tracking emails will be transferred to MailChimp according to our Data Processing Addendum with the service provider. This data is usually transferred to server locations of MailChimp in the USA and stored there. The data is only being used to send, manage and analyse emails.
When using the recommendation form, the user is informed about the processing of data and transfer to MailChimp, and a user consent for personal data processing in this context is obtained. The information also holds a reference to this privacy policy.
8.2 Legal basis for data processing
The legal basis for personal data processing for the purpose of sending and tracking the email recommendation based on informed user consent can be found in Art. 6 para. 1 lit. a GDPR.
The recipient of this processed data is the Rocket Science Group LLC d/b/a MailChimp („MailChimp“). To ensure compliance with existing data processing regulation, any data processing is based on standardized contracts with subcontractors.
8.3 Purpose of data processing
The purpose of processing the user recommendation request is to deliver the recommended content on our platform to another person. In the case of initiating a contact via email this also constitutes a legitimate interest for processing data.
The purpose of personal data being processed during the handling of the request and the sending of the recommendation is to be able to deliver the recommendation vial email and to ensure proper use of the functionality and the integrity of our IT systems.
8.4 Duration of data processing
Data in the context of recommending content will be deleted once the basis for processing and storing the data has served its purpose.
In this case this occurs, when the email conversation initiated by the user from our servers (or the ones from our email service provider) to the recipient has been completed and the topic has been resolved.
The additional data which is processed at the point of using the recommendation functionality will be deleted latest after 7 days.
8.5 Right to object or delete
As a user, you can always object to processing of personal data by deleting the user account. If you initiate contact via email with us, you can also object to processing and storing of personal data (our email address can be found at the top of this page).
Deleting the account or changing user data can directly be done in your user profile.
9 Webanalysis via Google Analytics
9.1 Scope of data processing
On our website we use certain functionality of Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses Cookies (cf above), which are text files placed on your computer, to help the website analyse how users interact with the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We would like to point out that on this website Google Analytics has been extended to include IP anonymisation in order to ensure anonymous collection of IP addresses (so-called IP masking).
When accessing individual pages on our website, the following data is processed and stored:
- IP address of the user
- Information about browser, operating system and hardware of the user’s system
- The accessed website and individual (sub-)pages
- The website, through the user has arrived on our website (referrer)
- Time on site
- Frequency of accessing the website
- The use of selected functionality of our platform
9.2 Legal basis for data processing
The legal basis for processing personal data can be found in Art. 6 para. 1 lit. f GDPR, or in the case of explicit consent in Art. 6 para. 1 lit. a GDPR.
The recipient of the collected data is Google. To ensure compliance with existing data processing regulation, any data processing is based on standardized contracts with subcontractors.
9.3 Purpose of data processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.
Based on the analyses and reports, we can compile insights on the use of individual components of our website and functions of our platform. This allows us to continuously improve our service and usability. Herein also lies our legitimate interest to process such data according to Art. 6 para. 1 lit. f GDPR. By anonymising the IP address we sufficiently account for the user’s interest in personal data protection.
9.4 Duration of data processing
The data will be deleted, once the purpose for storing has become obsolete. The data sent by us and linked to cookies, user-identifiers or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
9.5 Right to object or delete
Cookies are stored on the user’s system and are transferred to our site. Therefore, you hold full control over the use of Cookies. You can revoke your consent at any time with effect for the future by blocking the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functionalities of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the Browser Add-on. The add-on will prevent future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt-out on all systems used.
You can also prevent data processing and collection through Google Analytics by clicking on the following link. The link will generate an Opt-Out-Cookie, which will prevent future collection of your data when you visit this website: Deactivate Google Analytics.
10 Customer service interaction via tawk.to
10.1 Scope of data processing
Our platform offers certain functionality, which allows users to interact with customer service agents directly on our website, via phone, or email. If a user makes use of that functionality, data will be collected during the interaction, processed, and transferred to our customer service provider tawk.to. This data can be transferred in parts or as a whole to server locations of tawk.to in the USA and certain data sub processors tawk.to employs. For a list of sub processors see here: www.tawk.to/data-protection/sub-processors/
With use of the customer service interaction, the following data is processed and stored:
- Name of the user (if provided by user)
- Email address of user (if provided by user)
- User ID of the user (if provided by user)
- Content/message of the interaction
In addition, the following data is automatically processed:
- IP address of the user
- Information about internet browser, operating sytem, hardware and location of the user
- Date and time of interaction
For the technical operation of interaction with our customer agents we have contracted the use of the service provider tawk.to, consequently data employed for sending and tracking emails will be transferred to tawk.to. This data is usually transferred to server locations of tawk.to and its sub processor in the USA and stored there. The data is only being used to manage the interaction between customer agent and user.
When using the customer interaction, the user is informed about the processing of data with tawk.to and a user consent for personal data processing in this context is obtained. The information also holds a reference to this privacy policy.
10.2 Legal basis for data processing
The legal basis for personal data processing for the purpose of sending and tracking the email recommendation based on informed user consent can be found in Art. 6 para. 1 lit. a GDPR.
The recipient of this processed data is tawk.to Inc. To ensure compliance with existing data processing regulation, any data processing is based on standardized contracts with subcontractors.
10.3 Purpose of data processing
The purpose of processing the user data in this context is technical requirement to be able to provide customer service interaction directly on our platform. In the case of initiating a contact via a customer service interaction this also constitutes a legitimate interest for processing data.
10.4 Duration of data processing
Data in the context of customer service interaction will be deleted once the basis for processing and storing the data has served its purpose.
In this case this occurs, when the customer service interaction conversation initiated by the user or the agent has been completed and the topic has been resolved.
Any additional data which is processed at the point of using the customer service interaction functionality will be deleted latest after 7 days.
10.5 Right to object or delete
As a user, you can always object to processing of personal data by deleting the user account. If you initiate contact via email with us, you can also object to processing and storing of personal data (our email address can be found at the top of this page).
Deleting the account or changing user data can directly be done in your user profile.
11 Online courses with the use of technology providers thinkific.com and teachable.com
11.1 Scope of data processing
On our website we offer online courses and classes to various topics (paid and unpaid). The technical implementation of these online courses is done by our technology partners Teachable Inc. („Teachable“) with the address 470 Park Avenue South, 6th Floor New York, NY 10016, USA and Thinkific Labs Inc. („Thinkific”) with the address 369 Terminal Ave, Vancouver, British Columbia, V6A 4C4, Canada. Our technology partners have their own terms & conditions which apply during the use of their services and which are linked at their respective check-out pages (for more information see teachable.com and thinkific.com).
When sign-up for our courses data from the input form will be processed and transmitted by Teachable and Thinkific respectively. This data may be transferred to server locations of Teachable in the USA or in the case of Thinkific to Canada.
The following data is being processed when signing up to the courses:
- name
- email address
- password (encrypted)
- course title, content and progress
- last 4 digits of the credit card (in case this was the method of purchase)
After signing up for a class, the email address may be used to confirm the booking of a course, and inform about progress and updates on the lessons.
For the technical implementation and operation of online courses we use Teachable and Thinkific as service providers, therefore data will be transferred to Teachable and Thinkific according to standardized data processing agreements. This data may also be transferred to and stored at servers in the USA with Teachable and Kanada with Thinkific. This data is only being used to offer and operate the online courses,
When signing up to a course, the user is informed about the data use and processing with Teachable and Thinkific , and a user consent for personal data processing in this context is obtained. The information also holds a reference to this privacy policy.
11.2 Legal basis for data processing
The legal basis for personal data processing for the purpose of sending and tracking the newsletter based on informed user consent can be found in Art. 6 para. 1 lit. a GDPR. The recipient of the data collected in this context is Techable or Thinkific, respectively. To ensure compliance with existing data processing regulation, any data processing is based on standardized contracts with subcontractors.
11.3 Purpose of data processing
The purpose of processing the user’s email and password is to authenticate the login of each user and deliver the content of the courses.
The purpose of processing personal data in the context of sign-up is to inform the user about relevant content with regard to the online courses. In addition, the data is being used to avoid misuse of the course platform. Further data is being used to improve quality and extend content of the online courses.
11.4 Duration of storage, right to object and delete
Data in the context of the online courses will be deleted once the basis for processing and storing the data has served its purpose. The email address and personal data will consequently be stored as long as the account of the user remains active on Teachable or Thinkific.
The consent to processing personal data given at sign-up can be revoked anytime by deleting the user account. A corresponding link can be found in the profile section of the user account.
12. Facebook Pixel
We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website. This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/ . You can allow Facebook and its partners to place ads on and off Facebook.
A cookie may also be stored on your computer for these purposes. The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.
We guarantee the adequacy of data transfer to the third country USA through the agreement of EU standard contractual clauses.
You can find further information about Facebooks data processing as well about options to object and delete here: https://de-de.facebook.com/policy.php
13 Rights of the user
If your personal data is processed you are a data subject wrt GDPR and have certain rights vis-a-vis the controller.
13.1 Right to object
You have the right to object, on the grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on letter e and f of Art. 6 I GDPR, including profiling based on those provisions.
We will then no longer process your personal data unless we demonstrate compelling legitimate reasons for this processing which override your interests, rights and freedoms as a data subject or for the establishment, exercise or defence of legal claims.
If we process your personal data for direct marketing purposes, you have the right to object at any time. In this case we will no longer process your personal data for such purposes.
In context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
13.2 Further rights
We ensure a fair processing of your personal data. In addition to the right to object to object, you also have the following rights as a data subject:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
To exercise your rights, you can write an E-Mail to datapolicy@zentor.me. Please note that we will process your personal data pursuant to Art. 6 I c GDPR in order to be able to process your request and for identification purposes.
Furthermore you may file a complaint with a supervisory authority.
14 Disclaimer and limits of this privacy policy
This privacy information notice merely applies to processing by the website „http://zentor.me“. Other websites are not covered by this privacy information notice. We reserve the right to amend and change the contents of the privacy information notice at any time. You will be able to see the latest version of this privacy information notice on our website at any time.[/vc_column_text][/vc_column][/vc_row]