As of:<\/strong> 31 May 2026<\/p>\n\n\n\n We are pleased about your visit to one of our online services. Protecting your personal data is important to us. In this privacy policy, we inform you about the nature, scope and purpose of the processing of personal data carried out in connection with our online services, as well as your rights as a data subject.<\/p>\n\n\n\n This privacy policy applies uniformly to all online services of zentor GmbH:<\/p>\n\n\n\n Where a processing activity only concerns a particular subdomain, we explicitly point this out in the respective section.<\/p>\n\n\n\n The controller within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other data protection regulations is:<\/p>\n\n\n\n zentor GmbH<\/strong> represented by managing director Dr. Valentin Schellhaas Reifenstuelstra\u00dfe 4 80469 Munich Germany<\/p>\n\n\n\n Phone: +49 (89) 32405287 Email: datenschutz@zentor.de<\/a> Website: https:\/\/zentor.de<\/a><\/p>\n\n\n\n zentor GmbH has not appointed a Data Protection Officer. The statutory conditions requiring such an appointment (in particular \u00a7 38 BDSG: regular employment of at least 20 persons engaged in the automated processing of personal data; Art. 37(1) GDPR: no extensive processing of special categories of personal data as a core activity) are not met. Please direct data protection inquiries to the email address listed above.<\/p>\n\n\n\n We process personal data of our users only insofar as this is necessary to provide a functional website and to provide our content and services. The processing of personal data is regularly carried out only with the user’s consent or on another suitable legal basis.<\/p>\n\n\n\n Where we obtain consent for processing operations, Art. 6(1)(a) GDPR<\/strong> serves as the legal basis.<\/p>\n\n\n\n For processing necessary for the performance of a contract to which the data subject is a party, as well as for taking pre-contractual steps, Art. 6(1)(b) GDPR<\/strong> serves as the legal basis.<\/p>\n\n\n\n Where processing is necessary to comply with a legal obligation (e.g. commercial or tax-related retention obligations), Art. 6(1)(c) GDPR<\/strong> serves as the legal basis.<\/p>\n\n\n\n Where processing is necessary to safeguard a legitimate interest of our company or a third party, and the interests, fundamental rights and freedoms of the data subject do not override that legitimate interest, Art. 6(1)(f) GDPR<\/strong> serves as the legal basis.<\/p>\n\n\n\n Personal data are erased or blocked as soon as the purpose of storage no longer applies. Longer storage may take place if this has been provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject (e.g. commercial retention periods of 6 years, tax-related periods of 10 years). Blocking or erasure of the data also takes place when a storage period prescribed by the aforementioned norms expires, unless further storage of the data is necessary for the conclusion or performance of a contract.<\/p>\n\n\n\n In this privacy policy, we use the terms defined in Art. 4 GDPR (e.g. “personal data”, “processing”, “controller”, “processor”, “consent”).<\/p>\n\n\n\n With every access to one of our online services, our system automatically collects data and information from the computer system of the accessing device. The following data are collected:<\/p>\n\n\n\n The data are stored in the log files of our system. Storage of these data together with other personal data of the user does not take place.<\/p>\n\n\n\n Our online services run on the following infrastructure:<\/p>\n\n\n\n With both providers, we have concluded data processing agreements pursuant to Art. 28 GDPR. In the case of AWS, the EU Standard Contractual Clauses pursuant to Art. 46 GDPR are also part of the contract, and AWS is certified under the EU-US Data Privacy Framework<\/strong>.<\/p>\n\n\n\n The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR. The temporary storage of the IP address by the system is necessary in order to enable the website to be delivered to the user’s computer. Storage in log files takes place to ensure the functionality of the website, to optimise the websites, and to ensure the security of our information technology systems. The data are not analysed for marketing purposes in this context.<\/p>\n\n\n\n Log file data are erased or anonymised after a maximum of 30 days<\/strong>.<\/p>\n\n\n\n The collection of data for the provision of the websites and the storage of the data in log files are essential for the operation of the websites. Consequently, the user has no right to object.<\/p>\n\n\n\n Our online services use cookies. Cookies are text files stored by the internet browser on the user’s computer system. When a user calls up our pages, a cookie may be stored on the user’s device. These contain characteristic strings that allow the browser to be uniquely identified when the website is accessed again.<\/p>\n\n\n\n We use technically necessary cookies to make our websites user-friendly. Optional cookies (e.g. for embedded third-party content or external services that set a cookie) are only set after the user’s explicit consent via our cookie banner.<\/p>\n\n\n\n The legal basis for technically necessary cookies is \u00a7 25(2) no. 2 TDDDG (the German Telecommunications-Digital-Services Data Protection Act) in conjunction with Art. 6(1)(f) GDPR. For optional cookies, \u00a7 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR (consent) applies.<\/p>\n\n\n\n Technically necessary cookies serve the functionality of the website (e.g. language settings, login state). They are usually deleted at the end of the browser session. Optional cookies serve the purpose required by the respective function; their storage duration is indicated in the cookie banner.<\/p>\n\n\n\n You can revoke or adjust your consent to cookies at any time via the cookie banner. You can additionally disable cookies in your browser settings. If cookies are disabled for our websites, some functions may no longer be fully usable.<\/p>\n\n\n\n This processing concerns On our main website, we operate an online shop. In the context of an order, we collect the following data:<\/p>\n\n\n\n The legal basis is Art. 6(1)(b) GDPR (contract initiation and performance). Where commercial and tax-related retention obligations apply, Art. 6(1)(c) GDPR serves as an additional legal basis.<\/p>\n\n\n\n The data are stored for the purpose of fulfilling the contract and for compliance with statutory retention obligations. Order data are retained for 6 or 10 years<\/strong> in accordance with \u00a7 257 HGB (German Commercial Code) and \u00a7 147 AO (German Fiscal Code) and then deleted.<\/p>\n\n\n\n Data are transmitted to the payment service providers mentioned in \u00a76 and, where applicable, to shipping providers (where necessary for delivery). Where statutory retention and reporting obligations apply, we disclose relevant order data to our tax advisor in the context of our mandate; our tax advisor is an independent controller and is subject to their own professional obligations (in particular \u00a7 203 StGB, German Criminal Code).<\/p>\n\n\n\n This processing concerns For the processing of payments by credit card and SEPA direct debit, we use the payment service provider Stripe Payments Europe Limited<\/strong>, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (parent company: Stripe, Inc., USA). Stripe is predominantly an independent controller (in particular for obligations relating to anti-money laundering and fraud prevention). To the extent that Stripe processes personal data on our behalf, a data processing agreement is in place with integrated Standard Contractual Clauses and a Data Transfers Addendum covering all three SCC modules.<\/p>\n\n\n\n Payment and identification data are transmitted to Stripe. The legal basis is Art. 6(1)(b) GDPR. Further information on processing at Stripe: https:\/\/stripe.com\/de\/privacy<\/a>.<\/p>\n\n\n\n If you choose PayPal as your payment method, your payment data will be transmitted to PayPal (Europe) S.\u00e0 r.l. et Cie, S.C.A.<\/strong>, 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal is an independent controller under the GDPR. The legal basis is Art. 6(1)(b) GDPR. Further information: https:\/\/www.paypal.com\/de\/legalhub\/privacy-full<\/a>.<\/p>\n\n\n\n This processing concerns You can register for our newsletter via the newsletter registration area on our main website. We use the Mailchimp<\/strong>service provided by Intuit Inc. \/ The Rocket Science Group LLC<\/strong>, 405 N. Angier Avenue NE, Atlanta, GA 30308, USA, for newsletter distribution. At sign-up, we collect:<\/p>\n\n\n\n During the course of newsletter distribution, additional reaction data (open rates, clicks, device information, approximate geolocation) may be collected in order to optimise content.<\/p>\n\n\n\n The legal basis is Art. 6(1)(a) GDPR (consent). Sign-up takes place via the double opt-in procedure \u2014 you receive a confirmation email after registration and must confirm your sign-up via a link. You can withdraw your consent at any time, for example via the unsubscribe link at the end of every newsletter.<\/p>\n\n\n\n A data processing agreement is in place with Mailchimp, integrated by way of click-through acceptance of the Mailchimp Standard Terms of Use (Art. 28(9) GDPR permits this electronic form). Mailchimp is certified under the EU-US Data Privacy Framework<\/strong> as a subsidiary of Intuit. The Mailchimp DPA additionally contains the EU Standard Contractual Clauses under Art. 46 GDPR.<\/p>\n\n\n\n This processing concerns Certain areas of our online services are only accessible after successful login with an email address and password. During registration and at login, we collect:<\/p>\n\n\n\n The legal basis is Art. 6(1)(b) GDPR (usage contract relationship) and additionally Art. 6(1)(f) GDPR (security of the login function).<\/p>\n\n\n\n User account data are stored for as long as your account exists. Upon cancellation, the account is deleted within a reasonable period, provided no retention obligations stand in the way. Login logs are anonymised or deleted after a maximum of 90 days.<\/p>\n\n\n\n This processing concerns For the provision of our online courses and associated content, we operate a Learning Management System (LMS)<\/strong>on our own hosting (AWS Frankfurt). In the context of your course participation, your user account, course progress, quiz results, certificates and time stamps of course interactions are stored. The data are processed exclusively on our hosting \u2014 no third-country transfer occurs in the course of LMS use.<\/p>\n\n\n\n The legal basis is Art. 6(1)(b) GDPR (provision of the contractually owed learning offering).<\/p>\n\n\n\n This processing concerns As part of our academy content, we offer diagnostic modules in which you can voluntarily answer questionnaires on personality, values and professional orientation. We collect:<\/p>\n\n\n\n The data are processed exclusively on our own hosting (AWS Frankfurt).<\/p>\n\n\n\n These diagnostic data do not, on their own, have a clinical character and do not constitute a medical or psychological health diagnosis. Out of an abundance of caution, and in order to honour your trust, we voluntarily treat these data as special categories of personal data<\/strong> within the meaning of Art. 9 GDPR. This means:<\/p>\n\n\n\n The diagnostic data are not transmitted to any third party \u2014 unless you have explicitly instructed us, for example, to share them with a coach or within the context of a B2B customer contract.<\/p>\n\n\n\n This processing concerns In parts of our academy, we offer AI-powered features (e.g. interactive learning assistance). When you use such a feature, the text of your query is transmitted via an API to our processor OpenAI Ireland Ltd.<\/strong>, 1st Floor, The Liffey Trust Centre, 117\u2013126 Sheriff Street Upper, Dublin 1, Ireland (parent company: OpenAI OpCo, LLC, USA), and processed there in order to generate the response.<\/p>\n\n\n\n A signed Data Processing Agreement (DPA)<\/strong> dated 3 May 2026 is in place with OpenAI Ireland Ltd., with integrated Standard Contractual Clauses (Module 2 and Module 3). OpenAI is, as a US group, certified under the EU-US Data Privacy Framework<\/strong>. OpenAI does not use API inputs to train its models (default for API customers).<\/p>\n\n\n\n The legal basis is Art. 6(1)(a) GDPR (consent via the cookie banner) or Art. 6(1)(b) GDPR for contractually owed AI features.<\/p>\n\n\n\n This processing concerns our online services where videos are embedded (typically on At individual points, we embed videos from the platforms YouTube<\/strong> (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, USA) and Vimeo<\/strong> (Vimeo.com, Inc., 330 West 34th Street, 5th Floor, New York, NY 10001, USA).<\/p>\n\n\n\n Video embedding only occurs after your explicit consent<\/strong> via our cookie banner. As long as you have not given this consent, videos are not loaded<\/strong> and no data are transmitted to YouTube or Vimeo.<\/p>\n\n\n\n Once you activate an embedded video, the following data are transmitted to the respective platform in particular:<\/p>\n\n\n\n The legal basis is Art. 6(1)(a) GDPR (consent). The purpose is the provision of audiovisual content as part of our learning and information offerings.<\/p>\n\n\n\n Both YouTube (via parent company Google LLC) and Vimeo process data in the USA. Both providers are certified under the EU-US Data Privacy Framework<\/strong>.<\/p>\n\n\n\n You can withdraw your consent at any time via the cookie banner. Videos that have already been loaded remain visible in the current browser session; on a subsequent visit without consent, the videos will not be loaded again.<\/p>\n\n\n\n This processing concerns To accelerate and protect our main website, we use the Content Delivery Network and DDoS protection of QUIC.cloud \/ LiteSpeed Technologies Inc.<\/strong>, 4885 Riverbend Road, Boulder, CO 80301, USA. When our pages are accessed, traffic is routed through Quic.cloud servers. In doing so, IP addresses of users, HTTP request data and, where applicable, cookie information are processed in order to deliver content faster and to defend against attacks on our website.<\/p>\n\n\n\n A data processing agreement with integrated protective safeguards is in place with Quic.cloud (click-through DPA, valid from 10 May 2024). The legal basis is Art. 6(1)(f) GDPR (legitimate interest in fast and secure delivery of the website).<\/p>\n\n\n\n This processing concerns all of our online services.<\/em><\/p>\n\n\n\n For the statistical analysis of website visits, we use the self-hosted open-source analytics tool Matomo<\/strong>, operated on our own server in Nuremberg, Germany. Matomo is operated in a cookieless mode<\/strong> ( Since Matomo does not set any cookies, no consent under \u00a7 25 TDDDG is required. Processing takes place on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in a privacy-friendly reach measurement. No personal data are transmitted to third parties; processing takes place exclusively on our own infrastructure in Germany.<\/p>\n\n\n\n This processing concerns data directed to us in the context of the business relationship via For our business communication, we use services provided by Microsoft Ireland Operations Limited<\/strong> (Microsoft 365: Exchange Online, Teams, OneDrive, SharePoint). The data residency of our tenant is configured to Germany<\/strong>; additionally, the EU Data Boundary<\/strong> is active for the services in use. A data processing agreement (Microsoft Products and Services Data Protection Addendum) with integrated Standard Contractual Clauses is in place with Microsoft. The legal basis is Art. 6(1)(b) GDPR (contractual communication) or Art. 6(1)(f) GDPR (other business communication).<\/p>\n\n\n\n Where personal data are transmitted to recipients in third countries (in particular the USA), this takes place on the basis of appropriate safeguards pursuant to Art. 46 GDPR. Specifically, we rely on:<\/p>\n\n\n\n The respective mechanisms are specifically identified in the third-party provider sections above.<\/p>\n\n\n\n If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-\u00e0-vis the controller:<\/p>\n\n\n\n You may request confirmation from the controller as to whether personal data concerning you are being processed by us. If such processing exists, you may request information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed, the envisaged storage duration, the existence of rights to rectification, erasure, restriction, objection and complaint, the origin of the data (if not collected from you), the existence of automated decision-making including profiling, as well as any third-country transfers.<\/p>\n\n\n\n You have a right to rectification and\/or completion vis-\u00e0-vis the controller, provided that the processed personal data concerning you are inaccurate or incomplete. The controller must carry out the rectification without delay.<\/p>\n\n\n\n You may request restriction of processing under certain conditions, for example if you contest the accuracy of the data, if the processing is unlawful and you object to erasure and request restriction of use instead, or if the controller no longer needs the data but you require it for the establishment, exercise or defence of legal claims.<\/p>\n\n\n\n You may request the controller to erase personal data concerning you without undue delay if one of the grounds listed in Art. 17(1) GDPR applies (data are no longer needed for the purposes; consent withdrawn in the absence of another legal basis; successful objection pursuant to Art. 21 GDPR; unlawful processing; legal erasure obligation; collection in the context of information society services offered to children). The right does not exist where processing is necessary for the exercise of the right to freedom of expression, for compliance with legal obligations, for reasons of public interest, or for the establishment, exercise or defence of legal claims.<\/p>\n\n\n\n If you have exercised the right to rectification, erasure or restriction of processing vis-\u00e0-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification, erasure or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.<\/p>\n\n\n\n You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format, provided that the processing is based on consent or a contract and is carried out by automated means. You additionally have the right to transmit those data to another controller without hindrance.<\/p>\n\n\n\n You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you carried out on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time; this also applies to profiling to the extent that it is connected with such direct marketing.<\/p>\n\n\n\n You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of the consent prior to its withdrawal.<\/p>\n\n\n\n You have the right not to be subject to a decision based solely on automated processing \u2014 including profiling \u2014 that produces legal effects concerning you or similarly significantly affects you. Such automated decision-making does not take place on our online services.<\/p>\n\n\n\n Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement. The supervisory authority competent for zentor GmbH is:<\/p>\n\n\n\n Bavarian State Office for Data Protection Supervision (BayLDA)<\/strong> Promenade 18 91522 Ansbach, Germany Phone: +49 (0) 981 53 1300 Email: poststelle@lda.bayern.de<\/a> Website: https:\/\/www.lda.bayern.de<\/a><\/p>\n\n\n\n This privacy policy has the date stated at the beginning of the document. Due to the further development of our online services or due to changed legal or regulatory requirements, it may become necessary to adapt this privacy policy. The respective current version can be accessed and printed at any time on our online services.<\/p>\n","protected":false},"excerpt":{"rendered":" Privacy Policy of zentor GmbH As of: 31 May 2026 We are pleased about your visit to one of our online services. Protecting your personal data is important to us. In this privacy policy, we inform you about the nature, scope and purpose of the processing of personal data carried out in connection with our online … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_price":"","_stock":"","_tribe_ticket_header":"","_tribe_default_ticket_provider":"","_tribe_ticket_capacity":"0","_ticket_start_date":"","_ticket_end_date":"","_tribe_ticket_show_description":"","_tribe_ticket_show_not_going":false,"_tribe_ticket_use_global_stock":"","_tribe_ticket_global_stock_level":"","_global_stock_mode":"","_global_stock_cap":"","_tribe_rsvp_for_event":"","_tribe_ticket_going_count":"","_tribe_ticket_not_going_count":"","_tribe_tickets_list":"[]","_tribe_ticket_has_attendee_info_fields":false,"footnotes":"","_tec_slr_enabled":"","_tec_slr_layout":""},"class_list":["post-79715","page","type-page","status-publish"],"ticketed":false,"_links":{"self":[{"href":"https:\/\/academy.zentor.de\/en\/wp-json\/wp\/v2\/pages\/79715","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/academy.zentor.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/academy.zentor.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/academy.zentor.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/academy.zentor.de\/en\/wp-json\/wp\/v2\/comments?post=79715"}],"version-history":[{"count":1,"href":"https:\/\/academy.zentor.de\/en\/wp-json\/wp\/v2\/pages\/79715\/revisions"}],"predecessor-version":[{"id":94662,"href":"https:\/\/academy.zentor.de\/en\/wp-json\/wp\/v2\/pages\/79715\/revisions\/94662"}],"wp:attachment":[{"href":"https:\/\/academy.zentor.de\/en\/wp-json\/wp\/v2\/media?parent=79715"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Scope<\/h2>\n\n\n\n
\n
zentor.de<\/code><\/strong>\u00a0(with redirect from\u00a0zentor.me<\/code>) \u2014 main website with information about us, blog and online shop<\/li>\n\n\n\nacademy.zentor.de<\/code><\/strong>\u00a0\u2014 learning platform with online courses and diagnostic modules<\/li>\n\n\n\nanalytics.zentor.de<\/code><\/strong>\u00a0\u2014 internal analytics tool (currently in development; will be supplemented at go-live with the functionalities actually active by then)<\/li>\n<\/ul>\n\n\n\n
\n\n\n\n1 Name and Address of the Controller<\/h2>\n\n\n\n
Data Protection Officer<\/h3>\n\n\n\n
\n\n\n\n2 General Information on Data Processing<\/h2>\n\n\n\n
2.1 Scope of Personal Data Processing<\/h3>\n\n\n\n
2.2 Legal Bases for the Processing of Personal Data<\/h3>\n\n\n\n
2.3 Data Erasure and Storage Duration<\/h3>\n\n\n\n
2.4 Definitions<\/h3>\n\n\n\n
\n\n\n\n3 Provision of the Websites and Creation of Log Files<\/h2>\n\n\n\n
3.1 Description and Scope of Data Processing<\/h3>\n\n\n\n
\n
3.2 Hosting<\/h3>\n\n\n\n
\n
zentor.de<\/code>,\u00a0analytics.zentor.de<\/code>, and a backup server for the academy<\/strong>\u00a0are hosted by\u00a0netcup GmbH<\/strong>, Daimlerstra\u00dfe 25, 76185 Karlsruhe, in a German data centre (location Nuremberg). No third-country transfer occurs in the course of hosting.<\/li>\n\n\n\nacademy.zentor.de<\/code><\/strong>\u00a0is hosted on cloud infrastructure operated by\u00a0Amazon Web Services EMEA SARL<\/strong>, 38 Avenue John F. Kennedy, L-1855 Luxembourg (parent company: Amazon Web Services, Inc., USA). Processing takes place in the AWS region Europe-Frankfurt (eu-central-1<\/code>).<\/li>\n<\/ul>\n\n\n\n3.3 Legal Basis and Purpose<\/h3>\n\n\n\n
3.4 Duration of Storage<\/h3>\n\n\n\n
3.5 Right to Object and to Have Data Removed<\/h3>\n\n\n\n
\n\n\n\n4 Use of Cookies<\/h2>\n\n\n\n
4.1 Description and Scope of Data Processing<\/h3>\n\n\n\n
4.2 Legal Basis<\/h3>\n\n\n\n
4.3 Purpose and Duration<\/h3>\n\n\n\n
4.4 Right to Object and to Have Data Removed<\/h3>\n\n\n\n
\n\n\n\n5 Online Shop and Ordering Process<\/h2>\n\n\n\n
zentor.de<\/code>.<\/em><\/p>\n\n\n\n5.1 Description and Scope<\/h3>\n\n\n\n
\n
5.2 Legal Basis<\/h3>\n\n\n\n
5.3 Purpose and Duration of Storage<\/h3>\n\n\n\n
5.4 Recipients \/ Disclosure<\/h3>\n\n\n\n
\n\n\n\n6 Payment Processing<\/h2>\n\n\n\n
zentor.de<\/code>.<\/em><\/p>\n\n\n\n6.1 Stripe (Credit Card and SEPA Payments)<\/h3>\n\n\n\n
6.2 PayPal<\/h3>\n\n\n\n
\n\n\n\n7 Newsletter Distribution<\/h2>\n\n\n\n
zentor.de<\/code>.<\/em><\/p>\n\n\n\n7.1 Description and Scope<\/h3>\n\n\n\n
\n
7.2 Legal Basis and Purpose<\/h3>\n\n\n\n
7.3 Data Processing and Third-Country Transfer<\/h3>\n\n\n\n
\n\n\n\n8 Login Area and Member Accounts<\/h2>\n\n\n\n
academy.zentor.de<\/code> and (at go-live) analytics.zentor.de<\/code>.<\/em><\/p>\n\n\n\n8.1 Description<\/h3>\n\n\n\n
\n
8.2 Legal Basis and Purpose<\/h3>\n\n\n\n
8.3 Duration of Storage<\/h3>\n\n\n\n
\n\n\n\n9 Learning Management System<\/h2>\n\n\n\n
academy.zentor.de<\/code>.<\/em><\/p>\n\n\n\n
\n\n\n\n10 Diagnostic Modules and Psychometric Questionnaires<\/h2>\n\n\n\n
academy.zentor.de<\/code>.<\/em><\/p>\n\n\n\n10.1 Description and Scope<\/h3>\n\n\n\n
\n
10.2 Heightened Protection \u2014 Voluntary Treatment as Art. 9 GDPR Data<\/h3>\n\n\n\n
\n
10.3 Recipients<\/h3>\n\n\n\n
\n\n\n\n11 AI-Powered Features<\/h2>\n\n\n\n
academy.zentor.de<\/code>.<\/em><\/p>\n\n\n\n
\n\n\n\n12 Embedded Videos (YouTube and Vimeo)<\/h2>\n\n\n\n
zentor.de<\/code> in the blog\/knowledge area and on academy.zentor.de<\/code> in course content).<\/em><\/p>\n\n\n\n12.1 Description and Scope<\/h3>\n\n\n\n
\n
12.2 Legal Basis and Purpose<\/h3>\n\n\n\n
12.3 Third-Country Transfer<\/h3>\n\n\n\n
12.4 Withdrawal<\/h3>\n\n\n\n
\n\n\n\n13 CDN and DDoS Protection<\/h2>\n\n\n\n
zentor.de<\/code>.<\/em><\/p>\n\n\n\n
\n\n\n\n14 Web Analytics<\/h2>\n\n\n\n
disableCookies()<\/code>), with anonymised IP address (anonymizeIP<\/code>) and respecting the Do-Not-Track header (respectDoNotTrack<\/code>).<\/p>\n\n\n\n
\n\n\n\n15 Business Communication and Back Office<\/h2>\n\n\n\n
zentor.de<\/code> and academy.zentor.de<\/code>.<\/em><\/p>\n\n\n\n
\n\n\n\n16 Third-Country Transfers<\/h2>\n\n\n\n
\n
\n\n\n\n17 Rights of the Data Subject<\/h2>\n\n\n\n
Right of Access (Art. 15 GDPR)<\/h3>\n\n\n\n
Right to Rectification (Art. 16 GDPR)<\/h3>\n\n\n\n
Right to Restriction of Processing (Art. 18 GDPR)<\/h3>\n\n\n\n
Right to Erasure (Art. 17 GDPR)<\/h3>\n\n\n\n
Right to Notification (Art. 19 GDPR)<\/h3>\n\n\n\n
Right to Data Portability (Art. 20 GDPR)<\/h3>\n\n\n\n
Right to Object (Art. 21 GDPR)<\/h3>\n\n\n\n
Right to Withdraw Consent (Art. 7(3) GDPR)<\/h3>\n\n\n\n
Automated Individual Decision-Making Including Profiling (Art. 22 GDPR)<\/h3>\n\n\n\n
Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)<\/h3>\n\n\n\n
\n\n\n\n18 Currency of This Privacy Policy<\/h2>\n\n\n\n