Status: 18.03.2022
1 OVERVIEW
The requirements of the EU Data Protection Regulation (hereinafter: DSGVO) apply throughout Europe. Please read our data protection declaration carefully.
The following data protection information informs you about the nature and extent of the processing of so-called personal data by ISM International School of Management GmbH (hereinafter: ISM). Which data is processed in detail and how it is used depends largely on the services you have requested or agreed upon. Therefore, not all parts of this information will apply to you. Personal data is information that can be directly or indirectly attributed to you or can be attributed to you.
Data processing by ISM can essentially be divided into two categories:
1. for the purpose of contract processing, all data required for the execution of a contract with ISM is processed. If external service providers are also involved in the processing of the contract, e.g. transport companies, your data will be passed on to them to the extent necessary in each case.
When you call up the ISM website/application, various information is exchanged between your end device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimize our website or to display advertising in the browser of your end device.
In accordance with the provisions of the GDPR, you have various rights that you can assert against us. These include the right to object to selected data processing, in particular data processing for advertising purposes. The option to object is highlighted in print.
The websites are hosted on external servers within Europe and are therefore subject to the security regulations applicable in Europe, the legal basis for this are agreements on commissioned processing in accordance with Art. 28 EU-DSGVO.
If you have any questions about our privacy policy, please contact us at any time at This email address is being protected from spambots. You need JavaScript enabled to view it..
2 CONTACT DATA AND RIGHT TO INFORMATION
This data protection declaration applies to data processing by ISM International School of Management GmbH, Otto-Hahn-Straße 19, 44227 Dortmund, and to the following websites or applications: ism.de, en.ism.de, ism-fernstudium.de, bewerbung.ism-fernstudium.de, ecampus.ism-fernstudium.de, elearning.ism-fernstudium.de and blog.ism.de.
You have a right to free information about your personal data stored by us and, if applicable, a right to correction, blocking or deletion of this data. If you have any questions about the collection, processing or use of your personal data, for information, correction, blocking or deletion of data and revocation of consents granted or objection to a particular use of data, please contact us directly: This email address is being protected from spambots. You need JavaScript enabled to view it..
We have appointed Mr. Marc Althaus as our external company data protection officer, who continuously works to ensure compliance with data protection regulations and carries out regular checks. You can find the contact details here:
Contact form:
https://www.dsextern.de/anfragen
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
22 589 Hamburg (Germany)
3 PURPOSE OF DATA COLLECTION, LEGAL BASIS, INTERESTS AND CATEGORY OF RECIPIENTS
3.1 Calling up our website/application
When calling up our website/application, information is automatically sent to the server of our website/application by the browser used on your end device and temporarily stored in a so-called log file. We have no influence on this. The following information is collected without your intervention and stored until automatic deletion after seven days:
1. IP address of the requesting Internet-enabled device,
2. date and time of access,
3. name and URL of the accessed file,
4. website/application from which the access was made (referrer URL),
5. browser used and, if applicable, the operating system of your Internet-capable computer
6. name of your access provider
7. language, country, city
8. screen resolution
9. demographic characteristics: Age, gender
10. search term
The legal basis is Article 6(1)(f) DSGVO. Our legitimate interest follows from the purposes of data collection listed below. At this point, we would like to point out that we are not able to draw any conclusions about your identity from the collected data and that we will not do so.
The IP address of your terminal device and the other data listed above are used by us for the following purposes:
1. ensuring a smooth connection setup,
2. ensuring a comfortable use of our website/application,
3. evaluation of system security and stability, and
4. other administrative purposes
Furthermore, we use so-called cookies, tracking tools and targeting procedures for our website/application. The exact procedures involved and how your data is used for this purpose are explained in more detail below in section 3.3.4.
If you have consented to geolocation in your browser or operating system or other settings on your end device, we do not use this function. However, you may receive individual services based on your current location from the search engines you use or other online service providers.
3.2 Conclusion, performance or termination of a contract
3.2.1 Data processing upon conclusion of a contract
The object of ISM's activities is the provision of services and the distance selling of goods, the retail trade within the scope of the permits issued by the authorities and the serial production of the goods to be offered. In this context, we process the data required for the conclusion, execution or termination of a contract. This includes:
1. surname/birth name
2. first name
3. place of birth
4. country of birth
5. date of birth
6. sex
7. nationality
8. address(es)
9. e-mail address(es)
10. entry date
11. billing and payment information
12. telephone number(s)
13. course of study
14. other courses booked (e.g. pre-courses)
15. registrations for exams
16. examination results
17. study contract
18. if available, further supplementary documents to the study contract.
The legal basis for this is Article 6(1)(b) DSGVO. Insofar as we do not use your contact data for advertising purposes (see 3.3. below), we will store the data collected for the purpose of processing the contract until the expiry of the statutory or possible contractual warranty and guarantee rights. After expiration of this period, we retain the information of the contractual relationship required by commercial and tax law for the periods determined by law. For this period (regularly ten years from the conclusion of the contract), the data is processed again solely in the event of an audit by the tax authorities.
Furthermore, the above-mentioned data will be forwarded to foreign partner universities as part of your mandatory semester abroad.
3.2.2 Identity, creditworthiness and transmission to credit agencies and debt collection companies
If necessary, we may verify your identity by using information from service providers. The legal basis for this is Article 6 (1) (b) and (f) DSGVO. The authorization for this results from the protection of your identity and the prevention of fraud attempts at our expense. The circumstance and the result of our inquiry will be added to your customer account or your guest account for the duration of the contractual relationship.
In the course of the ordering process, we also check your creditworthiness in order to be able to show you only the payment methods that can be used by you. For this purpose, we transmit the following types of data to so-called credit agencies cooperating with us: Name, address, date of birth. The legal basis for this is the following declaration of consent by you within the meaning of Article 6(1)(a) DSGVO:
I hereby consent to the checking of my creditworthiness by ISM. I am aware that the check is already carried out at the beginning of the ordering process and that I can revoke my consent at any time.
You can revoke your consent at any time with effect for the future by sending a declaration to the address given under "Contact". The revocation of consent does not affect the lawfulness of the personal data processed until the revocation. If you do not want to give the above consent, please give us before you initiate the completion of your purchase a corresponding note or use the option of guest ordering. In this case, however, we can only offer you payment methods that are not associated with a credit risk for ISM. The circumstance and the result of our inquiry will be saved to your customer account for the duration of the contractual relationship.
If you have already made a purchase from us, the data we have stored about you may be supplemented by so-called score values. Scoring is the creation of a forecast of future events based on information collected and past experience. On the basis of the data stored about you, an assignment is made to statistical groups of people who have had similar entries in the past. The underlying procedure used is a well-founded mathematical-statistical method for forecasting risk probabilities that has been tried and tested in practice for a long time.
In the event of a delay in payment, we transmit the necessary data to a company commissioned to enforce the claim if the other legal requirements are met. The legal bases for this are both Article 6(1)(b) and Article 6(1)(f) DSGVO. The assertion of a contractual claim is considered a legitimate interest within the meaning of the second-mentioned provision. We also transmit information about the delay in payment or a possible bad debt to credit agencies cooperating with us if the other legal requirements are met. The legal basis for this is Article 6 (1) (f) DSGVO. The legitimate interest required here results from our interest and the interest of third parties in reducing contractual risks for future contracts.
In order to collect our outstanding receivables, we transfer this function to a collection agency and in this context pass on the necessary data to the collection agency commissioned by us. This company first checks the legitimacy of the receivables transferred for collection and then sends a reminder for the delinquent invoice in writing or, if necessary, by telephone. If payment is refused, the collection agency will initiate legal dunning proceedings if necessary. There is also the possibility of execution as well as the seizure of realizable objects.
3.2.3 Transmission of data to partner companies
ISM transmits the data collected during the application process for a study place (according to 3.2.1) as a CV with attachments to qualified partner companies in order to support dual or part-time students in their search for a dual or partner in the run-up to their studies. The data will only be transmitted to partners exclusively for the application process. This data is deleted after completion of the application process or studies, unless longer legal retention periods exist.
3.3 Data processing for advertising purposes
3.3.1 Advertising purposes of ISM and third parties
Insofar as you have concluded a contract with us, we manage you as an existing customer. In this case, we process your contact data in order to send you information about new and similar products and services. From time to time, we transmit your postal contact data to contract partners selected by us with special care as service providers, so that they can inform you about new and similar products of ISM.
3.3.2 Interest-based advertising
To ensure that you only receive information that is of supposed interest to you, we categorize and add further information to your customer profile. Statistical information as well as information about you (e.g. basic data of your customer profile) is used for this purpose. The aim is to send you advertising that is geared solely to your actual or perceived needs and accordingly not to bother you with useless advertising.
The legal basis for the aforementioned processing is in each case Article 6(1)(f) DSGVO. The processing of existing customer data in this way for our own advertising purposes or for the advertising purposes of third parties is to be regarded as a legitimate interest.
3.3.3 Right of objection
You may object to data processing for the aforementioned purposes at any time for the respective communication channel separately and with effect for the future. For this purpose, it is sufficient to send an e-mail or a postal letter to the contact data mentioned under 1.
If you object, the contact address concerned will be blocked for further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent after receipt of your objection. This is due to technical reasons and does not mean that we will not implement your objection. Thank you for your understanding.
3.3.4 Cookies - general information
We use so-called cookies in our systems on the basis of Article 6(1)(f) DSGVO. Our interest in optimizing our website is thereby to be regarded as legitimate within the meaning of the aforementioned provision. Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. In the cookie, information is stored that arises in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity. The use of cookies serves to make the use of our offer more pleasant for you. For the purpose of user-friendliness, we use permanent cookies that are stored on your end device for a period of 30 days. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made, so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you as well as to display information tailored specifically to you. These cookies enable us to automatically recognize that you have already been to our site when you visit it again. These cookies are automatically deleted after a period of 30 days. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website. The storage period of cookies depends on their purpose and is not the same for all.
3.3.4.1 Cookie consent with Usercentrics
This website uses the cookie consent technology of Usercentrics to obtain your consent to store certain cookies on your terminal device or to use certain technologies and to document this consent in accordance with data protection law.
Operator of Usercentrics:
Usercentrics GmbH
Rosental 4
80331 Munich
Information on the data protection of Usercentrics can be found here: https://usercentrics.com/de/datenschutzerklaerung/.
When you enter our website, the following personal data is transferred to Usercentrics:
1. your consent(s) or revocation of your consent(s).
2. your IP address
3. information about your browser
4. information about your terminal device
5. time of your visit to the website
Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent(s) given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 (1) p. 1 lit. c DSGVO.
3.3.4.2 Preventing the setting of cookies
If you wish to prevent cookies from being set, you can - in addition to or instead of our cookie consent solution - set cookies on the website in a more general way:
Browser settings
Most browsers are set to accept cookies by default, but you can set your browser to reject cookies or ask for confirmation from you first. The help function in the menu bar of most web browsers explains how you can prevent your browser from accepting new cookies, how you can have your browser notify you when you receive new cookies, or even how you can delete all cookies you have already received and have the browser block all others.
However, if you refuse cookies, this may result in part of our website (and services of other websites) being unavailable and therefore some functions cannot be used. Also, cookies usually need to be enabled to object to the use of programs / uses (because of the setting of his objection (opt-out cookies).
3.3.5 Google
3.3.5.1 Gstatic
This is a domain used by Google to load static content into another domain name to reduce bandwidth usage and increase network performance for the end user.
Processing Company
Alphabet Inc.
1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, United States of America.
Data protection officer of the processing company
Below is the email address of the data protection officer of the processing company.
https://support.google.com/policies/contact/general_privacy_form
Data processing purposes
- Increasing network performance
- Reducing bandwidth usage
Technologies used
This list includes all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.
- JavaScript
Collected data
This list contains all (personal) data collected during or through the use of the service.
- Images
- CSS
Legal basis
Art. 6 para. 1 p. 1 lit. f DSGVO
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- United States of America
Retention period
The retention period is the length of time that the collected data is stored for processing. Data must be deleted as soon as it is no longer needed for the specified processing purposes.
Requests for CSS assets are cached for 1 day, font files are cached for one year. Some information is retained until removed by the user. Others are retained after a specified time.
Sharing with third countries
This service may transfer the collected data to another country. Please note that this Service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing.
- Worldwide
Data recipient
Alphabet Inc.
Click here to read the privacy policy of the data processor:
http://www.google.com/intl/de/policies/privacy/
Click here to read the cookie policy of the data processor:
https://policies.google.com/technologies/cookies?hl=en
Click here to revoke on all domains of the processing company:
https://safety.google/privacy/privacy-controls/
Storage Information
Below you can see the longest potential storage period on a device set when using the cookie storage method and when using other methods.
Maximum cookie storage time: session.
Non-cookie storage: No
3.3.5.2 Google Ads
This is an advertising service provided by Google.
Processing company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Data protection officer of the processing company
Below you will find the email address of the data protection officer of the processing company.
https://support.google.com/policies/troubleshooter/7575787?hl=de
Data processing purposes
This list represents the purposes of data collection and processing.
- Advertising
- Analysis
- Provision of services
- statistics
Technologies used
This list includes all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.
Cookies
Collected data
This list contains all (personal) data collected during or through the use of the Service.
- Viewed advertisements
- Cookie ID
- Date and time of visit
- Device information
- Geographical location
- IP Address
- Search terms
- Advertisements displayed
- Customer ID
- impressions
- Online identifiers
- Browser Information
Legal basis
Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- European Union
Retention period
The retention period is the length of time that the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
Data is deleted as soon as it is no longer needed for processing. Log data is anonymized after 9 months, and cookie information is anonymized after 18 months.
Sharing with third countries
This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing.
- Chile
- Singapore
- United States of America
- Taiwan
Data Recipients
The following is a list of the recipients of the data collected.
- Alphabet Inc.
- Google LLC
- Google Ireland Limited
Click here to read the privacy policy of the data processor:
https://policies.google.com/privacy?hl=de
Click here to read the cookie policy of the data processor:
https://policies.google.com/technologies/cookies?hl=de
Click here to revoke on all domains of the processing company:
https://safety.google/privacy/privacy-controls/
Storage Information
Below you can see the longest potential storage period on a device set when using the cookie storage method and when using other methods.
Maximum limit for cookie storage: 1 year.
Non-cookie storage: No
3.3.5.3 Google Ads Conversion Tracking.
This is a conversion tracking service provided by Google.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data protection officer of the processing company
Below you will find the email address of the data protection officer of the processing company.
https://support.google.com/policies/troubleshooter/7575787?hl=en
Data Processing Purposes
This list represents the purposes of data collection and processing.
- Advertising
- Conversion tracking
- Analysis
Technologies used
This list includes all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.
- Cookies
- pixels
- Web beacons
Collected data
This list contains all (personal) data collected during or through the use of the Service.
- Browser language
- Browser type
- Clicked ads
- Cookie ID
- Cookie information
- Date and time of visit
- IP Address
- Referrer URL
- Usage data
- Web request
Legal basis
Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- European Union
Retention period
The retention period is the length of time that the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
The data will be deleted as soon as it is no longer needed for the processing purposes.
Transfer to third countries
This service may transfer the collected data to another country. Please note that this Service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing.
- United States of America
- Singapore
- Taiwan
- Chile
Data Recipients
The following is a list of the recipients of the data collected.
- Google Ireland Limited
- Google LLC
- Alphabet Inc
Click here to read the privacy policy of the data processor:
https://policies.google.com/privacy?hl=en
Click here to read the cookie policy of the data processor:
https://policies.google.com/technologies/cookies?hl=en
Click here to revoke on all domains of the processing company:
https://safety.google/privacy/privacy-controls/
Storage Information
Below you can see the longest potential storage period on a device set when using the cookie storage method and when using other methods.
Maximum limit for cookie storage: 1 year.
Non-cookie storage: No
3.3.5.4 Google AdServices.
This is an advertising service provided by Google.
Processing company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data protection officer of the processing company
Below you will find the email address of the data protection officer of the processing company.
https://support.google.com/policies/troubleshooter/7575787?hl=en
Data Processing Purposes
This list represents the purposes of data collection and processing.
- Advertising
- Targeting
Technologies used
This list includes all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.
- Cookies
Collected data
This list contains all (personal) data collected during or through the use of the Service.
Click path
- Events
- IP address
- Referrer URL
- Touchpoint to the ad
- Transactions
- User Agent
- Pages viewed
Legal basis
Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- European Union
Retention period
The retention period is the length of time that the collected data is stored for processing. Data must be deleted as soon as they are no longer needed for the specified processing purposes.
Data will be deleted as soon as they are no longer needed for the processing purposes.
Transfer to third countries
This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing.
- United States of America
- Singapore
- Chile
- Taiwan
Data recipient
The following is a list of the recipients of the data collected.
- Google LLC
- Google Ireland Limited
- Alphabet Inc
Click here to read the privacy policy of the data processor:
https://policies.google.com/privacy?hl=en
Click here to read the cookie policy of the data processor:
https://policies.google.com/technologies/cookies?hl=en
Click here to revoke on all domains of the processing company:
https://safety.google/privacy/privacy-controls/
Storage Information
Below you can see the longest potential storage period on a device set when using the cookie storage method and when using other methods.
Maximum limit for cookie storage: 1 year.
Non-cookie storage: No
3.3.5.5 Google Analytics
For the purpose of needs-based design and ongoing optimization, we use Google Analytics, a web analytics service provided by Google, Inc. on the basis of Article 6(1)(f) DSGVO. ("Google"). In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website such as.
- Browser type/version,
- operating system used,
- Referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request,
are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for the purposes of market research and demand-oriented design of these web pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible. The retention period of the data sent by you and linked to cookies, user IDs or advertising IDs is 14 months. With each new activity, the period is set to the current duration plus the retention period mentioned.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
3.3.5.6 Google Analytics 4
This is a web analytics service. This service enables cross device tracking.
Processing company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data protection officer of the processing company
Please find below the email address of the data protection officer of the processing company.
https://support.google.com/policies/contact/generalprivacyform
Data processing purposes
This list represents the purposes of data collection and processing.
Technologies used
This list includes all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser:
Cookies
Data collected
This list contains all (personal) data collected during or through the use of the service.
Legal basis
The following is the required legal basis for processing data.
Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
European Union
Retention period
The retention period is the length of time that the collected data is stored for processing. Data must be deleted as soon as it is no longer needed for the specified processing purposes.
Data is deleted as soon as it is no longer needed for the processing purposes.
Transfer to third countries
This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing.
Data recipients
The following is a list of the recipients of the data collected.
Google Ireland Limited
Google LLC
Alphabet Inc
Click here to read the privacy policy of the data processor
https://policies.google.com/privacy?hl=en
Click here to read the data processor's cookie policy
https://policies.google.com/technologies/cookies?hl=en
Memory information
Below is the longest potential storage time on a device set when using the cookie storage method and when using other methods.
Maximum cookie storage time: Session
Non-cookie storage: no
3.3.5.8 Google Tag Manager
This website uses the Google Tag Manager.
Operator of Google Tag Manager:
Google LLC
1600 Amphitheatre Parkway
Mountain View, California 94043 (USA).
Through this service, website tags can be managed through an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected.
The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.
3. 3.5.9 Google Enhanced Conversions
On our website, we use a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Google Enhanced Conversion). With the help of Google Enhanced Conversions, ISM collects conversion data. Google Enhanced Conversion Tracking is a feature that can increase the accuracy of your conversion measurement. It securely sends hashed first-party conversion data from our website to Google as part of an addendum to existing conversion tags. Customer information is not shared with other advertisers. Access controls and encryption are in place to prevent unlawful access. You can revoke the data collection and storage at any time with effect for the future.
3.3.5.10 Google Fonts
This is a collection of fonts for commercial and personal use.
Processing company
Google Ireland Limited
Gordon House, 4 Barrow St, Dublin 4, Ireland
Data protection officer of the processing company
Below is the email address of the data protection officer of the processing company.
https://support.google.com/policies/contact/general_privacy_form
Data processing purposes
This list represents the purposes of data collection and processing.
- Provision of fonts
- Improvement of the service
Technologies used
This list includes all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.
- API
Collected data
This list contains all (personal) data collected during or through the use of the service.
- IP address
- Aggregated usage figures
- Font request
- Referrer URL
- CSS requests
- User Agent
- Browser information
Legal basis
Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- European Union
Retention period
The retention period is the length of time that the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
The data will be deleted as soon as it is no longer needed for the processing purposes.
Transfer to third countries
This service may transfer the collected data to another country. Please note that this Service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing.
- United States of America
- Singapore
- Taiwan
- Chile
Data recipient
The following is a list of the recipients of the data collected.
- Alphabet Inc,
- Google LLC
- Google Ireland Limited
Click here to read the privacy policy of the data processor:
https://policies.google.com/privacy?hl=en
Click here to read the cookie policy of the data processor:
https://policies.google.com/technologies/cookies?hl=en
3.3.5.10 DoubleClick Ad
This is an advertising service. With this service it is possible to provide relevant ads to users and retrieve campaign reports.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data protection officer of the processing company
Below is the email address of the data protection officer of the processing company.
https://support.google.com/policies/troubleshooter/7575787?hl=en
Data Processing Purposes
This list represents the purposes of data collection and processing.
- Advertising
- Analysis
- Optimization
Technologies used
This list includes all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.
- Cookies
Collected data
This list contains all (personal) data collected during or through the use of the Service.
- Browser information
- Click path
- Cookie information
- Date and time of visit
- Demographic data
- Device identifier
- Location information
- Hardware/software type
- Internet service provider
- IP address
- Frequency with which ads are seen
- Providing domains
- Interaction data
- Views of the page
- Search history
Legal basis
Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- European Union
Retention period
The retention period is the length of time that the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
The data will be deleted as soon as it is no longer needed for the processing purposes.
Transfer to third countries
This Service may transfer the collected data to another country. Please note that this Service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing.
- United States of America
Data Recipients
The following is a list of the recipients of the data collected.
- Google Ireland Limited
- Google LLC
- Alphabet Inc.
Click here to read the privacy policy of the data processor:
https://policies.google.com/privacy?hl=en
Click here to read the cookie policy of the data processor:
https://policies.google.com/technologies/cookies?hl=en
Memory Information
Below you can see the longest potential storage time on a device set when using the cookie storage method and when using other methods.
Maximum limit for cookie storage: 1 year.
Non-cookie storage: No
3.3.6 Targeting
The targeting measures listed below and used by us are carried out on the basis of Article 6(1)(f) DSGVO. By means of the targeting measures used, we want to ensure that you are only shown advertising on your end devices that is oriented to your actual or presumed interests. It is in your interest as well as ours not to bother you with advertisements that are not of interest to you.
3.3.6.1 Onsite targeting
On our website, information is collected and evaluated using cookies in order to optimize advertising. This information includes, for example, details about which of our study programs you were interested in. The collection and evaluation is exclusively pseudonymous and does not allow us to identify you. In particular, the information is not combined with personal data about you. Based on the information, we can show you offers on our site that are specifically geared to your interests, as determined by your previous user behavior. The cookie is automatically deleted after 30 days.
3.3.6.2 Re-targeting
We also use re-targeting technologies from ad servers. This enables us to tailor our online offer to make it more interesting for you. For this purpose, a cookie is set with which interest data is collected using pseudonyms. Based on this information, you will be shown interest-related advertisements about our offers. No personal data is stored and no usage profiles are merged with personal data about you. The cookie is stored for a period of 30 days and then automatically deleted.
3.3.6.3 Options for objection
You can prevent the targeting technologies explained by making the appropriate cookie setting in your browser (see also 3.3.4). Facebook custom audience can be deactivated under the following link: reachlocal.com/opt-out.
3.3.7 Hubspot
3.3.7.1 CRM
We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter referred to as Hubspot CRM).
Hubspot CRM enables us, among other things, to manage existing and potential customers as well as customer contacts. With the help of Hubspot CRM, we are able to capture, sort and analyze customer interactions via email, social media or phone across different channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyze the user behavior of our contacts on our website.
The use of Hubspot CRM is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO; the consent can be revoked at any time.
For details, please refer to Hubspot's privacy policy: https://legal.hubspot.com/de/privacy-policy
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.
3.3.7.2 Forms
This is the Hubspot service for creating online forms. All forms on our website are created using this service.
Processing Company
Hubspot, Inc.
25 First Street, 2nd Floor, Cambridge, MA 02141, United States of America
Data protection officer of the processing company
Below you will find the email address of the data protection officer of the processing company.
This email address is being protected from spambots. You need JavaScript enabled to view it.
Data processing purpose
Provision of online forms
Technology used
Tracking pixel
Collected data
- User agent data
- IP address
- Browser type
- Internet Service Provider
- Company name
- HTML pages
- Information from third-party sources
- Device operating system
- Usage data
- Phone number
- Referrer URL
- Session duration
- Device type
- Pages visited
- Click path
- Domain name
- Contact information
- Date and time of visit
- Device identifier
- Geographic location
- E-mail address
- Data provided via forms on the website
Legal basis
Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing
United States of America
Retention period
The data will be deleted as soon as they are no longer needed for the processing purposes.
Transfer to third countries
This service may transfer the collected data to another country. Please note that this Service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing:
- United States of America
Data recipient
Hubspot, Inc.
Click here to read the privacy policy of the data processor:
https://legal.hubspot.com/privacy-policy
3.3.8 yumpu
This service provides a digital publishing solution. With this service, the user can create readable print publications and convert PDF files to flipbooks.
Processing company
i-magazine AG
Gewerbestrasse 5, 9444 Diepoldsau, Switzerland
Data protection officer of the processing company
Below you will find the e-mail address of the data protection officer of the processing company.
This email address is being protected from spambots. You need JavaScript enabled to view it.
Data processing purposes
This list represents the purposes of data collection and processing.
- Functionality
- Optimization
Technologies used
This list includes all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.
- Cookies
- Log files
Collected data
This list contains all (personal) data collected during or through the use of the service.
- IP address
- Referrer URL
- Browser information
- Date and time of the visit
- Information of the operating system
- Usage data
- contact information
- Payment information
- Geographic location
- Date of birth
- Browser Language
- Postal Address
- User ID
- Host name of the accessing computer
Legal basis
Art. 6 para. 1 s. 1 lit. f DSGVO
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- Switzerland
Retention period
The retention period is the length of time that the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
The data will be deleted as soon as it is no longer needed for the processing purposes.
Data recipients
The following is a list of the recipients of the data collected.
- I-magazine AG
Click here to read the privacy policy of the data processor:
https://www.yumpu.com/en/info/privacy_policy
Click here to read the cookie policy of the data processor:
https://www.yumpu.com/en/info/cookie_policy
3.3.9 CrazyEgg.com
This site uses the CrazyEgg.com tracking tool to record randomly selected individual visits with anonymized IP address only. This tracking tool uses cookies to evaluate how you use the website (e.g. which content is clicked on). For this purpose, a usage profile is displayed visually. Only usage profiles are created using pseudonyms.
Further information on data protection at CrazyEgg.com can be found at https://www.crazyegg.com/privacy.
3.3.10 Facebook Pixel
This website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
In this way, the behavior of page visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of Facebook Pixel is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in effective advertising measures including social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381 .
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
You can find further information on protecting your privacy in Facebook's data protection notices: https://de-de.facebook.com/about/privacy/.
You can also deactivate the "Custom Audiences" remarketing function in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook.
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
3.3.11 TikTok
This is a tracking technology offered by TikTok. This is a platform for short mobile videos.
Processing Company
TikTok Information Technologies UK Limited
Aviation House, 125 Kingsway Holborn, London, WC2B 6NH.
Data protection officer of the processing company
Below is the email address of the data protection officer of the processing company.
This email address is being protected from spambots. You need JavaScript enabled to view it.
Data processing purposes
This list represents the purposes of data collection and processing.
- Social Media
- Analysis
Technologies used
This list includes all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.
Cookies
Collected data
This list contains all (personal) data collected during or through the use of the Service.
- User content
- Date of birth
- profile information
- profile picture
- usage data
- Device information
- Smartphone related information
- Last name
- First Name
- Internet Service Provider
- IP Address
- Email Address
- Browser history
Legal basis
Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- Singapore
- United States of America
Retention Period
The retention period is the length of time that the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
The data will be deleted as soon as it is no longer needed for the processing purposes.
Transfer to third countries
This service may transfer the collected data to another country. Please note that this Service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing.
- Singapore
- United States of America
Data Recipients
The following is a list of the recipients of the data collected.
- TikTok Information Technologies UK Limited
- TikTok Pte. Ltd.
Click here to read the privacy policy of the data processor:
https://www.tiktok.com/legal/privacy-policy?lang=en#section-1
3.3.12 cloudfront
This is a content delivery network provided by Amazon. Using a CDN allows users to make content available to you for retrieval more quickly using regionally or internationally distributed servers. When you call up this content, a connection is established between you and the respective servers of the CDN, whereby personal data may be transmitted.
Processing company
Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy, L-1855 Luxembourg
Data processing purposes
This list represents the purposes of data collection and processing.
- Delivering content
Technologies used
This list includes all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.
- Scripts
Collected data
This list contains all (personal) data collected during or through the use of the service.
- User agent data
- Usage data
- Device operating system
- Device information
- IP address
- Browser information
Legal basis
Art. 6 para. 1 p. 1 lit. f DSGVO
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- Worldwide
Retention period
The retention period is the length of time that the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
The data will be deleted as soon as it is no longer needed for the processing purposes.
Transfer to third countries
This service may transfer the collected data to another country. Please note that this Service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing.
- Worldwide
Data recipients
The following is a list of the recipients of the data collected.
Amazon Web Services EMEA SARL
Click here to read the privacy policy of the data processor:
https://aws.amazon.com/privacy/
Click here to read the cookie policy of the data processor:
https://aws.amazon.com/privacy/
3.3.13 AWIN
This is a partner network for affiliate marketing.
Processing Company
AWIN AG
Eichhornstrasse 3, 10785 Berlin, Germany
Data protection officer of the processing company
Below you will find the e-mail address of the data protection officer of the processing company.
This email address is being protected from spambots. You need JavaScript enabled to view it.
Data processing purposes
This list represents the purposes of data collection and processing.
- Affiliate marketing
- Tracking
Technologies used
This list includes all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.
- Cookies
- Journey tag
Data collected
This list contains all (personal) data collected during or through the use of the Service.
- Viewed advertisements
- Browser information
- Ads clicked on
- Device information
- Device operating system
- Referrer URL
- Time at which the advertisement was clicked on
- Time at which the advertisement was viewed
- Touchpoint to the advertisement
- Usage data
- User agent
- Business transaction
- Information about orders
- Leads
- Newsletter information
- Referrer success
Legal basis
Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- European Union
Retention period
The retention period is the length of time that the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
The data will be deleted as soon as it is no longer needed for the processing purposes.
Data recipients
The following is a list of the recipients of the data collected.
AWIN AG
Click here to read the privacy policy of the data processor:
https://www.awin.com/us/legal/privacy-policy
Storage Information
Below is the longest potential storage period on a device set when using the cookie storage method and when using other methods.
Maximum limit for cookie storage: 1 year.
Non-cookie storage: No
4 CONTACT.
Pursuant to Article 8(1), the processing of the child's personal data is lawful if the child has reached the age of sixteen. If the child has not reached the age of sixteen, such processing shall be lawful only if and to the extent that such consent is given by or with the consent of the holder of parental responsibility over the child. By agreeing to the declaration of consent, we assume that you have either reached the age of sixteen or that you have obtained parental consent.
4.1 Contact form
4.1.1 Contact form for interested parties
We provide contact forms for simplified contact and appointment scheduling. This applies to ordering information material, making appointments with the student advisory service, and registering for information events and the entrance test.
The data collected includes, for example
- First and last name
- postal address
- e-mail address
- telephone number
The data collected in this context will be stored by us in order to provide you with information about your studies and the university via the channels you have selected. The data will be forwarded for further processing within the university. In case of inactivity on your part, your data will be deleted after 36 months, unless otherwise specified by you.
4.1.2 Cooperation with external internet portals
We cooperate with the external study portal Studyportals.
Information on the data protection of Studyportals can be found here: https://studyportals.com/about-us/privacy-2/.
In order for the service (referral of a prospective student) from Studyportals to ISM to be billed based on performance, a code from Studyportals is integrated into our application form. When you fill out our application form, the following data is collected from you:
- Time of the website call (request to the host provider's server).
- URL of the website from which the website was called up
- IP address
The above data is transmitted to the service provider clickmeter and its hoster Amazon Web Services and processed there. This may also involve transmission to countries outside the EU, in particular the USA.
Information on the data protection of Amazon Web Services can be found here: https://aws.amazon.com/de/privacy/?nc1=f_pr
Information on the data protection of clickmeter can be found here: https://www.clickmeter.com/privacy-policy
The purpose of this processing is the performance-based billing of successful referrals between Studyportals and ISM. The legal basis for the data processing of the is the service contract and thus Art. 6 para. 1 lit. b) DSGVO and the legitimate interest of ISM under Art. 6 para. 1 lit. f) DSGVO. ISM has a legitimate interest in maintaining control over the actual placements made via Studyportals.
4.1.3 Contact form for press contacts
We provide you with a corresponding contact form for inclusion in our press distribution list. Your data will be stored by us for further processing and used for communication purposes. Third-party providers may be consulted for further processing. The storage of data by the provider may exceed the scope of this privacy policy.
4.2 Blog
For reactions to our blog, we provide the mail address This email address is being protected from spambots. You need JavaScript enabled to view it.. Your contact data provided in the mail (at least name and email address) will be stored within the university to process your request, forwarded internally and deleted after processing.
4.3 Whatsapp
We provide Whatsapp as a communication channel with the university. Data that you send us via Whatsapp will be stored within the university and forwarded internally in order to be able to process your request. Your data will be deleted after processing. We would like to point out that other data protection guidelines and liability regulations apply to the use of third-party operators such as Whatsapp. The storage and use of data by the provider, which is generated during use, may exceed the scope of this privacy policy.
Operator of Whatsapp:
WhatsApp Inc.
1601 Willow Road, Menlo Park
California 94025 (USA)
4.4 E-mail
Data that you send to us by e-mail will be stored within the university and forwarded internally in order to be able to process your request. E-mails will be archived within the university in accordance with the legal obligation to retain data.
4.5 Possibility of objection
You can revoke the selected contact options at any time.
5 VIDEO AND ONLINE CONFERENCE SYSTEMS
5.1 Youtube
We use the provider YouTube to embed videos. The videos were embedded in the extended data protection mode. Like most websites, YouTube also uses cookies to collect information about visitors to its website. YouTube uses these, among other things, to collect video statistics, to prevent fraud and to improve the user experience. Also, this leads to a connection with the Google DoubleClick network. When you start the video, this could trigger further data processing operations. We have no control over this. You can find more information about data protection at YouTube in their privacy policy at: youtube.com/t/privacy_at_youtube.
The legal basis for this is Article 6(1)(f) DSGVO.
5.2 Media library
If necessary and if not otherwise possible, film contributions are also integrated via media libraries, the legal basis for this is Article 6(1)(f) DSGVO. We would like to point out that other data protection guidelines and liability regulations apply to the use of third-party operators such as media libraries. The storage and use of data by the provider that is generated during use may exceed the scope of this privacy policy.
5.3 Zoom
We use Zoom web conferencing software to conduct classes, online meetings, video conferences, and/or webinars (hereinafter Online Meetings).
Operator of Zoom:
Zoom Video Communications, Inc.
55 Almaden Blvd, Suite 600,
San Jose, California 95113 (USA)
If you call up the Zoom website, the operator of Zoom is responsible for data processing. However, accessing the Internet site is only necessary to use Zoom in order to download the software for using Zoom. You can also use Zoom if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the Zoom app. If you do not want to or cannot use the Zoom app, then the basic functions can also be used via a browser version, which you can also find on the Zoom website.
When using Zoom, various types of data are processed. The scope of the data depends on what data you make before or when participating in an online meeting. The following personal data are subject to processing:
- For online meeting: first name and last name, meeting topic and description if applicable, participant IP addresses, and device/hardware information.
- For recordings: MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
- For dial-in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an online meeting. To this extent, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the Zoom applications.
To join an online meeting or enter the "meeting room," you must at least provide information about your name. If we want to record online meetings, we will transparently communicate this to you in advance and - if necessary - ask for consent. The fact of the recording will also be displayed to you in the Zoom app.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case. For purposes of recording and following up on online meetings, we may also process questions asked by webinar participants.
If you are registered as a user with Zoom, then reports of online meetings (meeting metadata, phone dial-in data, questions and answers in webinars, survey function in webinars) can be stored by Zoom for up to one month.
The existing option of software-based "attention monitoring" ("attention tracking") is deactivated. Automated decision-making within the meaning of Art. 22 DSGVO is not used.
Personal data processed in connection with participation in online meetings is generally not disclosed to third parties unless it is specifically intended for disclosure. Please note that content from online meetings, as well as face-to-face meeting content, is often used precisely to communicate information with customers, prospects or third parties and is therefore intended for disclosure.
The provider of Zoom necessarily obtains knowledge of the above data to the extent provided for in our order processing agreement with Zoom.
Zoom is a service provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the Zoom provider.
Rechtsgrundlage der Datenverarbeitung ist Artikel 6 Absatz 1 Buchstabe b und f) DSGVO. Informationen über Datenschutz bei Zoom finden Sie unter: https://zoom.us/docs/de-de/privacy-and-legal.html
6 APPLICATIONS TO ISM
If you provide us with personal data as part of the application process, you can submit it to us online via our application platform. The basis for this is an agreement on order processing. The personal data provided to us in this way is divided into the following data types and data categories for collection, processing or use:
- Personal data (first name and surname, date of birth, address, school-leaving qualification).
- communication data (telephone number, mobile phone number, fax number, e-mail address)
- Information data (from third parties, e.g. credit agencies or from public directories)
- Data on assessment and evaluation in the application process
- Data on education (school, vocational training, civil/military service, studies, doctorate)
- Data on previous professional career, training and work references
- Data on other qualifications (e.g. language skills, PC skills, voluntary activities)
- Application photo
- Information on desired salary
- Application history
We use the personal data you provide exclusively within the ESO Education Group to process your application for the advertised position. Your personal data will only be disclosed to persons involved in the application process. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. We do not disclose your personal data to third parties unless you have consented to the disclosure of data or we are obliged to disclose data due to statutory provisions and/or official or court orders. When you submit an application, an account is created in our career portal where you can view and manage your application. In the course of the application process, you have the opportunity to rate the application process and our company online with the service provider softgarden e-recruiting GmbH. This feedback may appear on the rating portals of softgarden and kununu GmbH.
Within six months after completion of the specific application process, your data will be automatically deleted. This does not apply if legal regulations prevent deletion, if further storage is necessary for the purpose of evidence or if you have expressly agreed to longer storage.
If you decide to join the Talent Pool, the entire Euro-Schulen group of companies can access your personal data in the event of any job assignments. The Talent Pool can be joined by agreeing to a recruiter's invitation or proactively through the "Get in touch" form.
7 RECIPIENTS OUTSIDE THE EU
7.1 Data processing for advertising purposes
The processing mentioned under 3.3 causes a data transfer to the servers of the providers of tracking or targeting technologies commissioned by us. These servers are located in the USA.
7.2 Data processing at foreign universities
In addition to the processing described under 3.2, we pass on your data to foreign universities located outside the European Union or the European Economic Area if it concerns the planning and implementation of a stay abroad in connection with your studies at ISM, which are completed outside Europe.
8 YOUR RIGHTS
8.1 Overview
In addition to the right to revoke the consent you have given to us, you have the following additional rights if the respective legal requirements are met:
1. right to information about your personal data stored by us in accordance with Art. 15 DSGVO,
2. right to correct incorrect data or to complete correct data according to Art. 16 DSG-VO,
3. right to have your data stored by us deleted according to Art. 17 DSGVO,
4. right to restrict the processing of your data according to Art. 18 DSGVO,
5. right to data portability according to Art. 20 DSGVO.
8.2 Right of objection
Under the conditions of Art. 21 (1) DSGVO, data processing may be objected to for reasons arising from the particular situation of the data subject.
The above general right of objection applies to all processing purposes described in this Privacy Notice, which are processed on the basis of Article 6(1)(f) DSGVO. Unlike the specific right of objection directed at data processing for advertising purposes (compare 3.3.3 above), we are only obliged under the GDPR to implement such a general objection if you provide us with reasons of overriding importance for doing so (e.g. a possible risk to life or health). In addition, you have the option of contacting a supervisory authority or the data protection officer.
9 DATA SECURITY
All data transmitted by you personally, including your payment data, are transmitted using the generally accepted and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure SSL connection, among other things, by the appended s at the http (i.e. https://...) in the address bar of your browser or by the lock symbol in the lower area of your browser.
We also use appropriate technical and organizational security measures to protect your personal data stored by us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. Data exchange between the server and a computer accessing it (client) is secured by SSL certificates with the SHA-256 signature algorithm. This applies to ism.de, en.ism.de and blog.ism.de.
© ISM International School of Management GmbH – non-profit organization