Bender Online Academy
Data Protection Information
Data Protection Information on the Processing of your Personal Data in
accordance with the General Data Protection Regulation (GDPR)
Bender Online Academy
We are pleased that you are using the Bender Online Academy.
Data Protection and Data Security are very important for us. Therefore, we would like to inform you about the personal data we collect from you, when you use the platform.
As changes to the law or changes to our processes may require an adaptation of this privacy policy, we ask you to read this privacy policy regularly. The privacy policy can be accessed any time under “Privacy Policy”, saved and printed out.
Bender GmbH & Co. KG
Londorfer Straße 65
35305 Grünberg, Germany
Telefon:
2. Data Protection Officer:
Dr. Karsten Kinast, LL.M.,
Hohenzollernring 54
50672 Cologne, Germany
Tel.:
E-mail: datenschutz@bender.de
3. Principles of Processing Personal Data
Personal data is all information relating to an identified or identifiable natural person. Information that cannot (or only with a disproportionate effort) be referred to your person, e.g. by anonymizing the information, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis. Processed personal data will be deleted as soon as the purpose of the processing has been fulfilled and no legally prescribed retention obligations are to be observed.
4. Data Processing
With the following remarks, we’d like to inform you about the specific processes, the scope and purpose of data processing, the legal basis for processing and the respective storage period of the processing activities that take place in connection with the usage of the Bender Online Academy:
- Bender Online Academy Profile
- Scope and Purpose of the Processing
When you are signed up to Bender Online Academy a profile is created.
The following personal data is mandatory in order to create a profile:- Name and surname
- E-mail address (business)
photo, city, country, timezone, description (free text), webpage, ICQ ID, Skype ID, AIM ID, Yahoo ID, MSN ID, ID number, institution, department, phone number, mobile phone number, address
- Scope and Purpose of the Processing
- Legal Basis
In general Article 6 (1) lit. f) GDPR serves as the legal basis for the data processing. The processing of the mentioned personal data is necessary for the provision of the Bender Online Academy. Thus, the processing serves the protection of a legitimate interest of Bender. - Data Deletion and Storage Time
Your personal data are stored for as long as you are employed by the company, respectively bound by a contractual relationship to the company. Afterwards your profile and correspondingly all personal data is deleted.
- Access and General Use of the Bender Online Academy
- Scope and Purpose of the Processing
When you access and use the Bender Online Academy, we collect several personal data categories.
Beside the personal data that your browser automatically transmits to our server, which is temporarily stored in a so-called log file, the following personal data is processed:- Login data (IP address, first and last access) as well as a report on logins
- Courses attended as well as the exam results
- Certificates and badges achieved by participating in the courses
- Legal Basis
In general Article 6 (1) lit. f) GDPR serves as the legal basis for the data processing. The processing of the mentioned personal data is necessary for the provision of the Bender Online Academy. Thus, the processing serves the protection of a legitimate interest of Bender.
- Scope and Purpose of the Processing
- Data Deletion and Storage Time
Your personal data are stored for as long as you are employed by the company, respectively bound by a contractual relationship to the company. Afterwards your profile and correspondingly all personal data is deleted.
- Bender Online Academy Forum
- Scope and Purpose of Processing
You have the opportunity to participate actively in the Bender Online Academy Forum. If you decide to use the forum, your name, the date and time of the post are necessarily displayed in connection with your forum post. After deleting your account, your posts will still be displayed with the published content, however instead of your name, "Deleted Account" will be displayed as the author. - Legal Basis
In general Article 6 (1) lit. f) GDPR serves as the legal basis for the data processing. The processing of the mentioned personal data is necessary for the provision of the Bender Online Academy. Thus, the processing serves the protection of a legitimate interest of Bender. - Data Deletion and Storage Time
Your personal data are stored for as long as you are employed by the company, respectively bound by a contractual relationship to the company. Afterwards your profile and correspondingly all personal data is deleted.
5. Recipients of Personal Data and Data Transfers in-/outside of the European Economic Area
- When and why may we share your personal data
We will only share your personal data with third parties and other recipients where we have an appropriate legal basis under the GDPR, which permits us to do so. Commonly, this could include situations where we are legally obliged to provide the information (e.g. to data protection authorities), to comply with our contractual duties (e.g. to an affiliated company, if necessary in terms of our business relation), where it is necessary in our legitimate interest (e.g. for compliance reasons), or where you have given your express consent to do so (e.g. to third-party Cookie providers).
We have also engaged service providers that process your data on our behalf and, therefore, are so-called data processors (e.g. our provider of the website and agencies that help us managing our content thereof). Such data processors are contractually obliged to solely process your personal data based on our contractual agreement and in line with our predefined instructions. As data processors our service providers are also recipients of your personal data.
- Data Transfers in-/outside the European Economic Area
The processing of your personal data is based inside the European Economic area (EEA). Data transfers outside the EEA do not take place.
When we are aware that your personal data may be transferred to third countries we ensure to collect your express consent and inform you in this Privacy Policy about the transfer and, if applicable, the corresponding risk that your data may not be appropriately safeguarded regarding illegitimate access or use, before such transfer takes place.
- List of Recipients of your personal data
Recipient | Processing Activity | Legal Basis | Data Transfer outside the EEA |
LernLink | Provision of the e-learning platform | DPA | No |
|
|
|
|
|
|
|
|
6. Cookies
We use Cookies on Bender Online Academy. Cookies are small files which are sent by us to the browser of your terminal device and stored there as part of your visit to Bender Online Academy. We only use technically necessary Cookies on Bender Online Academy in order to be able to provide you with the platform. The following Cookies are used:
- MoodleSession
The important cookie is called MoodleSession. This cookie is to be allowed in order to keep you logged in when you move from site to site. When you log out or exit the web browser, the cookie is automatically deleted.
- MoodleID
The other cookie serves the convenience and is called MoodleID. This cookie stores your login name in the web browser and is retained even after you log out. The next time you visit the website, your username is then already entered for the login. You can disallow this cookie, but then you will always have to re-enter your username.
7. Hyperlinks with thumbnails
Our website contains hyperlinks with thumbnails to websites of other providers. When you activate these hyperlinks, you will be directed directly to the other providers' website. You will recognize this when the URL is changed. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
8. Your Rights as a Data Subject
The GDPR provides you as a Data Subject with the following rights in case you are subject to a data processing:
- Pursuant to Article 15 GDPR you can request information about your personal data processed by us. You can assess most of the data in your profile and courses. In addition, you will find a function in your profile that enables you to send us an access request.
- Pursuant to Article 16 GDPR you can immediately demand the correction of incorrect data or the completion of your personal data stored with us. You can adjust the most important profile data yourself. Other data can be changed after consultation, please let us know which data needs correction.
- Pursuant to Article 17 GDPR, you may request the deletion of your personal data stored by us, provided that the processing is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims. After consultation, we will delete your data. In addition, y you will find a function in your profile that enables you to send us a deletion request.
- Pursuant to Article 18 GDPR, you can request the restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful, if we no longer need the data and if you refuse their deletion because you need to establish, exercise or defend legal claims. You are also entitled to the right under Article 18 GDPR if you have objected to the processing in accordance with Article 21 GDPR. Talk to us about this in detail. If necessary and possible, we will anonymize your data to enable further participation.
- Pursuant to Article 20 GDPR, you may request that the personal data you have provided us with be received in a structured, current and machine-readable format or you may request that it be transmitted to another person responsible.
- Pursuant to Article 7 (3) GDPR you can withdraw your consent at any time. As a consequence, we are no longer allowed to continue the data processing based on this consent for the future.
- Pursuant to Article 77 GDPR, you have the right to complain to a supervisory authority. You can contact the supervisory authority of your habitual residence, place of work or our company headquarters.
9. Right to Object
In case the processing of your personal data is based on legitimate interest in accordance with Article 6 (1) lit. f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR insofar as there are reasons which arise from your particular situation or if the objection refers to direct marketing. In the case of direct marketing, you have a general right of objection which will be considered without mentioning any particular situation.
10. Data Security and Security Measures
We are committed to protecting your privacy and treating your personal information confidentially. In order to avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security measures that are regularly reviewed and adapted to technological progress. This includes, among other things, the use of recognized encryption methods (SSL or TLS).However, we would like to point out that due to the structure of the internet, it is possible that the rules of data protection and the above mentioned security measures may not be observed by other persons or institutions for which we are not responsible.
In particular, unencrypted data - e.g. if this is done by e-mail - can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.