1. Data protection at a glance

General note

The following information provides an overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find his contact details in the section "Person in charge and data protection officer" in this data protection declaration.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This can be, for example data that you enter in a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of the page visit). This data is collected automatically as soon as you visit this website.

What do we use your data for?

Part of the data is collected in order to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right to receive information free of charge about the origin, recipient and purpose of your personal data stored at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the responsible data protection authority. You can contact us at any time about this and other questions on the subject of data protection.

2. Hosting

We host the content of our website with the following provider:

External hosting

This website is hosted externally. The personal data collected on this website, is stored on the servers of the hoster. This may include, but is not limited to, IP addresses, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b General Data Protection Regulation (GDPR)) and in the interest of a secure, fast and efficient provision of our online service by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 of the German “Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei Telemedien„ (TTDSG) insofar as the consent allows the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting). The consent can be revoked at any time.

Our hoster will only process your data to the extent that this is necessary for the fulfilment of service obligations and comply with our instructions in relation to this data.

We use the following hoster:
Ballensiefen IT
Andre Ballensiefen
Birkenweg 47a
53842 Troisdorf
Germany

Order processing

We have concluded an order processing agreement for the use of the above-mentioned service. This is a contract required under data protection law, which guarantees that the personal data of our website visitors will only be processed in accordance with our instructions and in compliance with the GDPR.

3. General notes and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this data protection declaration.

When you use this website, various personal data are collected. Personal data is data by which you can be personally identified. This Privacy Policy explains what information we collect and how we use it. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Note on the responsible office

The controller within the meaning of the GDPR and other national data protection laws of the Member States as well as other provisions of data protection law is:

University of Bonn
Center for Development Research (ZEF)
Genscheralle 3
53113 Bonn
Germany

Department of Ecology and Natural Resources Management (ZEF C)
Executive Director of ZEF: Prof. Dr. Christian Borgemeister
Contact: Sabine Aengenendt-Baer
Tel: +49 (0) 228 / 73-18 65
Fax: +49 (0) 228 / 73-18 89
Email: s.aengenendt-baer(at)uni-bonn.de
Website: www.zef.de

The data controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Duration of storage

Unless a more specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted, unless we have other legally permissible reasons for storing your (e.g. retention periods under tax or commercial law). In the latter case, the data will be deleted after these reasons have ceased to apply.

General information on the legal basis of data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you consent to the storage of cookies or to the access to information in your device (e.g. via device fingerprinting), the data processing will also be carried out on the basis of § 25 para. 1 of the German “Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei Telemedien„ (TTDSG). The consent can be revoked at any time. If your data is required to fulfil a contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data insofar as it is required to fulfil legal obligations on the basis of Art. 6 para. 1 lit. c GDPR. Furthermore, the data processing may be based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this data protection declaration.

Name and address of the data protection officer

We have appointed a data protection officer.

Official data protection officer:
Dr. Jörg Hartmann
Genscherallee 3
53113 Bonn
Germany
Email: joerg.hartmann@uni-bonn.de
Tel: + 49 (0)228 -73 – 6758

Deputy:
Eckhard Wesemann
Dezernat 1
Regina-Pacis-Weg 3
53113 Bonn
Germany
Email: wesemann@verwaltung.uni-bonn
Tel: + 49 (0)228 -73 - 7278

Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out, that US authorities (e.g. intelligence services) may process, analyse and use your data on US servers for surveillance purposes and evaluate and permanently store your data. We have no influence on these processing activities.

Recipients of personal data

In the course of our business activities, we cooperate with various external bodies. In the process personal data must sometimes also be transferred to these external bodies. We only pass on personal data to external bodies if this is necessary within the scope of a fulfilment of a contract, if we are legally obliged to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest in the transfer of data in accordance with Art. 6 Para. 1 lit. f GDPR, or if another legal basis permits the transfer of data. When using processors, we only pass on personal data of our customers on the basis of a valid contract on commissioned processing. In the event of joint processing, a contract on joint processing is concluded.

Revoking your consent to data processing

Many data processing operations are only possible with your explicit consent. You can revoke a consent you have given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the collection of data in specific cases and to Direct advertising (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F OF THE GDPR

YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO A PROFILING BASED ON THESE PROVISIONS. YOU CAN FIND THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED IN THIS PRIVACY POLICY.

IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO THE PROFILING, AS FAR AS IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION ACCORDING TO ART. 21 PARA. 2 GDPR).

Right of appeal to the competent supervisory authority

In the event of a contravention of the GDPR, data subjects have the right to lodge a complaint with an authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. The right of appeal exists regardless of any other administrative or judicial remedies.

 

Data portability rights

You have the right to obtain the data which we process automatically on the basis of your consent or in fulfilment of a contract in a common, machine-readable format, or to have this data handed over to a third party. If you request the direct transfer of the data to another person responsible this will only be done insofar as it is technically feasible.

Information, correction and deletion

 

Within the framework of the applicable legal provisions, you have the right to receive information about your stored personal data, the origin, recipients and the purpose of the data at any time and free of charge. This also applies to the purpose of the data processing. You have, if applicable, the right to have this data corrected or deleted. For this and other questions on the subject of personal data, you can contact us at any time.

Right to restrict processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. The right to restriction of processing exists in the following cases:

• If you dispute the accuracy of your personal data stored with us, we normally require time to check this. For the duration of the check, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data has happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
• If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of the deletion.
• If you have lodged an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data - apart from it being

stored – can only legally be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

SSL and TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator.

You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. data collection on this website

Cookies

Our Internet pages use so-called "cookies". Cookies are small data packets and do not cause harm to your terminal device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behaviour or for advertising purposes.

Cookies, which are used to carry out the electronic communication process, to provide functions you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies for measuring the web audience) (necessary cookies), are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time.

You can set your browser to inform you when cookies are set and to allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

You can find out which cookies and services are used on this website in this privacy policy.

Server log files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• browser type and browser version
• Operating system used
• referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of his website -the server log files must be collected for this purpose.

Contact form

 

If you send us an enquiry via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, insofar as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing it no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions - in particular retention periods - remain unaffected.

Enquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry, including all resulting personal data (name, enquiry), will be stored and processed by us for the purpose of processing your enquiry. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, insofar as your request is related to fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data you send to us via contact enquiries will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing it no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular statutory retention periods - remain unaffected.

 

Comment function on this website

For the comment function on this site, in addition to your comment, details of the time the comment was created, your e-mail address and, if you do not post anonymously, the user name you have chosen will be stored.

Storage of the IP address

Our comment function stores the IP addresses of users who post comments. Since we do not check comments on this website before they are published, we need this data in order to be able to take action against the author in the event of legal violations such as insults or propaganda.

Subscribe to comments

As a user of the site, you can subscribe to comments after registering. You will receive a confirmation email to verify that you are the owner of the email address provided. You can unsubscribe from this function at any time via a link in the info mails. The data entered in the context of subscribing to comments will be deleted in this case; if you use this data for other purposes and at another point (e.g. newsletter order), this data remains with us.

Storage period of the comments

The comments and the associated data are stored and remain on this website, until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments).

Legal basis

The storage of comments is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. All you need to do is send us an informal email. The legality of the data processing already carried out remains unaffected by the revocation.

Moodle service

Provision of the website and creation of log files

Description and scope of data processing:

Every time the Moodle is called up, data and information from the calling computer is automatically recorded.

The following data is collected:

• Information about the browser
• Operating system of the computer
• Internet service provider of the user
• IP address of the user
• Name, URL and transferred data volume of the retrieved file
• HTTP status code
• Date and time of access
• Websites from which the user's system accesses the website
• Websites accessed by the user's system via the website

The data is stored in the log files on the hosting server. This data is not stored together with other personal data of the user.

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing

The data is used to optimise the website and to ensure the security of the information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Normally, this is the case after 14 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

Learning Management System Moodle

Description and scope of data processing

The Moodle LMS is a learning management system and part of the blended learning infrastructure of the CABES Capacity Development Programme. It is based on the open source software https://moodle.org/. It is offered as a service with the aim of promoting (self-)learning by users and enabling the delivery of module components such as exercises. The availability of the platform and the content stored on it, regardless of time and place, also promotes accessibility for user groups who are, for example, very busy due to their occupation or care work.

Through the use of the LMS Moodle, personal data about users is stored.
1) Inventory data

All persons of legal age are able to create a user account on the LMS Moodle platform and are thus authorised to access the platform. The LMS Moodle user profile stores the person's first and last name, their email address and further data specified under a). In addition, each person with an account with the LMS Moodle receives a Moodle user ID.

2) Course data

The Moodle LMS stores the courses for which users are authorised and their roles. Users gain access to a course either through self-enrolment or through manual enrolment. This data on authorisations and roles is necessary for the system to function.

3) Usage data

Usage data is generated by the activities of users in the system. The actions they can perform depend on their roles. For each action within the Moodle LMS, the system automatically logs the following data:

• First name, last name and Moodle user ID of the person acting.
• If applicable, first name, last name and Moodle user ID of the persons concerned
• IP address of the calling device
• Date and time of the action
• Source of the call
• Action (incl. description)
• Affected course or context.

4) Content data

Content data is also created by the users themselves and depending on their role. Users can create content for example in: Polls, feedback surveys, hyperlinks, calendars, group management, tasks, tests, interactive content, ratings, forums, glossaries or wikis. Uploaded files also count as content data.

This category of data also includes ratings, which are given for rated activities. Assessments can either be done automatically by the system, as with electronic self-tests, or manually by the roles of "lecturer" and "administrator", as with assignments. In the case of automatic assignment of assessments, persons with the role of "lecturer" or " administrator " make the underlying default settings and have the possibility to check and correct them manually.

In addition to the previously mentioned data, further data may be collected on our platform:

1. If you have registered with the platform "CABES E-Learning" and are logged in with your access data when using the platform, we collect further data. To set up a personal access to the "blended learning platform Moodle", the electronic storage of the following personal data is necessary:

• Name
• First name
• Login name
• E-Mail address
• City of residence
• Country of residence
• Gender
• Age group
• Nationality
• Professional Affiliation
• Interest in becoming a CABES trainer

Activity data
In addition to the information provided during registration, some of which is automatically generated and some of which is additionally entered by the user, the "Moodle" software on which the learning platform is based, records in a database at what time which users access which components of the course offerings or profiles of other users.
Depending on the design of the individual course, it is also recorded whether participants have completed assignments, whether and what contributions they have made in any forums offered, and whether and how they have participated in workshops.

Data that is stored may include:

• login/logout time (this data can only be viewed by the administrator on an ad hoc basis).
• data that accrue with the use of the learning activities (e.g. access to offers; completion of tasks; contributions in forums, workshop, glossary ...). This data can be viewed by the course lecturer and, depending on the learning activity used, by the participant or the members of the learning group.

 

1. Moodle reports are reports that can be drawn about the collective or individual use of the platform

• Reports on access figures
• Reports on user activities
• Aggregated and anonymised reports on gender, nationality and professional background are used to fulfil obligations to the funding agency and therefore represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
• Reports on course participation are used to check for legitimacy for a course certificate and therefore represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
  These can only be viewed by the Moodle administrators.

We are not knowingly collecting data from minors. If a legal guardian is informing us about an unrightful registration by a minor, we will delete the account.

Legal basis for data processing

The processing of the inventory data of users is necessary for the performance of the tasks of the platform for capacity building in the context of the project description of CABES. The processing of this data is based on Art. 6, Para. 1, lit. e GDPR.

The processing of the usage and content data is also carried out on the basis of Art. 6, Para. 1, lit. e GDPR.

Purpose of data processing

The processing of personal data in the Moodle LMS is carried out in accordance with Art. 5, Para. 1, lit. b and c GDPR for a specific purpose and in accordance with the principle of data minimisation. Inventory, course, usage and content data are processed for the purpose of preparing, organising, implementing, conducting and evaluating courses, trainings and workshops, communicating teaching content and monitoring learning success. The usage data is also used for the purpose of administration and maintenance of the system, technical controlling, troubleshooting in the event of technical problems or clarifying security incidents.

The data is additionally stored for the purpose of the reporting of key performance indicators to the funding agency. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.

Duration of storage

The data will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing it no longer applies (e.g. after the learning platform is determined). Mandatory legal provisions - in particular statutory retention periods - remain unaffected.

Additional note on scientific research purposes

Based on Art. 6, Para. 1, lit. e GDPR, as well as Art. 89 GDPR, the data may also be processed for scientific research purposes and for statistical purposes without consent, if the processing is necessary for these purposes and the data subject's legitimate interests are not overridden. The data shall be anonymised as soon as this is possible according to the statistical purpose. The data shall be deleted as soon as the statistical purpose permits.

Moodle Cookies

When you use Moodle, there are two cookies stored locally on your computer:

• The main cookie is called MoodleSession by default. In order to access all Moodle pages after logging in, you must agree to this cookie being stored. When you log out or close your browser, this cookie is automatically deleted.
• The second cookie, MoodleID, auto-fills the login name field the next time you want to sign in. It is auto-deleted after two months.

In the following, we describe how you can prevent tracking by means of cookies through our website or delete the cookies:

• You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the functions of this website.
• In addition, you can delete the cookies we have set at any time in your browser settings. If you delete your cookies in the browser, this will have the effect that your cookie settings for our website will also be deleted. When you visit our site afterwards, you will therefore be asked again via our cookie banner to make the desired settings.

Links to external offers

On our website we link to various external offers such as external websites or external services.

Please note that when you click on the link, you are visiting an external offer with different data protection provisions. We have no influence on the type and scope of data processing by such external providers. Your rights in this regard and setting options for protecting your privacy can be found in the respective data protection information of the external offer. Please note that the data protection provisions of these external offers may be updated or changed, e.g. due to extended functionalities.

 

5. Plugins und Tools

YouTube with extended data protection

This website embeds videos from the website YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, with this mode YouTube does not store any information about visitors to this website before they view the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, regardless of whether you watch a video or not, YouTube establishes a connection to the Google DoubleClick network.

As soon as you start a YouTube video on this website, a connection is established to the servers of YouTube. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube may store various cookies on your terminal device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way YouTube can obtain information about visitors to this website. This information is used, among other things to collect video statistics, improve the user experience and prevent fraud attempts.

If necessary, further data processing processes may be triggered after the start of a YouTube video which we have no influence over.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent allows the storage of cookies or the access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information about data protection at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.
Opt-out-link: https://tools.google.com/dlpage/gaoptout?hl=de

6. Audio and video conferencing

Data processing

We use online conference tools, among other things, to communicate with our clients. The individual tools we use are listed below. If you communicate with us via video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all the data that you provide/use to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "contextual information" related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data that is required for handling the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.

If content is exchanged, uploaded or otherwise made available within the tool, this content is also stored on the servers of the tool providers. Such content includes in particular cloud recordings, chat/ instant messages, voicemails uploaded photos and videos, files, whiteboards and other information shared while using the Service.

Please note that we do not have full influence on the data processing procedures of the tools used. Our options depend to a large extent on the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection declarations of the respective tools used, which we have listed below this text.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of the communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. b DGPR). If consent has been requested, the tools in question are used on the basis of this consent. The consent can be revoked at any time with effect for the future.

Storage period

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools.

Conference tools used

We use the following conference tools:

Zoom

We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in the Zoom privacy policy:
https://zoom.us/de-de/privacy.html.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:
https://zoom.us/de-de/privacy.html.
Opt-out-link: https://zoom.us/cookie-policy

Order processing

We have concluded an order processing agreement for the use of the above-mentioned service. This is a contract required under data protection law, which guarantees that the personal data of our website visitors will only be processed in accordance with our instructions and in compliance with the GDPR.

 

Privacy Notice für den Moodle-Server of CoKnow Consulting, Germany

1. Data protection at a glance

General note

The following information provides an overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find his contact details in the section "Person in charge and data protection officer" in this data protection declaration.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This can be, for example data that you enter in a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of the page visit). This data is collected automatically as soon as you visit this website.

What do we use your data for?

Part of the data is collected in order to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right to receive information free of charge about the origin, recipient and purpose of your personal data stored at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the responsible data protection authority. You can contact us at any time about this and other questions on the subject of data protection.

2. Hosting

We host the content of our website with the following provider:

External hosting

This website is hosted externally. The personal data collected on this website, is stored on the servers of the hoster. This may include, but is not limited to, IP addresses, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b General Data Protection Regulation (GDPR)) and in the interest of a secure, fast and efficient provision of our online service by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 of the German “Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei Telemedien„ (TTDSG) insofar as the consent allows the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting). The consent can be revoked at any time.

Our hoster will only process your data to the extent that this is necessary for the fulfilment of service obligations and comply with our instructions in relation to this data.

We use the following hoster:
Ballensiefen IT
Andre Ballensiefen
Birkenweg 47a
53842 Troisdorf
Germany

Order processing

We have concluded an order processing agreement for the use of the above-mentioned service. This is a contract required under data protection law, which guarantees that the personal data of our website visitors will only be processed in accordance with our instructions and in compliance with the GDPR.

3. General notes and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this data protection declaration.

When you use this website, various personal data are collected. Personal data is data by which you can be personally identified. This Privacy Policy explains what information we collect and how we use it. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Note on the responsible office

The controller within the meaning of the GDPR and other national data protection laws of the Member States as well as other provisions of data protection law is:

University of Bonn
Center for Development Research (ZEF)
Genscheralle 3
53113 Bonn
Germany

Department of Ecology and Natural Resources Management (ZEF C)
Executive Director of ZEF: Prof. Dr. Christian Borgemeister
Contact: Sabine Aengenendt-Baer
Tel: +49 (0) 228 / 73-18 65
Fax: +49 (0) 228 / 73-18 89
Email: s.aengenendt-baer(at)uni-bonn.de
Website: www.zef.de

The data controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Duration of storage

Unless a more specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted, unless we have other legally permissible reasons for storing your (e.g. retention periods under tax or commercial law). In the latter case, the data will be deleted after these reasons have ceased to apply.

General information on the legal basis of data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you consent to the storage of cookies or to the access to information in your device (e.g. via device fingerprinting), the data processing will also be carried out on the basis of § 25 para. 1 of the German “Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei Telemedien„ (TTDSG). The consent can be revoked at any time. If your data is required to fulfil a contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data insofar as it is required to fulfil legal obligations on the basis of Art. 6 para. 1 lit. c GDPR. Furthermore, the data processing may be based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this data protection declaration.

Name and address of the data protection officer

We have appointed a data protection officer.

Official data protection officer:
Dr. Jörg Hartmann
Genscherallee 3
53113 Bonn
Germany
Email: joerg.hartmann@uni-bonn.de
Tel: + 49 (0)228 -73 – 6758

Deputy:
Eckhard Wesemann
Dezernat 1
Regina-Pacis-Weg 3
53113 Bonn
Germany
Email: wesemann@verwaltung.uni-bonn
Tel: + 49 (0)228 -73 - 7278

Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out, that US authorities (e.g. intelligence services) may process, analyse and use your data on US servers for surveillance purposes and evaluate and permanently store your data. We have no influence on these processing activities.

Recipients of personal data

In the course of our business activities, we cooperate with various external bodies. In the process personal data must sometimes also be transferred to these external bodies. We only pass on personal data to external bodies if this is necessary within the scope of a fulfilment of a contract, if we are legally obliged to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest in the transfer of data in accordance with Art. 6 Para. 1 lit. f GDPR, or if another legal basis permits the transfer of data. When using processors, we only pass on personal data of our customers on the basis of a valid contract on commissioned processing. In the event of joint processing, a contract on joint processing is concluded.

Revoking your consent to data processing

Many data processing operations are only possible with your explicit consent. You can revoke a consent you have given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the collection of data in specific cases and to Direct advertising (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F OF THE GDPR

YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO A PROFILING BASED ON THESE PROVISIONS. YOU CAN FIND THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED IN THIS PRIVACY POLICY.

IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO THE PROFILING, AS FAR AS IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION ACCORDING TO ART. 21 PARA. 2 GDPR).

Right of appeal to the competent supervisory authority

In the event of a contravention of the GDPR, data subjects have the right to lodge a complaint with an authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. The right of appeal exists regardless of any other administrative or judicial remedies.

 

Data portability rights

You have the right to obtain the data which we process automatically on the basis of your consent or in fulfilment of a contract in a common, machine-readable format, or to have this data handed over to a third party. If you request the direct transfer of the data to another person responsible this will only be done insofar as it is technically feasible.

Information, correction and deletion

 

Within the framework of the applicable legal provisions, you have the right to receive information about your stored personal data, the origin, recipients and the purpose of the data at any time and free of charge. This also applies to the purpose of the data processing. You have, if applicable, the right to have this data corrected or deleted. For this and other questions on the subject of personal data, you can contact us at any time.

Right to restrict processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. The right to restriction of processing exists in the following cases:

• If you dispute the accuracy of your personal data stored with us, we normally require time to check this. For the duration of the check, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data has happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
• If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of the deletion.
• If you have lodged an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data - apart from it being

stored – can only legally be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

SSL and TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator.

You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. data collection on this website

Cookies

Our Internet pages use so-called "cookies". Cookies are small data packets and do not cause harm to your terminal device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behaviour or for advertising purposes.

Cookies, which are used to carry out the electronic communication process, to provide functions you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies for measuring the web audience) (necessary cookies), are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time.

You can set your browser to inform you when cookies are set and to allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

You can find out which cookies and services are used on this website in this privacy policy.

Server log files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• browser type and browser version
• Operating system used
• referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of his website -the server log files must be collected for this purpose.

Contact form

 

If you send us an enquiry via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, insofar as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing it no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions - in particular retention periods - remain unaffected.

Enquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry, including all resulting personal data (name, enquiry), will be stored and processed by us for the purpose of processing your enquiry. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, insofar as your request is related to fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data you send to us via contact enquiries will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing it no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular statutory retention periods - remain unaffected.

 

Comment function on this website

For the comment function on this site, in addition to your comment, details of the time the comment was created, your e-mail address and, if you do not post anonymously, the user name you have chosen will be stored.

Storage of the IP address

Our comment function stores the IP addresses of users who post comments. Since we do not check comments on this website before they are published, we need this data in order to be able to take action against the author in the event of legal violations such as insults or propaganda.

Subscribe to comments

As a user of the site, you can subscribe to comments after registering. You will receive a confirmation email to verify that you are the owner of the email address provided. You can unsubscribe from this function at any time via a link in the info mails. The data entered in the context of subscribing to comments will be deleted in this case; if you use this data for other purposes and at another point (e.g. newsletter order), this data remains with us.

Storage period of the comments

The comments and the associated data are stored and remain on this website, until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments).

Legal basis

The storage of comments is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. All you need to do is send us an informal email. The legality of the data processing already carried out remains unaffected by the revocation.

Moodle service

Provision of the website and creation of log files

Description and scope of data processing:

Every time the Moodle is called up, data and information from the calling computer is automatically recorded.

The following data is collected:

• Information about the browser
• Operating system of the computer
• Internet service provider of the user
• IP address of the user
• Name, URL and transferred data volume of the retrieved file
• HTTP status code
• Date and time of access
• Websites from which the user's system accesses the website
• Websites accessed by the user's system via the website

The data is stored in the log files on the hosting server. This data is not stored together with other personal data of the user.

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing

The data is used to optimise the website and to ensure the security of the information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Normally, this is the case after 14 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

Learning Management System Moodle

Description and scope of data processing

The Moodle LMS is a learning management system and part of the blended learning infrastructure of the CABES Capacity Development Programme. It is based on the open source software https://moodle.org/. It is offered as a service with the aim of promoting (self-)learning by users and enabling the delivery of module components such as exercises. The availability of the platform and the content stored on it, regardless of time and place, also promotes accessibility for user groups who are, for example, very busy due to their occupation or care work.

Through the use of the LMS Moodle, personal data about users is stored.
1) Inventory data

All persons of legal age are able to create a user account on the LMS Moodle platform and are thus authorised to access the platform. The LMS Moodle user profile stores the person's first and last name, their email address and further data specified under a). In addition, each person with an account with the LMS Moodle receives a Moodle user ID.

2) Course data

The Moodle LMS stores the courses for which users are authorised and their roles. Users gain access to a course either through self-enrolment or through manual enrolment. This data on authorisations and roles is necessary for the system to function.

3) Usage data

Usage data is generated by the activities of users in the system. The actions they can perform depend on their roles. For each action within the Moodle LMS, the system automatically logs the following data:

• First name, last name and Moodle user ID of the person acting.
• If applicable, first name, last name and Moodle user ID of the persons concerned
• IP address of the calling device
• Date and time of the action
• Source of the call
• Action (incl. description)
• Affected course or context.

4) Content data

Content data is also created by the users themselves and depending on their role. Users can create content for example in: Polls, feedback surveys, hyperlinks, calendars, group management, tasks, tests, interactive content, ratings, forums, glossaries or wikis. Uploaded files also count as content data.

This category of data also includes ratings, which are given for rated activities. Assessments can either be done automatically by the system, as with electronic self-tests, or manually by the roles of "lecturer" and "administrator", as with assignments. In the case of automatic assignment of assessments, persons with the role of "lecturer" or " administrator " make the underlying default settings and have the possibility to check and correct them manually.

In addition to the previously mentioned data, further data may be collected on our platform:

1. If you have registered with the platform "CABES E-Learning" and are logged in with your access data when using the platform, we collect further data. To set up a personal access to the "blended learning platform Moodle", the electronic storage of the following personal data is necessary:

• Name
• First name
• Login name
• E-Mail address
• City of residence
• Country of residence
• Gender
• Age group
• Nationality
• Professional Affiliation
• Interest in becoming a CABES trainer

Activity data
In addition to the information provided during registration, some of which is automatically generated and some of which is additionally entered by the user, the "Moodle" software on which the learning platform is based, records in a database at what time which users access which components of the course offerings or profiles of other users.
Depending on the design of the individual course, it is also recorded whether participants have completed assignments, whether and what contributions they have made in any forums offered, and whether and how they have participated in workshops.

Data that is stored may include:

• login/logout time (this data can only be viewed by the administrator on an ad hoc basis).
• data that accrue with the use of the learning activities (e.g. access to offers; completion of tasks; contributions in forums, workshop, glossary ...). This data can be viewed by the course lecturer and, depending on the learning activity used, by the participant or the members of the learning group.

 

1. Moodle reports are reports that can be drawn about the collective or individual use of the platform

• Reports on access figures
• Reports on user activities
• Aggregated and anonymised reports on gender, nationality and professional background are used to fulfil obligations to the funding agency and therefore represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
• Reports on course participation are used to check for legitimacy for a course certificate and therefore represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
  These can only be viewed by the Moodle administrators.

We are not knowingly collecting data from minors. If a legal guardian is informing us about an unrightful registration by a minor, we will delete the account.

Legal basis for data processing

The processing of the inventory data of users is necessary for the performance of the tasks of the platform for capacity building in the context of the project description of CABES. The processing of this data is based on Art. 6, Para. 1, lit. e GDPR.

The processing of the usage and content data is also carried out on the basis of Art. 6, Para. 1, lit. e GDPR.

Purpose of data processing

The processing of personal data in the Moodle LMS is carried out in accordance with Art. 5, Para. 1, lit. b and c GDPR for a specific purpose and in accordance with the principle of data minimisation. Inventory, course, usage and content data are processed for the purpose of preparing, organising, implementing, conducting and evaluating courses, trainings and workshops, communicating teaching content and monitoring learning success. The usage data is also used for the purpose of administration and maintenance of the system, technical controlling, troubleshooting in the event of technical problems or clarifying security incidents.

The data is additionally stored for the purpose of the reporting of key performance indicators to the funding agency. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.

Duration of storage

The data will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing it no longer applies (e.g. after the learning platform is determined). Mandatory legal provisions - in particular statutory retention periods - remain unaffected.

Additional note on scientific research purposes

Based on Art. 6, Para. 1, lit. e GDPR, as well as Art. 89 GDPR, the data may also be processed for scientific research purposes and for statistical purposes without consent, if the processing is necessary for these purposes and the data subject's legitimate interests are not overridden. The data shall be anonymised as soon as this is possible according to the statistical purpose. The data shall be deleted as soon as the statistical purpose permits.

Moodle Cookies

When you use Moodle, there are two cookies stored locally on your computer:

• The main cookie is called MoodleSession by default. In order to access all Moodle pages after logging in, you must agree to this cookie being stored. When you log out or close your browser, this cookie is automatically deleted.
• The second cookie, MoodleID, auto-fills the login name field the next time you want to sign in. It is auto-deleted after two months.

In the following, we describe how you can prevent tracking by means of cookies through our website or delete the cookies:

• You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the functions of this website.
• In addition, you can delete the cookies we have set at any time in your browser settings. If you delete your cookies in the browser, this will have the effect that your cookie settings for our website will also be deleted. When you visit our site afterwards, you will therefore be asked again via our cookie banner to make the desired settings.

Links to external offers

On our website we link to various external offers such as external websites or external services.

Please note that when you click on the link, you are visiting an external offer with different data protection provisions. We have no influence on the type and scope of data processing by such external providers. Your rights in this regard and setting options for protecting your privacy can be found in the respective data protection information of the external offer. Please note that the data protection provisions of these external offers may be updated or changed, e.g. due to extended functionalities.

 

5. Plugins und Tools

YouTube with extended data protection

This website embeds videos from the website YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, with this mode YouTube does not store any information about visitors to this website before they view the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, regardless of whether you watch a video or not, YouTube establishes a connection to the Google DoubleClick network.

As soon as you start a YouTube video on this website, a connection is established to the servers of YouTube. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube may store various cookies on your terminal device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way YouTube can obtain information about visitors to this website. This information is used, among other things to collect video statistics, improve the user experience and prevent fraud attempts.

If necessary, further data processing processes may be triggered after the start of a YouTube video which we have no influence over.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent allows the storage of cookies or the access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information about data protection at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.
Opt-out-link: https://tools.google.com/dlpage/gaoptout?hl=de

6. Audio and video conferencing

Data processing

We use online conference tools, among other things, to communicate with our clients. The individual tools we use are listed below. If you communicate with us via video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all the data that you provide/use to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "contextual information" related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data that is required for handling the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.

If content is exchanged, uploaded or otherwise made available within the tool, this content is also stored on the servers of the tool providers. Such content includes in particular cloud recordings, chat/ instant messages, voicemails uploaded photos and videos, files, whiteboards and other information shared while using the Service.

Please note that we do not have full influence on the data processing procedures of the tools used. Our options depend to a large extent on the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection declarations of the respective tools used, which we have listed below this text.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of the communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. b DGPR). If consent has been requested, the tools in question are used on the basis of this consent. The consent can be revoked at any time with effect for the future.

Storage period

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools.

Conference tools used

We use the following conference tools:

Zoom

We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in the Zoom privacy policy:
https://zoom.us/de-de/privacy.html.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:
https://zoom.us/de-de/privacy.html.
Opt-out-link: https://zoom.us/cookie-policy

Order processing

We have concluded an order processing agreement for the use of the above-mentioned service. This is a contract required under data protection law, which guarantees that the personal data of our website visitors will only be processed in accordance with our instructions and in compliance with the GDPR.