Política de privacidad

Bienvenido/a al Aviso de Privacidad de BSBI

BSBI respeta su privacidad y se compromete a proteger sus datos personales. Esta Política de Privacidad describe cómo protegemos sus datos personales cuando visita nuestros sitios web (independientemente del lugar desde el que acceda), qué derechos le asisten como interesado y cómo la ley protege dichos derechos.

Esta Política de Privacidad ha sido elaborada en formato por capas, de modo que puede acceder a las distintas secciones que se enumeran a continuación. Asimismo, consulte el Glosario en la Sección 16 para conocer la explicación de determinados términos utilizados en esta Política de Privacidad.

IMPORTANT INFORMATION AND WHO WE ARE
OSANO (COOKIES)
WHAT DATA WE COLLECT FROM YOU
HOW WE COLLECT YOUR PERSONAL DATA
HOW WE USE YOUR PERSONAL DATA
THE PURPOSES, FOR WHICH YOUR PERSONAL DATA ARE USED
HOW WE USE CONFIDENTIAL PERSONAL DATA (SPECIAL CATEGORY DATA)
DISCLOSING YOUR PERSONAL DATA
INTERNATIONAL DATA TRANSFERS
DATA SECURITY
DATA STORAGE
YOUR LEGAL RIGHTS
SOCIAL MEDIA
ANALYTICAL TOOLS AND ADVERTISING
PLUG-INS AND TOOLS
GLOSSARY

Finalidad de este Aviso de Privacidad

La finalidad de esta Política de Privacidad es informarte sobre cómo BSBI recopila y trata tus datos personales, incluidos todos los datos que nos facilites a través de este sitio web en cualquiera de las siguientes situaciones:

cuando accedas a nuestro sitio web a través de una red social como Facebook, Twitter, Instagram o LinkedIn;
cuando completes un formulario de solicitud de información o de devolución de llamada;
cuando te registres en nuestro sitio web para solicitar un curso o programa de estudios, un seminario para empresas/directivos o cursos de formación continua (aprendizaje online, a distancia o presencial), tanto si presentas la solicitud para ti como para empleados u otros miembros de tu organización que sean o pasen a ser nuestros clientes;
cuando te suscribas para recibir comunicaciones de marketing; o
cuando nos facilites tus datos personales por cualquier otro medio.

Este sitio web no está dirigido a menores y no recopilamos deliberadamente datos relativos a personas menores de 16 años. No obstante, en caso de que BSBI trate datos personales de menores de 16 años en el marco de sus actividades comerciales, nos aseguramos de adoptar las medidas de seguridad adecuadas y de contar con el consentimiento de un padre, madre o tutor legal. Para más información, puedes escribir a dpo@berlinsbi.com.

Es importante que leas esta Política de Privacidad, así como cualquier otra política de privacidad o documento relativo al tratamiento adecuado de datos que publiquemos en relación con situaciones específicas en las que recopilemos o tratemos tus datos personales, para que comprendas por qué y cómo utilizamos tus datos.

Esta Política de Privacidad complementa dichas políticas, pero no las sustituye.

1. Información importante y quiénes somos

Responsable del tratamiento

Este sitio web se gestiona en nombre de Berlin School of Business and Innovation GmbH, una sociedad registrada en Alemania con el nº HRB 190515 B en el Juzgado Local de Charlottenburg (Berlín), con domicilio social en Alte Post, Karl-Marx-Straße 97-99, 12043 Berlín.

BSBI forma parte de Global University Systems B.V., un grupo compuesto por distintas entidades jurídicas. Puedes consultar más información aquí: https://www.globaluniversitysystems.com/.

Hemos designado a un Delegado de Protección de Datos (DPD/DPO), responsable de atender cualquier cuestión relacionada con esta Política de Privacidad. Si tienes preguntas sobre esta Política, incluyendo cómo ejercer tus derechos legales, puedes ponerte en contacto con el DPO a través de los datos que figuran a continuación.

Información de contacto

Datos completos de contacto:

Entidad responsable del tratamiento:
Berlin School of Business and Innovation GmbH (en adelante, BSBI)

Coordinación interna de protección de datos:
dpo@berlinsbi.com

Delegado de Protección de Datos:
Lukas Wagner LL.M.
HK2 Comtection GmbH
Hausvogteiplatz 11 A
10117 Berlín
wagner@comtection.de

Tienes derecho a presentar una reclamación en cualquier momento ante el Comisionado Estatal para la Protección de Datos y la Libertad de Información de Berlín, autoridad supervisora competente en materia de protección de datos y libertad de información en Berlín (https://www.datenschutz-berlin.de/).

No obstante, preferimos que nos contactes previamente para poder atender cualquier inquietud relacionada con la protección de datos antes de acudir a la autoridad de control en Berlín u otra autoridad competente. Por ello, te rogamos que te pongas en contacto con nosotros en primera instancia.

Modificaciones de la Política de Privacidad y obligación de notificarnos cambios

Esta versión fue actualizada por última vez el 10/06/2024. Puedes solicitarnos copias de versiones anteriores.

Podremos modificar ocasionalmente determinadas partes de esta Política. Cualquier cambio futuro se publicará en esta página. Te recomendamos revisarla periódicamente para mantenerte informado sobre posibles actualizaciones o modificaciones.

Es importante que los datos personales que conservamos sobre ti sean correctos y estén actualizados. Te rogamos que nos informes si tus datos personales cambian durante el transcurso de tu relación comercial con nosotros.

Enlaces a terceros

Este sitio web puede contener enlaces a páginas web, complementos o aplicaciones de terceros. Al hacer clic en dichos enlaces o establecer conexión con ellos, consientes que dichos terceros puedan recopilar o compartir tus datos. No tenemos control sobre estas páginas web de terceros y no somos responsables de sus políticas de privacidad. Si accedes a otras páginas desde nuestro sitio web, te recomendamos que leas las políticas de privacidad de cada una de ellas.

2. Osano (Cookies)

Nuestro sitio web utiliza la tecnología de consentimiento de Osano para obtener tu consentimiento para el almacenamiento de determinadas cookies en tu dispositivo o para el uso de ciertas tecnologías, así como para documentar dicho consentimiento conforme a la normativa de protección de datos. El proveedor de esta tecnología es Osano, Inc., 3800 North Lamar Blvd, Suite 200, Austin, Texas 78756, EE. UU. (en adelante, “Osano”).

Cuando accedes a nuestro sitio web, se establece una conexión con los servidores de Osano con el fin de obtener tu consentimiento y otras declaraciones relativas al uso de cookies. Posteriormente, Osano almacena una cookie en tu navegador para poder atribuirte los consentimientos otorgados o retirados. Los datos recopilados en este proceso se conservarán hasta que solicites su eliminación, elimines la cookie de Osano o deje de existir la finalidad para la que fueron almacenados. Los plazos de conservación obligatorios establecidos por ley no se verán afectados.

Según Osano, los datos relativos a los visitantes europeos del sitio web permanecen dentro de la UE, ya que se procesan exclusivamente en servidores regionales.

Osano se utiliza para obtener tu consentimiento para el uso de cookies conforme a lo exigido por la ley. La base jurídica es el artículo 6.1.c) del RGPD.

La empresa está certificada conforme al “EU-US Data Privacy Framework” (DPF). El DPF es un acuerdo entre la Unión Europea y Estados Unidos destinado a garantizar el cumplimiento de los estándares europeos de protección de datos en el tratamiento de datos en EE. UU. Todas las empresas certificadas en el marco del DPF se comprometen a cumplir estos estándares. Más información disponible en:
https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000Tct1AAC&status=Active

Tratamiento de datos por Osano

Hemos suscrito un contrato de encargado del tratamiento (DPA) relativo al uso del servicio mencionado. Este contrato constituye un requisito legal en materia de protección de datos y garantiza que el proveedor procese los datos personales de los usuarios de nuestro sitio web únicamente conforme a nuestras instrucciones y en cumplimiento del RGPD.

3. Qué datos recopilamos sobre ti

Los datos personales o información personal son todos aquellos datos relativos a una persona física que permiten identificarla. Los datos anónimos no se consideran datos personales.

A continuación, enumeramos las distintas categorías de datos personales que recopilamos, utilizamos, almacenamos y transmitimos:

Datos académicos: información relevante para tu admisión, incluyendo estudios previos, certificados académicos y formativos, acreditaciones, cartas de motivación, CV, expedientes académicos y referencias.

Datos identificativos: nombre, nombre de nacimiento, apellidos, nombre de usuario, estado civil, título, fecha de nacimiento, sexo, número de seguro, número de estudiante, nacionalidad, situación de residencia, declaración de discapacidad, número de referencia de terceros si procede, y fotografías.

Datos de contacto: dirección de facturación, dirección durante el periodo académico, domicilio permanente, país de residencia, correo electrónico y números de teléfono.

Datos de contacto en caso de emergencia: nombre y datos de contacto de familiares o personas de referencia.

Datos laborales (si tu empleador financia tu formación): datos del empleador, fecha de inicio y finalización, número de seguro, puesto o cargo y datos de contacto profesionales.

Datos financieros: información sobre préstamos estudiantiles, datos bancarios y datos de tarjetas.

Datos de marketing y comunicaciones: preferencias sobre cómo deseas recibir comunicaciones comerciales y cómo deseas que contactemos contigo.

Datos de perfil: nombres de usuario y contraseñas, consultas, compras o tareas realizadas, intereses, preferencias, comentarios y respuestas a encuestas.

Datos del estudiante: dirección durante el curso y domicilio habitual, identificación con fotografía, área de interés, curso o programa seleccionado, progreso académico y resultados, asistencia a seminarios y exámenes, calificaciones, asistencia a eventos, información sobre mentores y tutorías, medidas disciplinarias, reclamaciones, circunstancias personales, recursos, y cualquier otra información requerida por organismos profesionales o de acreditación.

Datos de verificación y notificación: información que deba comunicarse a terceros por motivos regulatorios.

Datos de transacciones: pagos realizados y recibidos, así como información sobre productos o servicios contratados.

Datos técnicos: dirección IP, datos de inicio de sesión, tipo y versión de navegador, zona horaria, sistema operativo y otras tecnologías del dispositivo.

Datos de uso: información sobre cómo accedes y utilizas nuestro sitio web y servicios, duración de visitas y comportamiento de navegación.

Datos de visado: para estudiantes internacionales, incluyendo pasaporte, visados previos y documentación financiera acreditativa.

También utilizamos datos agregados (estadísticos o demográficos) que no permiten tu identificación directa o indirecta. Si dichos datos se combinan con datos personales que permitan tu identificación, se tratarán conforme a esta Política de Privacidad.

Categorías especiales de datos

Al solicitar un curso o programa, podremos preguntarte si tienes alguna discapacidad. No estás obligado a comunicarlo, pero en caso de hacerlo nos ayudará a cumplir nuestras obligaciones legales.

Falta de comunicación de datos

Si estamos obligados a recopilar determinados datos personales por ley o en virtud de un contrato contigo y no los facilitas, no podremos cumplir dicho contrato (por ejemplo, prestar servicios). En ese caso, podríamos cancelar el servicio solicitado, informándote previamente.

4. Cómo recopilamos tus datos personales

Utilizamos distintos métodos para recopilar datos:

Interacciones directas

Cuando completas formularios o te comunicas con nosotros por correo, teléfono o email, por ejemplo al:

solicitar nuestros productos o servicios;
crear una cuenta;
suscribirte a publicaciones;
solicitar información comercial;
participar en encuestas;
enviarnos comentarios.

Tecnologías automatizadas

Recopilamos automáticamente datos técnicos sobre tu dispositivo y comportamiento de navegación mediante cookies y tecnologías similares.

Fuentes de terceros o públicas

Podemos recibir datos personales de terceros como:

Servicios de análisis (Google Analytics, Google Tag Manager, Facebook, Instagram, etc.).
Redes publicitarias (Google, Facebook, Bing, LinkedIn, etc.).
Motores de búsqueda y redes sociales.
Proveedores de servicios técnicos y de pago (como Stripe).
Servicios de captación de datos.
Fuentes públicas en la UE (por ejemplo, el censo electoral).
Otras instituciones educativas, mentores, empleados o UCAS.

5. Cómo utilizamos tus datos personales

Solo utilizamos tus datos personales cuando la ley lo permite. Normalmente lo hacemos en los siguientes supuestos:

Cuando sea necesario para ejecutar un contrato contigo.
Cuando exista un interés legítimo nuestro o de un tercero y tus derechos no prevalezcan.
Cuando debamos cumplir una obligación legal o reglamentaria.

Por regla general, no basamos el tratamiento en el consentimiento, salvo en el caso del envío de comunicaciones comerciales por correo electrónico. Puedes retirar tu consentimiento en cualquier momento escribiendo a dpo@berlinsbi.com o haciendo clic en el enlace de baja incluido en los correos electrónicos.

6. The purposes, for which your personal data are used

Below you will find a description of all the ways, in which your personal data are used and the legal grounds, on which these uses are based. Where applicable, we have also provided information on our legitimate interest.

Depending on the purpose, for which we are using your data, the processing of your personal data may be based on more than one legal ground.

Purpose / Action	Type of data	Legal grounds for processing, including on grounds of legitimate interest
Students or future students
To respond to your request for a call back or reply via e-mail and to respond to course enquiries and applications	(a) Contact data	Fulfilling a contract with you (in the expectation of concluding a contract with you)
To sign you up/register you as a new user and issue an enrolment number/a student ID	(a) Identity data (b) Contact data (c) College data	Fulfilling a contract with you
Direct marketing relating to discounts and offers for students, university activities and events and services or job prospects and from or relating to professional and trade associations who wish to speak to students about job prospects To advertise the university or faculty using prospectuses which contain images of current students. Direct marketing includes cookie-based remarketing services, the aim of which is to show you targeted adverts based on your internet search.	(a) Contact data	Consent
To process your application, and to render services including: (a) Managing payments, costs and fees (b) Collecting on moneys that are owed to us (c) Charging VAT	(a) Identity data (b) Contact data (c) Financial data (d) Transaction data (e) Marketing and communication data (f) College data	Fulfilling a contract with you Necessary for our legitimate interest (in order to collect on sums owed to us)
To manage our legal relationship with you, including: (a) Providing learning materials (b) Requesting a review or participation in a survey (c) Verifying attendance or change in student status. (e) Managing complaints and appeals and also matters concerning health, conduct, cheating and plagiarism (prohibited resources). (f) Awarding scholarships	(a) Identity data (b) Contact data (c) Profile data (d) Marketing and communication data	Fulfilling a contract with you Fulfilling a legal obligation Necessary for our legitimate interest (in order that our documentation is up-to-date and in order to analyse how students are using our products/services)
To review equality of opportunities (for some but not all institutions)	Gender, ethnicity, religion and citizenship	Legal obligation
Registration	(a) Identity data (b) Student data	Necessary in order to fulfil a contract
To make adjustments in order to comply with requirements regarding disabilities/medical conditions	Health data	Consent
To provide health support and first aid, evacuate in case of emergency, conduct risk assessments, review accidents	Health data	Interests essential to life Consent
Managing emergencies, accidents, health	Emergency contact/Details for next-of-kin	Interests essential to life Consent
To improve services, group students according to their performance etc. –	Student data (in particular learning analyses)	Legitimate interest

Customers (or future customers) of online courses and published media
To register new customers for online materials	(a) Identity data (b) Contact data	Fulfilling a contract with you
To process/fulfil/deliver a customer order, manage payments and fees To collect moneys owed Billing documents To defend against legal claims brought against us	(a) Identity data (b) Contact data (c) Financial data (d) Transaction data (e) Marketing and communication data	Fulfilling a contract with you Necessary for our legitimate interest (in order to collect on sums owed to us or defend against legal claims) Necessary in order to fulfil a legal claim
BSBI customers (including business customers)
To register customer with BSBI	(a) Identity data (b) Contact data	Fulfilling a contract with you
To process/fulfil/deliver our service to you, manage payments and fees, collect moneys owed, billing purposes To defend against legal claims brought against us	(a) Identity data (b) Contact data (c) Financial data (d) Transaction data (e) Marketing and communication data	Fulfilling a contract with you Necessary for our legitimate interest (in order to collect on sums owed to us or defend against legal claims) Necessary in order to fulfil a legal claim
BSBI suppliers
To register the supplier as a BSBI supplier	(a) Identity data (b) Contact data	Fulfilling a contract with you
To process and receive goods and services To manage payments and fees, billing purposes, to defend against claims brought against BSBI	(a) Identity data (b) Contact data (c) Financial data (d) Transaction data (e) Marketing and communication data	Fulfilling a contract with you Necessary for our legitimate interest (in order to defend against legal claims) Necessary in order to fulfil a legal claim
For all
HR management (applications for academic positions submitted via web form)	(a) Identity data (b) Contact data	Fulfilling a contract with a candidate
Customer relationship management, to update the Privacy Policy and notify you of the same, to update our Terms and Conditions and to inform you of the same To ask for your feedback, manage complaints	(a) Identity data (b) Contact data (c) Profile data (d) Marketing and communication data	Fulfilling a contract with you Fulfilling a legal obligation Necessary for our legitimate interest (continuous improvement/updating documents/analysing behaviour patterns among customers)
To enable respondents to participate in a survey	(a) Identity data (b) Contact data (c) Profile data (d) Usage data (e) Marketing and communication data	Necessary for our legitimate interest (continuous improvement/updating documents/analysing behaviour patterns among customers) Consent
To manage and protect our company and our website (including troubleshooting, data analysis, tests, system maintenance, support, reporting and data hosting)	(a) Identity data (b) Contact data (c) Technical data	Necessary for our legitimate interest (for managing our operations, providing administrative and IT services, network security, anti-fraud and in the context of reorganising the company or a restructuring of the group) Necessary in order to fulfil a legal obligation
To provide you with relevant website content and advertising and to measure and understand the effectiveness of the advertising we show you	(a) Identity data (b) Contact data (c) Profile data (d) Usage data (e) Marketing and communication data (f) Technical data	Necessary for our legitimate interest (in order to analyse how customers use our products/services in order to develop these, in order to grow our business and in order to adapt our marketing strategy) Consent obtained through cookies
To use data analytics services in order to improve our website, our products/services, our marketing, our business relationships and the experiences of our students and partners	(a) Technical data (b) Usage data	Necessary for our legitimate interest (in order to define customer types for our products/services so that our website is up-to-date and contains relevant information, in order to grow our business and in order to adapt our marketing strategy)
To make suggestions and recommendations regarding goods and services that may be of interest to you	(a) Identity data (b) Contact data (c) Technical data (d) Usage data (e) Profile data	Necessary for our legitimate interest (in order to develop our products/services and in order to grow our business) Consent

7. How we use confidential personal data (special category data)

We are legally obliged to fulfil additional requirements with respect to collecting, storing and using personal data that are regarded as “special category data”. We have appropriate security measures in place which we follow by law whenever processing such data. We process special categories of personal data in the following instances:

Purpose/Action	Type of data	Legal grounds for processing
Students or future students
In order to register you as a student, we must verify your residency status with BSBI	Citizenship data Residency data (information from visas and passports)	(a) Fulfilling a contract with you (b) Complying with legal obligations, e.g. with respect to German immigration authorities (and others)
To make necessary adjustments and provide necessary support in accordance with the corresponding learning needs	Data on disabilities Special education needs	(a) Fulfilling our legal obligations (pursuant to German Equality Act (Gleichstellungsgesetz) of 2010) (b) Explicit consent (information is provided voluntarily)
To review student absences* To process applications for extenuating circumstances To process applications for suspending or deferring studies To document dietary requirements	Medical data/Health data Doctor’s certificates Patient records (under certain circumstances)	(a) Fulfilling a contract with you (b) Explicit consent (information is provided voluntarily) (c) * Sometimes a visa states that a student must achieve a minimum level of attendance; in this case, we will request a doctor’s note for any absences so that we do not breach our obligations with respect to the German Foreign Office (Auswärtiges Amt)

The above information must also be used as legal grounds where applicable due to the enforcement of legal claims or in order to protect your interests (or the interests of another person) (if you lack the capacity to give consent, e.g. because of a health issue which makes it impossible for you to communicate).

Consent

You are not required to consent to specific types of processing in order to become a student with us. However, if you decide not to give us any consent, you will be unable to use certain services, such as support services.

We do not require your consent in cases where we use special categories of data pursuant to our legal obligations (and where we describe this in our written guidelines). In rare cases, we will ask for your explicit (written) consent to use special category data. When doing so, we will ensure that you receive a detailed explanation of what data we require and the reasons for this. You can then use this information to decide whether or not you wish to consent.

Marketing

We make every effort to ensure that you can choose if and how certain personal data are used, in particular with regards to marketing and advertising. We always give you the opportunity to decide if and how we use your personal data.

Marketing from us

You will receive marketing from us if you have requested information from us or if you have purchased products or services from us or if you have provided your contact details in a survey or feedback form and you have consented to the sending of marketing materials in this context (opt-in).

Opt-out

We will only ever send you marketing e-mails if you have explicitly consented (opt-in). You can ask us to stop sending you marketing at any time by clicking on the Opt-out/Unsubscribe links in the marketing materials you receive or by contacting the DPO directly at dpo@berlinsbi.com.

If you opt out of marketing or update your preferences, we will still keep those data which you have sent us when applying for a course or study programme or when purchasing other services or materials from us.

Cookies

You can adjust your browser settings to block all or some browser cookies or to receive a notification any time websites place cookies or access cookies. Please note that disabling or blocking cookies may affect the functionality of some parts of this website or prevent you from accessing the website entirely.

Change of purpose

We only ever use your personal data for those purposes, for which we collected them, unless we come to the conclusion, at our reasonable discretion, that we must use the data for another reason and that this reason is consistent with the original purpose (unless our processing was based on the legal grounds of consent). If you would like an explanation regarding the extent to which processing for this new purpose is consistent with the original purpose, please contact our DPO.

Any time we have to use your personal data for a purpose other than the specified purpose, we will notify you and explain the legal grounds which permit us to do so. Please note that we will process your personal data in accordance with the above regulations without your knowledge or consent, insofar as this is legally required or permitted.

8. Disclosing your personal data

We are required to disclose your personal data to the parties indicated below on the grounds listed in the table in Section 5.

Internal third parties pursuant to the Glossary.
External third parties pursuant to the Glossary.
Certain third parties as indicated in the Glossary.
Third parties, to whom we decide to sell or assign parts of our company or our assets or with whom we decide to merge. Alternatively, we may seek to buy other companies or merge with such. In the event of a change affecting our company, the new owners may use your personal data in the manner described in this Privacy Policy.

We require of all third parties that they observe the security of your personal data and treat such in accordance with the applicable law. We do not permit our third-party service providers to use your personal data for their own purposes and we permit them only to process your personal data for specific purposes and in accordance with our instructions.

9. International data transfers

We forward your data within the GUS Group. This involves transferring your data outside of the European Economic Area (EEA).

Some of our external third parties have their registered office outside of the European Economic Area (EEA), such that the processing of your personal data by these parties involves the transfer of data outside of the EEA.

Whenever we transfer your personal data outside of the EEA, we ensure that your data are protected in a comparable manner by ensuring that the following security measures are implemented as a minimum:

We only transfer your personal data to countries which, in the opinion of the European Commission, have an adequate level of data protection. You can get more information from the European Commission: Data protection adequacy in non-EU countries.
When utilising certain service providers, we use special contracts which have been approved by the European Commission and which provide for the same level of data protection as in Europe. You can get more information from the European Commission: Model contracts for transfer of personal data to third countries.
When using providers with registered offices in the USA, we only transfer data to these providers if they are subject to the regulations of the EU-US Privacy Shield which requires them to guarantee a comparable level of protection for personal data being transmitted between Europe and the USA. You can get more information from the European Commission: EU-US Privacy Shield.
You have explicitly consented to the relevant transfer once you have been informed that this transfer involves risks for you because the level of data protection is not adequate and appropriate security measures have not been taken.
The transfer is necessary in order to fulfil a contract between you and us as controller or in order to take steps at your request prior to entering into a contract.
The transfer is necessary in order to conclude or fulfil a contract which was concluded in your interest between you and us as controller and another natural or legal person.
The transfer is necessary for good cause in the public interest.
The transfer is necessary in order to establish, exercise or defend legal claims.
The transfer is necessary in order to protect your vital interests or the vital interests of other persons, insofar as you do not possess the physical or legal capacity to consent.

The transfer is conducted on the basis of a directory which, pursuant to the law of the European Union or a Member State, serves to inform the public and which is available to the general public or to persons who can demonstrate a legitimate interest, but only insofar as the requirements for inspection as set out in EU law or the law of a Member State are fulfilled in each case.

10. Data security

We have taken appropriate security measures to prevent the accidental loss, unauthorised use, modification and disclosure of or access to your personal data. We also restrict access to your personal data to those employees, agents, contractors and other third parties who require knowledge of such for business purposes. They process your personal data in accordance with our instructions only and are subject to confidentiality.

We have put in place procedures for reacting in the event that there is a suspicion that the security of your personal data may have been breached and we will inform you and all relevant regulatory authorities of any breaches, insofar as we are legally obliged to do so.

11. Data storage

How long do we use your personal data for?

We store your personal data only for as long as this is necessary for achieving the purposes, for which they were collected, including for the purposes of fulfilling legal, invoicing or reporting requirements.

In some cases, you may ask us to erase your data: please see below for more details. In some cases, we anonymise your personal data (such that they can no longer be attributed to you) for research and statistical purposes; in such cases, we use this information indefinitely without informing you.

12. Your legal rights

In certain cases, you have specific rights with regards to your personal data on the grounds of data protection regulations. Please click on the links below to find out more about these rights:

Requesting access to your personal data: You have the right to access your personal data (referred to as a “Subject access request”). You can receive a copy of the personal data we store concerning you and can check that we are processing these in accordance with the legal regulations.
Submitting: If you would like to submit a request to access your information, please contact us at BSBI, Alte Post Karl-Marx-Straße 97-99 12043 Berlin or via e-mail at dpo@berlinsbi.com.
What we need from you: We will have to ask you for certain pieces of information to confirm your identity and exercise your right to access your personal data (or to exercise other rights you have). This is a security measure for guaranteeing that personal data are not given out to persons who do not have the right to access such. Where applicable, we may also contact you in order to ask you for more information in regards to your request so that we can process your request faster.
Request for rectification of your personal data
You may have all data which we store concerning you which are incomplete or incorrect rectified. We will then review whether the new data you have provided us with are correct.
Request for erasure of your personal data
You can ask us to erase or remove your personal data, insofar as we do not have proper cause to continue processing such. You also have the right to ask us to erase or remove your personal data if you have successfully exercised your right to object to processing (see below), if we have processed your information unlawfully or if we are required to erase your personal data on the grounds of local legal regulations. However, please note that we will not always be able to fulfil your request for erasure due to certain legal grounds which we will inform you of as applicable when you submit your request.
Objecting to processing of your personal data
You can object to the processing of your personal data insofar as we are claiming a legitimate interest (or the legitimate interest of a third party) and insofar as you wish to object to the processing on grounds relating to your particular situation because you feel that your fundamental rights and freedoms are being negatively affected. You also have the right to object insofar as we process your personal data for direct marketing purposes. In some cases, we will demonstrate that we have compelling lawful grounds to process your information which override your rights and freedoms.
Request to restrict processing of your personal data
You can request that we restrict the processing of your personal data. You can request that we temporarily cease processing your personal data in the following cases: (a) you want us to ensure that the data are correct; (b) our use of the data is unlawful but you do not want us to erase the data; (c) we are required to store the data for you, even if we no longer require such because you require these data in order to establish, exercise or defend legal claims; or (d) you have objected to our processing of your data but we must determine whether we have overriding legal grounds for the processing.
Request for transfer of your personal data
You can exercise your right to have your personal data transferred to you or a third party. We will provide you or a third party, whom you name, with your personal data in a structured, common, machine-readable format. Please note that this right only applies to automated information, our use of which you initially consented to or which we have used in order to fulfil a contract with you.
Right to withdraw consent
This right applies only insofar as we obtain your consent to the processing of your personal data. The lawfulness of processing conducted before you withdraw your consent is not affected. We will no longer be able to offer you certain services if you withdraw your consent. We will tell you if this is the case when you withdraw your consent.

In certain cases, you can exercise your right to exclusion of processing by ticking certain options in the forms we use to collect your data. You can also contact us at dataprotection@gusgermany.de if you wish to exercise your rights.

Facebook

Elements of the social network Facebook have been integrated into this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. However, according to information provided by Facebook, the data collected are transferred to the USA and other third countries. You can find an overview of the Facebook social media elements here: https://developers.facebook.com/docs/plugins/?locale=en_EN.

When the social media element is active, a direct connection is established between your end device and the Facebook server. Consequently, Facebook is informed that you have visited this website from your IP address. If you click on the Facebook “Like” button while you are logged in to your Facebook account, you can link the content of this website on your Facebook profile. Consequently, Facebook can assign your visit to this website to your user account. Please note that as the operator of this website, we are not aware of the content of the data transmitted or the use of such by Facebook. More information is available in the Facebook Privacy Policy at: https://www.facebook.com/privacy/policy/.

The use of this service is based on your consent according to Article 6(1), point a) GDPR and S. 25(1) TTDSG (German Telecommunications and Telemedia Data Protection Act). You can withdraw this consent at any time. Insofar as personal data are collected on our website and transferred to Facebook using the tools described here, we act jointly as controller together with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 (Article 26 GDPR). This joint responsibility is limited exclusively to the collection of data and transfer of the same to Facebook. Processing of data by Facebook after this transfer does not fall under the scope of this joint responsibility. The obligations incumbent on us and Facebook jointly have been set out in an agreement on joint processing.

The wording of this agreement can be found here: https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing information on data protection when using the Facebook tool and for implementing the tool on our website securely and in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can enforce your rights as a data subject (e.g. subject access request) regarding data processed by Facebook directly with Facebook. If you enforce your rights as a data subject with us, we will be obliged to forward this information to Facebook. Details are available here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://www.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA which is intended to guarantee compliance with European data protection standards for data processed in the USA. All DPF-certified companies undertake to comply with these data protection standards. More information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000GnywAAC&status=Active

X (formerly Twitter)

Functions provided by the service X (formerly Twitter) have been integrated into this website. These functions are provided by the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The subsidiary, Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible for the processing of data of persons living outside of the USA. When the social media element is active, a direct connection is established between your end device and the X server. Consequently, X (formerly Twitter) is notified that you have visited this website. If you use X (formerly Twitter) and the “Retweet” or “Repost” function, the websites you have visited can be linked to your X (formerly Twitter) account and disclosed to other users. Please note that as the operator of this website, we are not aware of the content of the data transmitted or the use of such by X (formerly Twitter).

More information is available in the X (Formerly Twitter) Privacy Policy at: https://twitter.com/en/privacy.

The use of this service is based on your consent according to Article 6(1), point a) GDPR and S. 25(1) TTDSG (German Telecommunications and Telemedia Data Protection Act). You can withdraw this consent at any time. The transfer of data to the USA is based on the EU standard contractual clauses. For details, please see: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

You can change your privacy settings on X (formerly Twitter) in your account settings at https://twitter.com/account/settings.

Instagram

Functions provided by the service Instagram have been integrated into this website. These functions are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. When the social media element is active, a direct connection is established between your end device and the Instagram server. Consequently, Instagram is notified that you have visited this website. If you are logged in to your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. Consequently, Instagram can assign your visit to this website to your user account. Please note that as the operator of this website, we are not aware of the content of the data transmitted or the use of such by Instagram. The use of this service is based on your consent according to Article 6(1), point a) GDPR and S. 25(1) TTDSG (German Telecommunications and Telemedia Data Protection Act). You can withdraw this consent at any time. Insofar as personal data are collected on our website and transferred to Facebook/Instagram using the tools described here, we act jointly as controller together with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 (Article 26 GDPR). This joint responsibility is limited exclusively to the collection and transfer of data to Facebook/Instagram. Processing of data by Facebook/Instagram after this transfer does not fall under the scope of this joint responsibility. The obligations incumbent on us and Facebook jointly have been set out in an agreement on joint processing. The wording of this agreement can be found here: https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing information on data protection when using the Facebook/Instagram tool and for implementing the tool on our website securely and in accordance with data protection law. Facebook is responsible for the data security of Facebook or Instagram products. You can enforce your rights as a data subject (e.g. subject access request) regarding data processed by Facebook/Instagram directly with Facebook. If you enforce your rights as a data subject with us, we will be obliged to forward this information to Facebook. The transfer of data to the USA is based on the EU standard contractual clauses. Details are available here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ and https://www.facebook.com/help/566994660333381.

More information is available in the Instagram Privacy Policy at: https://privacycenter.instagram.com/policy/.

LinkedIn

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Any time you access a page on this website containing LinkedIn elements, a connection is established with the LinkedIn servers. LinkedIn is notified that you have visited this website from your IP address. If you click on the LinkedIn “Recommend” button and are logged in to your LinkedIn account, LinkedIn is able to attribute your visit to this website to you and your user account. Please note that as the operator of this website, we are not aware of the content of the data transmitted or the use of such by LinkedIn. The use of this service is based on your consent according to Article 6(1), point a) GDPR and S. 25(1) TTDSG (German Telecommunications and Telemedia Data Protection Act). You can withdraw this consent at any time. The transfer of data to the USA is based on the EU standard contractual clauses. Details are available here: https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-undder-schweiz?lang=en-US

More information is available in the LinkedIn Privacy Policy at: https://www.linkedin.com/legal/privacy-policy.

XING

This website uses elements of the XING network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Any time you access a page on this website containing XING elements, a connection is established with the XING servers. To our knowledge, personal data are not stored during this process. In particular, IP addresses are not stored and user behaviour is not analysed. The use of this service is based on your consent according to Article 6(1), point a) GDPR and S. 25(1) TTDSG (German Telecommunications and Telemedia Data Protection Act). You can withdraw this consent at any time. More information on privacy and the XING Share button is available in the XING Privacy Policy at: https://privacy.xing.com/en.

Snap Pixel

This website uses the Snap Pixel of Snap Inc., located at 3000 31st Street, Santa Monica, California 90405, USA (‘Snapchat’). The Snap Pixel is a piece of JavaScript code that helps us as advertisers to measure the cross-device impact of advertising campaigns on Snapchat. This allows us to see how many Snapchatters become active on our website after seeing our advert.

The following data is collected via the Snap Pixel Mobile ad ID (IDFA/AAID), IP address, cookie ID, browser user agent, actions and events on websites and apps, including pages viewed, purchases, searches, check-out events, wishlists, installs and user registration methods.

Associated data from the Snap Pixel can be stored for up to 13 months. Unassigned data is deleted within 30 days.

Snap Inc. is certified according to the EU-U.S. Data Privacy Framework. The legal basis is your cookie consent in accordance with § 25 para. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a) GDPR. Further information on data processing for advertising campaigns on Snapchat can be found here: https://values.snap.com/privacy/ads-privacy

14. Analytical tools and advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool which we can use to integrate tracking or statistics tools and other technologies into our website. Google Tag Manager does not generate user profiles itself, nor does it save any cookies or conduct any independent analyses. Its sole purposes is to manage and run the tools which it is used to integrate. However, Google Tag Manager does record your IP address which may also be transferred to the Google parent company in the USA. The use of Google Tag Manager is based on Article 6(1), point f) GDPR. The website operator has a legitimate interest in the quick and simple integration and management of different tools on his website. Where corresponding consent has been requested, processing is performed exclusively on the grounds of Article 6(1), point a) GDPR and S. 25(1) TTDSG, insofar as this consent covers the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. You can withdraw this consent at any time.

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Analytics

This website uses functions of the Google Analytics service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyse the behaviour of visitors to his website. The website operator receives a variety of usage data, such as page visits, length of visit, operating systems used and origin of user. These data are compiled in a User ID and assigned to the respective end device of the website visitor. We can also use Google Analytics to track your mouse movements, scrolling and clicks. Additionally, Google Analytics uses a variety of modelling methods to supplement the data sets created and employs machine-learning technologies for data analysis. Google Analytics uses technologies which enable user recognition for the purposes of analysing user behaviour (e.g. cookies or device fingerprinting). The information which Google collects concerning use of this website is generally speaking transferred to a Google server in the USA where it is stored. The use of this service is based on your consent according to Article 6(1), point a) GDPR and S. 25(1) TTDSG (German Telecommunications and Telemedia Data Protection Act). You can withdraw this consent at any time. The transfer of data to the USA is based on the EU standard contractual clauses. Details are available here:

https://privacy.google.com/businesses/controllerterms/mccs/.

More information is available from the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

IP anonymisation

Google Analytics IP anonymisation is enabled. Consequently, your IP address is compressed by Google within Member States of the European Union or other signatory States to the Agreement on the European Economic Area before being transmitted to the USA. Your full IP address will be transmitted to a Google server in the USA and compressed there in exceptional cases only. Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website activities and to provide other services for the website operator relating to use of the website and the internet. The IP address transmitted by your browser within the context of Google Analytics is not merged with other Google data.

Browser plug-in

You can prevent Google from collecting and processing your data by downloading and installing a browser plug-in available from the following link:

https://tools.google.com/dlpage/gaoptout?hl=en.

More information on how Google Analytics handles user data can be found in the Google Privacy Policy:

https://support.google.com/analytics/answer/6004245?hl=en.

Google signals

We use Google signals. When you visit our website, Google Analytics collects data such as your location, your search history, your YouTube history and demographics (user data). These data can be used by Google signal to personalise advertising. If you have a Google account, Google Signal will link these user data to your Google account and use them to show you personalised adverts. These data will also be used to compile anonymised statistics on the behaviour of our users.

Data processing

We have concluded a data processing agreement with Google and implement the strict guidelines of the German data protection authorities when using Google Analytics.

Microsoft Advertising

The website operator uses Microsoft Advertising. Microsoft Advertising is an online advertising program provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Advertising enables us to display adverts in the Bing search engine or on third-party websites whenever users enter certain key terms into Bing (keyword targeting). Targeted ads can also be displayed by utilising user data which Microsoft already possesses (e.g. location data and interests) (group targeting). As the operator of the website, we can run quantitative analyses on these data, such as by analysing what search terms have led to our adverts being displayed and how many adverts have led to clicks. We use universal event tracking (UET) from Microsoft Advertising on this website. This tool collects pseudonymised data in order to track the actions you take on our websites after clicking on an ad displayed with Microsoft Advertising. UET records your IP address (anonymised), device ID, information on device and browser settings, Microsoft Click ID (stored in a cookie), length of visit to the website, what areas of the website you access, which ad led you to our website and which keyword(s) was/were clicked on. The use of this service is based on your consent according to Article 6(1), point a) GDPR and S. 25(1) TTDSG (German Telecommunications and Telemedia Data Protection Act). You can withdraw this consent at any time.

The transfer of data to the USA is based on the EU standard contractual clauses. Details are available here:

https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.

More information is available from the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000KzNaAAK&status=Active

Clarity

This website uses Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity/ (hereinafter “Clarity”). Clarity is a tool which analyses user behaviour on this website. In particular, Clarity records mouse movements and prepares a graphic showing which part of the website users scroll particularly frequently (heatmaps). Clarity can also record sessions so that we can view the use of our website in video form. In addition, we receive information on general user behaviour across our website. Clarity uses technologies which enable user recognition for the purposes of analysing user behaviour (e.g. cookies or device fingerprinting). Your personal data are stored on Microsoft servers in the USA (Microsoft Azure Cloud Service). Insofar as we have obtained consent, use of this service is based exclusively on Article 6(1), point a) GDPR and S. 25 TTDSG. You can withdraw this consent at any time. If consent has not been obtained, use of this service is based on Article 6(1), point f) GDPR; the website operator has a legitimate interest in effective user analysis.

For more details about privacy at Clarity, please visit:

https://docs.microsoft.com/en-us/clarity/faq.

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000KzNaAAK&status=Active

Data processing

We have concluded a data processing agreement (DPA) concerning the use of the aforementioned service. This agreement is a legal requirement under data protection law and guarantees that this service provider processes the personal data of our website users according to our instructions and in compliance with the GDPR only.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display adverts in the Google search engine or on third-party websites whenever users enter certain key terms into Google (keyword targeting). Targeted ads can also be displayed by utilising user data which Google already possesses (e.g. location data and interests) (group targeting). As the operator of the website, we can run quantitative analyses on these data, such as by analysing what search terms have led to our adverts being displayed and how many adverts have led to clicks. The use of this service is based on your consent according to Article 6(1), point a) GDPR and S. 25(1) TTDSG. You can withdraw this consent at any time. The transfer of data to the USA is based on the EU standard contractual clauses. Details are available here:

https://policies.google.com/privacy/frameworks and

https://business.safety.google/controllerterms/.

More information is available from the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

Google AdSense

This website uses Google AdSense, a service for integrating adverts. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We can use Google AdSense to display targeted third-party adverts on our website. The content of these ads is tailored to your interests which Google determines based on your prior user behaviour. Context information, such as your location, the content of the website you are visiting or the search terms you have entered into Google, is also taken into account when selecting suitable ads. Google AdSense uses cookies, web beacons (invisible graphics) and similar recognition technologies. These technologies can be used to analyse information such as visitor traffic on this website. The information which Google AdSense collects regarding use of this website (including your IP address) and the displaying of advertising formats are transferred to a Google server in the USA where they are stored. Google may pass on this information to its contract partners. However, Google will not merge your IP address with other data it holds concerning you. The use of this service is based on your consent according to Article 6(1), point a) GDPR and S. 25(1) TTDSG (German Telecommunications and Telemedia Data Protection Act). You can withdraw this consent at any time. The transfer of data to the USA is based on the EU standard contractual clauses. Details are available here:

https://privacy.google.com/businesses/controllerterms/mccs/.

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Ads Remarketing

This website uses functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We can use Google Ads Remarketing to assign persons who interact with our online presence to specific target groups in order to subsequently show them tailored advertising on the Google Ads network (remarketing/ retargeting). The marketing target groups compiled by Google Ads Remarketing can also be linked to cross-device Google functions. In this way, we can show you personalised adverts tailored to your interests based your previous user and surfing behaviour on one end device (e.g. phone) on another of your end devices (e.g. tablet or PC).

If you have a Google account, you can object to personalised advertising at the following link:

https://adssettings.google.com/anonymous?hl=en.

https://policies.google.com/technologies/ads?hl=en.

https://www.dataprivacyframework.gov/s/participant-search/participantdetail? contact=true&id=a2zt000000001L5AAI&status=Active

Creating target groups with Customer Match

We use tools such as Customer Match from Google Ads Remarketing in order to create target groups. In doing so, we transfer certain customer data (e.g. e-mail addresses) from our customer lists to Google. If the corresponding customers are Google users and are logged in to their Google account, they will be shown suitable ads within the Google network (e.g. on YouTube, in Gmail or in the search engine).

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We and Google can use Google Conversion Tracking to identify whether a user has performed specific actions. This means, for example, that we can analyse which buttons on our website have been clicked on frequently and which products have been frequently viewed or purchased. This information is used to compile conversion statistics. We are informed of the total number of users who clicked on our ads and what actions they performed. We do not receive any information that would allow us to personally identify the user. Google itself uses cookies or similar recognition technologies for the purposes of identifying users. The use of this service is based on your consent according to Article 6(1), point a) GDPR and S. 25(1) TTDSG (German Telecommunications and Telemedia Data Protection Act). You can withdraw your consent at any time. More information on Google Conversion Tracking is available in the Google Privacy Policy:

https://policies.google.com/privacy?hl=en.

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

Facebook Conversion API

We have integrated the Facebook Conversion API into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to information provided by Facebook, the data collected are transferred to the USA and other third countries. The Facebook Conversion API enables us to record visitors’ interactions with our website and to pass this information to Facebook in order to improve the performance of our advertising on Facebook. In particular, we record the time of access, the page accessed, your IP address, your user agent and other specific data as applicable (e.g. products purchased, value of basket and currency). You can find a full overview of the data collected here:

https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing information on data protection when using the Facebook tool and for implementing the tool on our website securely and in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can enforce your rights as a data subject (e.g. subject access request) regarding data processed by Facebook directly with Facebook. If you enforce your rights as a data subject with us, we will be obliged to forward this information to Facebook. The transfer of data to the USA is based on the EU standard contractual clauses. Details are available here:

https://www.facebook.com/legal/EU_data_transfer_addendum and

https://www.facebook.com/help/566994660333381.

You can find more information on how your privacy is protected in the Facebook Privacy Policy:

https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000GnywAAC&status=Active

Data processing

Facebook Custom Audiences

We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. When you use or visit our websites and apps, take advantage of our free or paid-for offers, transmit data to us or interact with our company’s Facebook content, we collect your personal information. Insofar as you consent to our use of Facebook Custom Audiences, we will pass these data to Facebook who can use them to show you appropriate advertising. Your data can also be used to define target groups (Lookalike Audiences). Facebook processes these data on our behalf as a processor. Details on the Facebook usage agreement can be found here:

https://www.facebook.com/legal/terms/customaudience.

https://www.facebook.com/legal/terms/customaudience and

https://www.facebook.com/legal/terms/dataprocessing.

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000GnywAAC&status=Active

TikTok Pixel

We have integrated the TikTok Pixel into this website. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter TikTok). We can use the TikTok Pixel to show visitors to our website who have viewed our offers advertising on TikTok that is tailored to their interests (TikTok Ads). At the same time, we can use the TikTok Pixel to identify how effective our TikTok advertising is. We can consequently evaluate the effectiveness of our TikTok ads for statistical and market research purposes and optimise these for future campaigns. To do this, we process a variety of usage behaviour, such as IP address, pages accessed, length of visit, operating systems used and origin of user, information on the ad on TikTok which a person has clicked on or an event which was triggered (timestamp). These data are compiled in a User ID and assigned to the respective end device of the website visitor. The use of this service is based on your consent according to Article 6(1), point a) GDPR and S. 25(1) TTDSG (German Telecommunications and Telemedia Data Protection Act). You can withdraw this consent at any time. The transfer of data to third countries is based on the EU standard contractual clauses. Details are available here:

https://www.tiktok.com/legal/page/eea/privacy-policy/en and

https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

Data processing

LinkedIn Insight Tag

This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Data processing with LinkedIn Insight Tag Through the LinkedIn Insight Tags, we obtain information on the visitors to our website. If a website visitor is registered with LinkedIn, we can analyse master data related to their profession (e.g. career stage, size of company, country, location, industry and position) and consequently better align our website with the respective target groups. We can also use LinkedIn Insight Tags to analyse whether visitors to our website make a purchase or perform any other action (conversion tracking). Conversions can also be tracked across devices (e.g. from PC to tablet). The LinkedIn Insight Tag also provides a retargeting function which we can use to show visitors to our website targeted ads outside of our website. According to LinkedIn, the targets of these ads are not identified during this process. LinkedIn itself also compiles so-called logfiles (URL, Referrer URL, IP address, device and browser properties, and time of access). The IP addresses are compressed or (insofar as they are used to reach LinkedIn members across multiple devices) hashed (pseudonymised). The direct IDs of LinkedIn members are erased by LinkedIn after seven days. The pseudonymised data that remain are then erased within 180 days. We, as the website operator, are not able to attribute the data collected by LinkedIn to specific individual persons. LinkedIn will store the personal data collected on website users on its servers in the USA and use them within the context of its own advertising campaigns. Details can be found in the LinkedIn Privacy Policy at

https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal basis

Insofar as we have obtained consent, use of this service is based exclusively on Article 6(1), point a) GDPR and S. 25 TTDSG. You can withdraw this consent at any time. If consent has not been obtained, use of this service is based on Article 6(1), point f) GDPR; the website operator has a legitimate interest in effective advertising, under exclusion of social media. The transfer of data to the USA is based on the EU standard contractual clauses. Details are available here:

https://www.linkedin.com/legal/l/dpa and

https://www.linkedin.com/legal/l/eu-sccs.

You can object to the use of the LinkedIn Insight Tag, analysis of user behaviour and targeted advertising by LinkedIn at the following link:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Members of LinkedIn can also manage the use of their personal data for marketing purposes in their account settings. In order to prevent data collected by LinkedIn on our website being linked to your LinkedIn account, you must also log out of your LinkedIn account before visiting our website.

Data processing We have concluded a data processing agreement (DPA) concerning the use of the aforementioned service. This agreement is a legal requirement under data protection law and guarantees that this service provider processes the personal data of our website users according to our instructions and in compliance with the GDPR only.

15. Plug-ins and tools

YouTube

This website embeds videos from YouTube. The operator of the YouTube website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our websites which has YouTube integrated, a connection is established with the YouTube servers. The YouTube server is then notified of which of our pages you have visited. YouTube can also store various cookies on your end device or use similar technologies for user recognition (e.g. device fingerprinting). Consequently, YouTube can obtain information regarding visitors to this website. This information is used, among other purposes, to compile video statistics which improve user-friendliness and prevent attempts to commit fraud. If you are logged in to your YouTube account, you allow YouTube to link your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. We use YouTube in the interest of making our online present appealing. This constitutes a legitimate interest within the meaning of Article 6(1), point f) GDPR. Where corresponding consent has been requested, processing is performed exclusively on the grounds of Article 6(1), point a) GDPR and S. 25(1) TTDSG, insofar as this consent covers the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. You can withdraw your consent at any time. More information on how user data are handled can be found in the YouTube Privacy Policy at:

https://policies.google.com/privacy?hl=en.

More information is available from the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

If you would like more information on our particular approach to transferring your personal data outside of the EEA, please contact our DPO.

16. glosario

Bases legales

Interés legítimo
Significa el interés que tiene nuestra empresa en gestionar nuestro negocio de manera que podamos ofrecerle el mejor servicio/producto y la mejor y más segura experiencia. Nos aseguramos de revisar todos los posibles impactos (tanto positivos como negativos) sobre usted y sus derechos antes de tratar sus datos personales basándonos en nuestro interés legítimo. No utilizamos sus datos personales para acciones en las que el impacto sobre usted prevalezca sobre nuestro interés (salvo que contemos con su consentimiento o exista otra obligación o autorización legal). Para obtener más información sobre cómo evaluamos el impacto de determinadas acciones sobre usted frente a nuestro interés legítimo, póngase en contacto con nuestro DPO (Delegado de Protección de Datos).

Ejecución de un contrato
Significa el tratamiento de sus datos en la medida en que sea necesario para cumplir un contrato del que usted sea parte o para tomar medidas a su solicitud antes de celebrar un contrato.

Cumplimiento de una obligación legal o reglamentaria
Significa el tratamiento de sus datos personales en la medida en que sea necesario para cumplir con una obligación legal o reglamentaria que debamos atender.

Terceros

Terceros internos
Otras empresas dentro del Grupo GUS que actúan conjuntamente como responsables del tratamiento o encargados del tratamiento, que tienen sus sedes registradas en diferentes ubicaciones alrededor del mundo y que prestan servicios gestionados de manera conjunta, como servicios de TI, asesoramiento y representación legal, administración de sistemas e informes.

Terceros externos

Otras universidades, empleadores, futuros empleadores, proveedores de contratos de formación o puestos de asistente.

Proveedores de servicios que actúan como encargados del tratamiento en Inglaterra y Alemania y que prestan servicios de TI y administración de sistemas.

Consultores profesionales que actúan conjuntamente como responsables o encargados del tratamiento, incluidos abogados, bancos, auditores y aseguradoras, que tienen sus sedes registradas en diferentes ubicaciones alrededor del mundo y que prestan servicios en las áreas de consultoría, banca, derecho, seguros y contabilidad.

HM Revenue & Customs (Agencia Tributaria del Reino Unido), autoridades reguladoras y otras autoridades que actúan como autoridades de tratamiento de datos o conjuntamente como autoridades supervisoras de datos, con sede en el Reino Unido y en otros países, y que, en ciertos casos, requieren registros de las actividades de tratamiento de datos.

Empleadores que solicitan una evaluación a BSBI.

Examinadores externos para los fines de exámenes, calificación y evaluación de notas.

Socios de los comités de toma de decisiones, con el fin de gestionar los aspectos administrativos de la inscripción de estudiantes en programas de estudio.

Asociaciones profesionales / organismos financiadores / entidades de préstamos estudiantiles.

Socios publicitarios (por ejemplo, AgenturWebfox GmbH, Facebook Lookalikes).

Política de privacidad

Bienvenido/a al Aviso de Privacidad de BSBI

Finalidad de este Aviso de Privacidad

1. Información importante y quiénes somos

Responsable del tratamiento

Información de contacto

Modificaciones de la Política de Privacidad y obligación de notificarnos cambios

Enlaces a terceros

2. Osano (Cookies)

Tratamiento de datos por Osano

3. Qué datos recopilamos sobre ti

Categorías especiales de datos

Falta de comunicación de datos

4. Cómo recopilamos tus datos personales

Interacciones directas

Tecnologías automatizadas

Fuentes de terceros o públicas

5. Cómo utilizamos tus datos personales

6. The purposes, for which your personal data are used

7. How we use confidential personal data (special category data)

8. Disclosing your personal data

9. International data transfers

10. Data security

11. Data storage

12. Your legal rights

13. Social media

14. Analytical tools and advertising

15. Plug-ins and tools

16. glosario

Bases legales

Terceros