Politique complète

We, the DIHK-Bildungs-gGmbH organisation (referred to as ‘we’ or ‘us’ in this text), offer various online seminars and workshops (referred to as ‘course’ or ‘courses’ in this text) in our own name or on behalf of the CCIs and we are looking forward to welcoming you as a participant. It is important to us that we can create the conditions for you and everyone else to work together in a spirit of fairness and we would therefore ask you to adhere to the Code of Conduct set out below. Please note that we reserve the right to exclude you from a course in the event of repeated non-compliance or gross violation.

1.      The Aim of Netiquette

In addition to numerous technical and organisational measures (TOMs) which we specify and implement, it is also essential that each trainer and course participant comply with technical and organisational data security and privacy. Organising courses involves processing data and in order to protect the persons affected (data subjects) and to act in general in accordance with the laws currently in force, these guidelines on use address the Code of Conduct which all course participants must comply with. By taking part in the course, each participant confirms that they will abide by the requirements set out here.

2.      Passwords or Access Links

There must be mutual transparency for all course participants with regard to the identity of the participants. If participation is only possible by using a password or access link, these must not be passed on to unauthorised third parties. This is to ensure that other persons cannot take part in a course secretly or without being recognised. If unauthorised persons come into possession of a password or access link or if there is any suspicion of this having happened, this must be reported to the course organiser concerned.

3.      Protection of Personal Data

Personal data and any other confidential information may only be used for course purposes and must always be treated confidentially and protected from unauthorised persons seeing them or accessing them in any way. This includes but is not limited to:

• • Unauthorised viewing must be prevented by adjusting the terminal device or shielding the screen.
  • A password-protected screen lock should be used even if you leave your device for only a short time.
  • Effective measures restricting access to the device used must be in place and updates must be installed as soon as is reasonably possible (especially security updates and virus definitions).
  • Only in exceptional cases may image and sound recordings be made and only with the prior consent of all the participants involved and only by the specific course organiser. Allowing persons outside the group of participants to have access to recordings likewise requires the documented consent of all participants.
  • The same applies to making and publishing screenshots where participants can be recognised.
  • It is not allowed to integrate an AI bot for transcription, recording images or sound, generating analyses or using similar application functions.

4.      Data Protection Breaches

If a course participant becomes aware of a data protection breach or suspects such a breach, they must immediately notify the course organiser concerned.

5.      Prohibited Communication Purposes/Content/Forms

Course participants must refrain from any action which infringes applicable law and/or is likely to harm the interests of the course organiser or other participants or to compromise the security of the organiser’s IT systems.

This applies in particular to:

• • retrieving, uploading or disseminating content which violates personal rights, copyright or criminal law provisions, and/or content which is offensive, defamatory, racist, sexist, glorifies violence or is pornographic;
  • transmitting viruses or other malware;
  • using the display background to communicate political or commercial content (party or advertising posters, political symbols, advertising messages etc.).

6.      Considerate Manner

We would ask you to treat each other with respect in the courses we hold so as to enable a constructive and cultivated exchange between the participants during the course. In particular, you should respect the privacy of the other course participants as well as that of the lecturer or instructor. When you participate in one of our courses, it is therefore important that you bear in mind the following points:

• • Please be punctual and join the group a few minutes before the class starts.
  • Keep your spoken contributions concise.
  • Listen to each other and let others finish speaking.
  • Be there from the beginning to the end – or say in advance that you will be delayed or will have to leave early.
  • Check your technical setup before starting an online course, in particular your internet connection, sound and image transmission, and the sound and lighting conditions.
  • Please do not participate in an online course in public areas and do not use public Wi-Fi.
  • Make sure there are no distractions around you when you take part in an online course and avoid disruptive contributions. Close doors and windows, for example, and switch off any background music.
  • You should normally mute your microphone during an online course and only unmute it when you begin to speak.
  • If you wish to speak, please wait until you are asked to do so.

As at: 14 June 2024

Politique complète

I. Contact Details for Controller and Data Protection Officer for Data Processing

The so-called Controller for data processing within the meaning of the data protection laws is:
DIHK- Gesellschaft für berufliche Bildung -
Organisation zur Förderung der IHK-Weiterbildung gGmbH
Holbeinstr. 13-15
53175 Bonn
Telephone: +49/ 228-6205101
datenschutz@wb.dihk.de

Please feel free to contact us if you have any questions or suggestions regarding data protection and privacy.
You can contact our data protection officer at:
Scheja & Partners GmbH & Co. KG
Boris Reibach, lawyer
Adenauerallee 136
53113 Bonn
Contact or info@scheja-partner.de

II. Subject Matter of Data Protection

The subject matter of data protection is personal data. This is all information relating to an identified or identifiable individual (so-called ‘data subject’). This includes, for example, details such as the name, postal address, e-mail address or telephone number but also information which is inevitably generated when using our website, such as the start, end and degree of use.

III. SecurityThe DIHK-Bildungs-gGmbH organisation takes appropriate technical and organisational security precautions to protect your personal data against unintentional or unlawful deletion, alteration or loss, and against unauthorised disclosure or access.
If we collect personal data, we or our processors store it on specially protected servers. Access to these servers is only possible for a small number of people whose work it is to provide technical, commercial or editorial support for the Learning Platform. In order to prevent the loss or misuse of such data, we put in place elaborate technical and organisational security precautions which are regularly reviewed and adapted to include technological advances.
We would point out, however, that given the structure of the Internet, the rules concerning data protection and the security measures mentioned above may not be respected by other persons or institutions beyond our area of responsibility. In particular, data transmitted unencrypted can also be read by third parties and we have no technical mechanisms to control this. It is up to the user by means of encryption or any other way to protect the data they provide against unauthorised access by third parties during transmission.

IV. Purposes and Legal Bases of Processing

1. 1. Processing when using the Learning Platform
      1. Log files:
         We process and store personal data if this is necessary for operating the Learning Platform (in acc. with the GDPR [General Data Protection Regulation], Art. 6.1.f). When you visit our site, we store the following log information in a file (log files) and in the database:
         The date and time of your visit to the Learning Platform, the name of the actor and data subject (where there are administrative changes), the result context (e.g. system, course and user), the components used (system, forum, password, module etc.), as well as technical information about your visit to the platform (technical abbreviations with system IDs, origin and IP address).
         The purposes pursued comprise:
         • ensuring data security
         • ensuring data availability
         • eliminating faults and malfunctions
         • preventing criminal offences and misuse of our products and services
         We delete the log files after 7 days; log information in the database is stored for 90 days and then deleted.
      2. Cookies:
         The Learning Platform uses cookies, one of the reasons being so that we can make our offering more user-friendly and effective. Cookies are little text files which are stored on your device but they don’t contain any viruses or cause any damage.
         - „Moodle ID“ session Cookie
         To make things easier for you to log into your profile, we use the ‘Moodle ID’ cookie. As a necessary cookie under Art. 6.1., sentence 1, letter f of the GDPR, the cookie remembers your login details in the web browser, the continuation of a user session, tracks your movements as you navigate between various pages of our website offering and remains on your device even after you log out. The next time you visit the website, your login name and password will already be entered and you are all set for logging in. The cookie contains a randomly generated session ID. When you close and reopen your browser, a new session starts with a new session ID and the old cookie is then deleted from your browser. You can prevent cookies from being saved by changing your browser settings accordingly. Please note that this may limit the functionality and range of functions of our website. If you do not set this cookie, you will have to re-enter your login name and password each time you visit our site.
         The purposes pursued comprise:
         • ensuring data security
         • ensuring data availability
         • eliminating faults and malfunctions
         • preventing criminal offences and misuse of our products and services
         We also process your personal data to safeguard our legitimate interests or those of third parties too (in acc. with Art. 6.1.f of the GDPR) such as:
         • providing and running the Learning Platform
         You have the right to object to this processing as set out under Article 6.
         The cookie is automatically deleted 2 hours after you leave the website or your current session expires.
      3. Links to other Websites
         You will occasionally find links to other websites included on our Learning Platform. The websites and services of providers which these links will take you to are designed and provided by third parties. We have no influence on the design, content and function of these third-party services. This is also the case where our YouTube and Facebook profiles as well as our podcasts are integrated or if you are forwarded to them. If you visit our profiles, we would refer you to our separate data protection information for our social media presences.
         Please note that our sphere of influence does not extend to third-party offers linked from our website and any cookies then installed on your device or personal data collected. Such third-party activities are entirely beyond our control. This being the case, we would ask you to contact the providers of these linked third-party offers directly for more information, in particular with regard to the nature, extent, legal basis and storage duration.
   2. Processing when running the courses and project groups
      Our Learning Platform has been set up for the purposes of running courses, training programmes and sessions, classes of instruction and for working in study groups and project teams (referred to as ‘learning courses’ in the text below). Participation is voluntary and in some cases within the parameters of compulsory requirements of the DIHK-Bildungs-gGmbH organisation. When we run the learning courses, we also process your personal data, such as usage data (information about your activities associated with the Learning Platform, e.g. courses attended, status of the learning courses, the last time you attended a course, activities in the learning courses, any evaluations such as test results or task evaluations), access data (e.g. access date and time and access number) and also connection metadata (e.g. subject of the meeting, IP address, device information).
      1. Processing for the purposes of contractual performance
         If you participate in one of the learning courses we offer, we will process your personal data to the extent that this is necessary for you to take part in the learning course (in acc. with Art. 6.1.b of the GDPR). These purposes include in particular:
         • announcing, organising and running learning courses, including your enrolment
         • following up on learning courses
         • course-centred communication with instructors and attendees
         • providing learning materials and further readings
         • producing and sending out confirmations of enrolment, invitations and documents, as well as confirmations of participation and also any certificates
         • evaluating tests and project work
         Having your own user access means you will be able to view the data stored on you. In your personal user profile you will also be able to ask for a report detailing the data or to request that this data be deleted.
      2. Processing based on our legitimate interests
         We also process your personal data to safeguard our legitimate interests or those of third parties too (in acc. with Art. 6.1.f of the GDPR) such as for:
         • managing participation
         • certifying compulsory training
         • managing schedules, deadlines etc.
         • organising learning groups
         • improving the learning courses
         • enabling participant interaction within the learning courses
         • following up on learning courses, in particular evaluating any feedback given
         • sending subject-specific information
         • compiling statistics
         Article 6 sets out your rights to object to this data being processed.
         The data from the courses is stored for up to six months after the course has finished or until the data is no longer needed for certifications/audits. Contributions to discussions in forums, entries in glossaries or wikis are deleted with the removal of the course. Your user account will be deleted if you have not logged in for more than 24 months. In each and every case we only store your personal data for as long as this is necessary to fulfil the purposes set out above.
      3. Processing based on your consent
         In certain circumstances we may also process your personal data if you have given us a Declaration of Consent to do so. The intended purpose for our processing such data is set out in the particular Declaration of Consent. This may be the case in the following circumstances:
         • recording audio and/or video conferences
         Art. 6.1.a of the GDPR forms the basis for processing the data. You may withdraw your consent at any time. We will delete the data if we no longer need it for the purposes we are pursuing, the deadline for storage given in your consent has expired or if you have withdrawn consent and there is no other legal basis. Should the latter be the case, we will delete the data once the other legal basis ceases to apply.
      4. Processing to fulfil legal obligations
         We also process your personal data to comply with legal obligations placed on us (in acc. with Art. 6.1.c of the GDPR). Such obligations may arise, for instance, for reasons of commercial or tax fraud, money laundering, or financial or criminal law.
   3. Recipients or categories of recipients of the personal data
      Within our organisation only those persons who need your data in order to fulfil the tasks within the scope of the purposes set out in this Privacy Policy can access this data. We will only pass on your personal data to external recipients outside of DIHK-Bildungs-gGmbH if this is necessary to deal with or process your request, if we are otherwise legally permitted to do so or if you have given us your consent in this regard.
      External recipients may be:
      • a) Data processors
        Businesses we contract to supply services, for example for technical infrastructure and for website maintenance or for providing content. We carefully select these processors and reassess them on a regular basis to ensure your privacy is protected. The contractors may only use the data for the purposes we stipulate.
      • b) Public sector entities
        Public authorities and state institutions, such as public prosecutors’ offices, courts and tax authorities where we are bound by law to send them personal data. The CCI responsible for you is likewise notified of which courses you enrol for.
      • c) Lecturers/Instructors
        TInstructors and lecturers will also be able to view your learning history, your contributions and the results of your tests and assignments to the extent necessary for organising the courses and teaching activities.
      • d) Other participants
        Other participants can look through lists which have been distributed and on which your name appears provided that you have not objected to publication. Furthermore, other participants can view your profile and any data you have declared to be public in order to assist with your communication and collaboration.
      • e) Non-public bodies
        Dealers or assistants to whom data is transmitted on the basis of consent or an overriding necessity.
   4. Storage duration
      Once a course finishes, the information about completion of the course, the date and – if you are participating in a course organised by DIHK-Bildungs-gGmbH – an evaluation, where applicable, will be stored in the personnel management system. Your data will be automatically removed from the course rooms six months after the course has finished. If you don’t log into our learning platform for more than two years and you are not enrolled in any ongoing courses either, your data will be deleted. Moreover, you can ask for your data to be deleted via the Learning Platform.
      Additionally, we ensure that prohibited communications are regularly deleted.
      In each and every case we only store your personal data for as long as this is necessary to fulfil the purposes set out above or – in the event that you have given your consent – for as long as you have not withdrawn your consent. If you raise an objection, we will delete your personal data unless we are permitted to continue processing it under the relevant legal provisions.
   5. Transmission to third countries
      In some instances, your data will be transmitted to another organisation whose head office or place where they process data is not located in a Member State of the European Union or in another state party to the Agreement on the European Economic Area.
      If the European Commission has not issued a so-called adequacy decision for the third country, we work towards an adequate level of data protection when transferring personal data outside the EEA by signing appropriate agreements with the recipients before transferring the data. These agreements are routinely concluded on the basis of the EU standard contractual clauses.
   6. Rights of the user
      Since you are a data subject and therefore affected by data processing, you have the following rights:
      • Right of access to information:
        You have the right to obtain information about the personal data we have stored on you.
      • Right to rectification and erasure:
        You can demand that we correct wrong data and – provided that the legal requirements are met – that we delete your data.
      • Restrictions on processing:
        Provided that the legal requirements are met, you can demand that we restrict the processing of your data.
      • Data portability:
        If you have provided us with data on the basis of a contract or of consent, and on condition that the legal requirements are met, you can demand that you be given the data you have provided in a structured, commonly used and machine-readable format or that we transmit it to another Controller.
      • Objection to data processing to protect our legitimate interests
        You have the right,
        for reasons arising from your particular situation, to object to our processing data at any time provided that this is done to protect our legitimate interests. If you exercise your right to object, we will stop processing your data unless we can demonstrate – in accordance with the legal requirements – compelling legitimate grounds warranting protection for continuing processing which outweigh your rights.
      • Furthermore, you may lodge a complaint with the competent supervisory authority if you are of the opinion that processing your data violates applicable law. In such cases you can contact the data protection authorities responsible for your place of residence, state or country, or the data protection authorities responsible for us.

Contacting us:
You are also free to contact us at no cost to you if you have any questions concerning your personal data being processed, your rights as a data subject and any consent you may have given. You can reach us to exercise all the rights detailed above at datenschutz@wb.dihk.de or at the postal address given under section I above. Please make sure when contacting us that we can clearly identify who you are.

Version
The current version of this Privacy Policy applies.
As at: 6 December 2022