Data Protection act.³ GmbH
act.³ GmbH takes data protection seriously and would like to use this Privacy Statement to explain you which data is absolutely necessary, how we use this data and how you can correct or change your details.
The protection of your privacy is very important to us.
For this reason, it goes without saying that we comply with the statutory provisions on data protection, referring in particular to the provisions of the new EU General Data Protection Regulation (GDPR).
Therefore, it is our concern that you always know when we store which of your data, how we use them, but also how you can restrict or prevent their use.
In the following, we will inform you about how we collect your personal data when you use our website.
1. Name and address of the data controller
The data controller within the meaning of the General Data Protection Regulation (GDPR), in particular pursuant to Art. 4 Para. 7 GDPR and other national data protection laws of the member states as well as other provisions under data protection law, is:
You can reach our data protection officer at the e-mail address given above or at our postal address with the addition “data protection officer”.
- General information on data processing
- Personal data
Personal data means any and all information about personal and factual circumstances of an identified or identifiable natural person.
In the following we inform you about the collection of personal data when you use our website.
This includes information and data such as your name, your address or other postal addresses or your telephone number, your e-mail address or your user behaviour.
- Legal basis for processing personal data
Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 Para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
Art. 6 Para. 1 lit. b GDPR serves as a legal basis for processing personal data required for the performance of a contract to which the data subject is a party. This shall also apply to processing operations necessary for the implementation of pre-contractual measures.
If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c of the GDPR serves as the legal basis.
In the event where vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 Para. 1 lit. d of the GDPR serves as the legal basis.
Where the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 Para. 1 lit. f of the GDPR serves as the legal basis for the processing.
- Data erasure and storage duration
The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if the European or national legislator has provided for this in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or erased if a storage period as prescribed by the aforementioned standards expires, unless it is necessary to further store the data for the conclusion or performance of a contract.
- Your rights
- You have the following rights with regards to personal data concerning you:
- Right to information,
- Right to rectification or erasure,
- Right to limit the processing,
- Right to object to the processing,
- Right to data transferability
- You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
- Collection of personal data when you visit our website
- When simply using the website for information purposes, i.e. if you do not register or otherwise provide us with information, we will only collect personal data transmitted to our server by your browser. If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you and to guarantee stability and security (legal basis being Art. 6 para. 1. P. 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference at Greenwich Mean Time (GMT)
- Contents of the request (specific page)
- Access status/http status code
- Data volume transferred in each case
- Website before the request
- Operating system and its interface
- Language and version of the browser software
- In addition to the aforementioned data, cookies will be stored on your computer when you use our website. Cookies are small text data that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie (in this case, through us). Cookies can neither execute programs nor transmit viruses to your computer. They serve to render the entire Internet range more user-friendly and effective.
- This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient Cookies (see 5.3.2)
- Persistent cookies (see 5.3.3)
- Transient cookies are automatically erased when you close your browser. This includes session cookies in particular. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are erased when you log out or close your browser.
- Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
- You can configure your browser settings according to your wishes and also refuse the acceptance of third-party cookies or all cookies. Please be advised that you may not be able to use all the functions of this website.
- If we use Flash cookies, such cookies will not be recorded by your browser but by your Flash plug-in. We can also use HTML5 storage objects that are stored on your device. These objects store the required data regardless of the browser you are using and do not have an automatic expiration date. If you do not want the Flash cookies to be processed, you have to install an appropriate add-on, such as B “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer cookie for Google Chrome.
You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend that you regularly delete your cookies and browser history manually.
- Further functions and offers of our website
- In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you will generally have to provide further personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply.
- To some extent, we use external service providers to process your data. Such service providers have been carefully selected and commissioned by us; they are bound by our instructions and are checked at regular intervals.
- We may also share your personal data with third parties when we cooperate with partners to offer promotions, sweepstakes, contracts or similar services. You will receive more detailed information on this when you enter your personal data or you will find further details below in the description of the offer.
- If our service providers or partners are based in a country outside the European Economic Area (EEA), we will find more detailed information about the consequences of this circumstance in the description of the offer.
- Objection or revocation against the processing of your data
- If you have given your consent to the processing of your data, you can revoke it at any time. After you have notified us of such a revocation, it will affect the permissibility of the processing of your personal data.
- Insofar as we base the processing of your personal data on a weighing of interests, you may object to the processing. This is the case, if the processing is not particularly required for the fulfilment of a contract with you, which is represented by us in each case with the following description of the functions. In the event of such an objection, we request you to explain the reasons why we should not process your personal data as we have done. If your objection is justified, we will examine the facts and either discontinue or adapt the data processing or point out our compelling reasons worthy of protection on the basis of which we will continue the processing.
- You are free to object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your advertising objection under the following contact data:
- Utilisation of the contact form
- Should you wish to use our contact form, please enter your first name, surname and e-mail address. We require these data to ensure you can send us an e-mail using our contact form. Any further information can be provided voluntarily by using our contact form.
- When you use our contact form, we store the data you provide us with and which we need to communicate with you. Furthermore, we store the voluntary data provided by you for the duration of your use of the portal, unless you have previously deleted it. You can manage and change all information in the protected customer area. The legal basis is Art 6 Para 1s. 1 lit. f GDPR.
- To prevent unauthorized access to your personal data by third parties, the connection will be encoded using SSL.
- Use of webshops
- If you wish to order in our web shop, as far as available on this website, it is necessary for the conclusion of the contract that you enter your personal data, which we need for the processing of your order. Mandatory information required for the execution of contracts is marked separately, further information is voluntary. We process the data provided by you in order to process your order. We can pass on your payment data to our house bank for this purpose. The legal basis for this is Art 6 Para 1s. 1 lit. b GDPR.
If available on our website, you can voluntarily create a customer account through which we can store your data for later further purchases. When you create an account under “My Account” or “Register”, the data you provide will be stored revocably. You can always delete any other data, including your user account, in the customer area.
We may also process the information you provide in order to inform you about other interesting products in our portfolio or to send you e-mails with technical information.
- We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, after two years we will restrict the processing, which means that your data will only be used to comply with legal obligations.
- To prevent unauthorized access by third parties to your personal data, in particular financial data, the order process is encoded using TLS technology.
- Use of our booking portal
- If you wish to use our booking portal, in particular for booking courses, you have to register by entering your first name, last name, e-mail address, telephone number, date of birth and a password of your choice. We do not use the so-called double opt-in procedure for registration, which means that your registration is already completed when you have entered the necessary data, name, e-mail address, telephone numbers and birthday as well as your self-chosen password and click the “Register” button. The provision of the aforementioned data is mandatory, but you are free to provide additional information by using our portal.
After successful registration, you will receive a confirmation mail from our partner fitogram GmbH, including the General Terms and Conditions (GTC) and the Data Protection Guidelines / Privacy Statement of fitogram GmbH. You do not need to confirm this e-mail from our booking partner fitogram GmbH.
- This booking portal is not operated directly by us but by our partner fitogram GmbH (www.fitogram.de), who acts as an external service provider for us. For this purpose, information, including personal data, is passed on to this service provider or collected, stored and processed directly by this service provider on our behalf. This data and information will be used in accordance with fitogram GmbH‘s data protection guidelines / Privacy Statement, in particular for the purpose of error-free provision of the contents of the fitogram GmbH website and for the purpose of operating this booking portal. Please not that our booking partner fitogram GmbH provides itself the possibility to use your data for the analysis of your user behaviour. Your personal data will not be passed on to third parties, and in particular not for purposes other than those mentioned above. Excluded from this is only the disclosure and processing of personal data to fulfil a legal obligation within the meaning of Art. 6 Para. 1 lit. c. GDPR.
Should you be requested to transfer your payment data to us or to our booking partner fitogram Gmb H , such as account number for direct debit authorisation or credit card data, for the conclusion of a chargeable contract, such data is required for payment processing. In this case, the processing of personal data for the fulfilment of this contract is based on Art. 6 Para. 1 lit. b GDPR.
- If you use our portal, we store your data necessary for the fulfilment of the contract, including details of the method of payment, until you finally delete your access. Furthermore, we store the voluntary data provided by you for the duration of your use of the portal, unless you delete it beforehand.
- If you use the portal, your data may be accessible to other participants in the portal in accordance with the contractual service. Non-registered members will not receive any information about you. Your user name will be visible to all registered members, regardless of whether or not you have approved it. On the other hand, your entire profile with the data you have released will be visible to all members who have confirmed you as a personal contact. If you make content accessible to your personal contacts that you do not send by means of a private message, this content can be viewed by third parties as long as your personal contact has given permission. As far as you make postings in public groups, such postings are visible for all registered members of the portal.
- To prevent unauthorized access to your personal data by third parties, in particular financial data, the connection is encoded using SSL or TLS technology. Even this payment transaction using the means of payment possible with our booking partner fitogram GmbH, such as credit cards (VISA- or Master-Card) or direct debiting, is effected exclusively via an encoded SSL or TLS connection. You can recognize such an encoded connection by the fact that the address line of your browser changes from “http://” to “https://” and by the lock symbol in your browser line.
- As far as available on this website, you can give your consent and subscribe to our newsletter, with which we inform you about our current interesting offers. The goods and services advertised are specified in the declaration of consent.
- We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration we will send you an e-mail to the given e-mail address, in which we will ask you to confirm your request to receive the newsletter.
Unless you confirm your registration within 24 hours, your data will be blocked and automatically erased after one month. Moreover, we store the IP addresses you use and the dates of registration and confirmation.
The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
- Your e-mail address is the only mandatory information for sending the newsletter. The indication of further, separately marked data is voluntary and will be used to address you personally. After your confirmation we save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art 6 Abs 1 s. 1 lit. a GDPR.
- You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking the link provided in every newsletter e-mail or by sending a message to the contact data given in the imprint.
- Please note that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. For the evaluations we link the data mentioned under 5 and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click in them and infer your personal interests from this. We link this data to your activities on our website.
You may object to such tracking at any time by clicking the separate link provided in each e-mail or by informing us of another contact method. The information is stored as long as you have subscribed to the newsletter.
After unsubscribing, we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images in your e-mail program by default. In this case, the newsletter will not be displayed completely and you may not be able to use all functions. If you display the images manually, the above tracking is performed.
- Use of Google Analytics
- This website may also contain Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is enabled on this website, Google will previously shorten your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the US and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.
- The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data.
- This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are further processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you relates to a person, such possibility will be excluded forthwith and the personal data will immediately be erased.
- We use Google Analytics to analyse the use of our website and to improve it regularly. The statistics obtained will allow us to improve our services and render them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the US, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framwork. The legal basis for the use of Google Analytics is Art 6 Para. 1, s. 1 lit. f GDPR.
- This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your use in your customer account under “My data”, “Personal data”.
- Use of social media plug-ins
- The following social media plug-ins may be used on our website: Facebook, Google+, Twitter, Xing, T3N, LinkedIn, Flattr, Instagram. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the mark on the box above its initial letter or the logo. We offer you the possibility to directly communicate with the provider of the plug-in via the button. Only if you click on the marked field activating it this way, will the plug-in provider receive the information that you have called up the corresponding website of our online service. In addition, the data mentioned under § 3 of this Privacy Statement will be transmitted. In the case of Facebook and Xing, the IP address is made anonymous immediately after collection, according to information provided by the respective providers in Germany. By activating the plug-in, your personal data is transferred to the respective plug-in provider and stored there (in the case of US providers in the US). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking the grayed-out box.
- We have no influence on the collected data and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. Even for the deletion of the collected data by the plug-in provider, no information is available to us.
- The plug-in provider stores the data collected about you as user profiles and uses them for advertising, market research and/or the needs-based design of its website. Such evaluation is carried out in particular (also for users who are not logged in) in order to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such user profiles, in which case you will have to contact the respective plug-in provider to exercise this right. Through the plug-ins, we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art 6 Para 1 s. 1 lit. f GDPR.
- The data will be transferred regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be directly assigned to your existing account with the plug-in provider. If you press the activated button and link the page, the plug-in provider will also store this information in your user account and communicate it publicly to your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this will help you avoid your profile being assigned to the plug-in provider. ´
- More details on the purpose and scope of the data collection and processing by the plug-in provider are available in the following data protection declarations of such providers. There, you will also find further information on your rights in this respect and about setting options to protect your privacy.
- Facebook Custom Audiences
- The website can also use the remarketing function “Custom Audiences” of Facebook Inc. (“Facebook”). This allows users of the website to view interest-based advertisements (“Facebook Ads”) when visiting the Facebook social network or other sites that also use the process. Thus, we pursue the interest in displaying advertising to you that is of interest to you in order to make our website more interesting for you.
- Due to the marketing tools used, your browser will automatically establish a direct connection with the Facebook server. We have no influence on the extent and further use of the data collected through the use of this tool by Facebook and therefore inform you according to the information available to us: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding site of our website or clicked one of our advertisements.
If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered on Facebook or have not logged in, the provider may collect and store your IP address and other identifiers.
- The deactivation of the function “Facebook Custom Audiences” is possible for logged-in users under https://www.facebook.com/settings/?tab=ads#_m.
- The legal basis for the processing of your data is Art 6 Para 1 s. 1 lit. f GDPR. For more information about data processing by Facebook, please go directly to the Facebook website.
We reserve the right to adapt or amend this Privacy Statement at any time with to take effect in the future. The current version is available on our website.
As of: January 2019