Privacy Policy
This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and its associated websites, features, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “Online Offering”). With regard to the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Bjeen Alhassan
c/o Thomas Rechtsanwälte
Oranienburger Str. 23
10178 Berlin
Info@transfer-of-knowledge.com
www.transfer-of-knowledge.com/impressum
Types of Data Processed:
- Inventory data (e.g., names, addresses).
- Contact data (e.g., email, phone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Categories of Data Subjects
Visitors and users of the Online Offering (hereinafter collectively referred to as “users”).
Purpose of Processing
- To provide the Online Offering, its features, and content.
- To respond to contact requests and communicate with users.
- Security measures.
- Reach measurement/marketing.
Terminology Used
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.
“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data in order to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects of that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
“Controller” means the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
Relevant Legal Bases
In accordance with Article 13 GDPR, we inform you of the legal bases for our data processing. If the legal basis is not stated in the Privacy Policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR; the legal basis for processing for the performance of our services and the execution of contractual measures as well as responding to inquiries is Article 6(1)(b) GDPR; the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR; and the legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
Security Measures
We take appropriate technical and organizational measures in accordance with Article 32 GDPR, taking into account the state of the art, the cost of implementation, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
These measures include ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as controlling access, input, disclosure, availability, and separation of data. Furthermore, we have procedures in place to ensure that data subjects’ rights are respected, that data is deleted, and that we respond to data breaches. We also consider the protection of personal data during the development or selection of hardware, software, and procedures according to the principle of data protection by design and by default (Article 25 GDPR).
Collaboration with Processors and Third Parties
If we disclose data to other persons and companies (processors or third parties) in the course of our processing, transmit it to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if the transfer of data to third parties, such as payment service providers, is necessary for contract fulfillment under Article 6(1)(b) GDPR), if you have given your consent, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called “data processing agreement,” this is done on the basis of Article 28 GDPR.
Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosure, or transfer of data to third parties, this is done only if it is necessary to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or permit the processing of data in a third country only if the special requirements of Articles 44 et seq. GDPR are met. That is, processing takes place on the basis of special guarantees, such as the officially recognized determination of an EU-compliant level of data protection (e.g., for the USA under the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
Rights of Data Subjects
You have the right to request confirmation as to whether relevant data is processed and to obtain information about this data, as well as further information and a copy of the data, in accordance with Article 15 GDPR.
You have the right, in accordance with Article 16 GDPR, to request the completion of data concerning you or the correction of inaccurate data concerning you.
In accordance with Article 17 GDPR, you have the right to request that relevant data be deleted immediately, or, alternatively, to request a restriction of the processing of the data in accordance with Article 18 GDPR.
You have the right to request that the data relating to you that you have provided to us be received in accordance with Article 20 GDPR and to request its transfer to other controllers.
Furthermore, in accordance with Article 77 GDPR, you have the right to file a complaint with the competent supervisory authority.
Right of Withdrawal
You have the right to withdraw consents granted pursuant to Article 7(3) GDPR with future effect.
Right to Object
You may object at any time to the future processing of data concerning you in accordance with Article 21 GDPR. The objection may, in particular, be made against processing for direct marketing purposes.
Cookies and Right to Object to Direct Advertising
“Cookies” are small files that are stored on the users’ devices. Various information can be stored within the cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. “Temporary cookies,” “session cookies,” or “transient cookies” are cookies that are deleted after a user leaves an online offering and closes their browser. For example, such a cookie can store the content of a shopping cart in an online shop or a login status. “Permanent” or “persistent” cookies remain stored even after the browser is closed. For example, the login status can be saved if the user revisits the site after several days. Similarly, user interests can be stored in such a cookie and used for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the controller operating the online offering (if it is only their cookies, they are known as “first-party cookies”).
We may use temporary and permanent cookies and will explain this within our Privacy Policy.
If users do not wish cookies to be stored on their device, they are asked to disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may lead to functional restrictions of this online offering.
A general objection to the use of cookies for online marketing purposes can be made for a number of services, especially in the case of tracking, via the U.S. page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in the browser’s settings. Please note that not all functions of this online offering may be available if cookies are disabled.
Deletion of Data
The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated within this Privacy Policy, data stored by us will be deleted as soon as it is no longer necessary for its intended purpose and if there are no legal retention requirements preventing deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements in Germany, storage takes place in particular for 10 years in accordance with Sections 147(1) of the AO, 257(1) No. 1 and 4, (4) HGB (German Commercial Code) (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and for 6 years in accordance with Section 257(1) No. 2 and 3, (4) HGB (commercial letters).
According to legal requirements in Austria, data is retained in particular for 7 years pursuant to Section 132(1) BAO (accounting records, receipts/invoices, accounts, vouchers, business papers, statements of income and expenses, etc.), for 22 years in connection with real estate, and for 10 years for documents related to electronically provided services, telecommunications, broadcasting, and television services provided to non-entrepreneurs in EU Member States for which the Mini-One-Stop-Shop (MOSS) is used.
Business-Related Processing
We additionally process
- Contract data (e.g., contract subject, duration, customer category)
- Payment data (e.g., bank details, payment history) from our customers, interested parties, and business partners for the purpose of providing contractual services, customer service, marketing, advertising, and market research.
Agency Services
We process our clients’ data in the context of our contractual services which include conceptual and strategic consulting, campaign planning, software and design development/consultation or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services, and training services.
We process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., email, telephone numbers), content data (e.g., text input, photographs, videos), contract data (e.g., subject matter, term), payment data (e.g., bank details, payment history), usage data, and metadata (e.g., within the scope of evaluating and measuring the success of marketing measures). We generally do not process special categories of personal data unless they are part of commissioned processing. Data subjects include our customers, interested parties, and their customers, users, website visitors, or employees as well as third parties. The purpose of the processing is to provide contractual services, billing, and our customer service. The legal basis for processing arises from Article 6(1)(b) GDPR (contractual services), Article 6(1)(f) GDPR (analysis, statistics, optimization, security measures). We process data necessary for the establishment and fulfillment of the contractual services and point out the necessity of their provision. Disclosure to external parties occurs only if required within the scope of an order. When processing data provided to us as part of an order, we act in accordance with the instructions of the principals and legal requirements for order processing under Article 28 GDPR and do not process the data for any other purposes than those specified in the order.
We delete the data after the expiry of legal warranty and comparable obligations. The necessity of data retention is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiration (6 years pursuant to Section 257(1) HGB, 10 years pursuant to Section 147(1) AO). If data has been disclosed to us by the client in connection with an order, we delete the data in accordance with the instructions of the order, generally after the end of the order.
Administration, Financial Accounting, Office Organization, Contact Management
We process data within the scope of administrative tasks, business organization, financial accounting, and compliance with legal obligations, such as archiving. We process the same data that we process in the context of providing our contractual services. The legal bases for processing are Article 6(1)(c) GDPR, Article 6(1)(f) GDPR. Customers, interested parties, business partners, and website visitors are affected by this processing. The purpose and our interest in the processing lie in administration, financial accounting, office organization, and data archiving—that is, tasks that serve the maintenance of our business activities, the performance of our tasks, and the provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.
In this context, we disclose or transmit data to tax authorities, consultants such as tax accountants or auditors, as well as other fee offices and payment service providers.
Furthermore, based on our business interests, we store information about suppliers, organizers, and other business partners, e.g., for the purpose of contacting them at a later date. We generally store this business-related data permanently.
Contacting Us
When users contact us (e.g., via contact form, email, telephone, or social media), the user’s information will be processed to handle the contact request and its processing in accordance with Article 6(1)(b) GDPR. The users’ data may be stored in a Customer Relationship Management (CRM) system or a comparable inquiry management system.
We delete inquiries if they are no longer necessary. We review necessity every two years; furthermore, the statutory archiving obligations apply.
Hosting and Email Dispatch
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services, as well as technical maintenance services that we use to operate this Online Offering.
In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta, and communication data of customers, interested parties, and visitors of this Online Offering on the basis of our legitimate interest in an efficient and secure provision of this Online Offering pursuant to Article 6(1)(f) GDPR in conjunction with Article 28 GDPR (conclusion of a data processing agreement).
Google Analytics
Based on our legitimate interests (i.e., interest in the analysis, optimization, and economical operation of our Online Offering within the meaning of Article 6(1)(f) GDPR), we use Google Analytics, a web analytics service of Google LLC (“Google”). Google uses cookies. The information generated by the cookie about users’ use of the Online Offering is generally transmitted to and stored by Google on servers in the USA.
Google is certified under the Privacy Shield framework, providing a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate users’ use of our Online Offering, to compile reports on the activities within this Online Offering, and to provide us with other services related to the use of this Online Offering and the internet. Pseudonymous usage profiles of users can be created from the processed data.
We use Google Analytics only with IP anonymization enabled. This means that the IP address of users will be shortened by Google within member states of the EU or other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software settings accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the Online Offering to Google and the processing of such data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information about Google’s data usage, settings, and objection options can be found in Google’s Privacy Policy (https://policies.google.com/technologies/ads) and in the settings for displaying advertising by Google (https://adssettings.google.com/authenticated).
The users’ personal data will be deleted or anonymized after 14 months.
Online Presences in Social Media
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
Unless otherwise stated in our Privacy Policy, we process users’ data if they communicate with us on social networks and platforms, e.g., write posts on our online presences or send us messages.
Integration of Third-Party Services and Content
We use content or service offerings of third-party providers within our Online Offering on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economical operation of our Online Offering within the meaning of Article 6(1)(f) GDPR) to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always requires that the third-party providers of this content perceive the users’ IP address, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We strive to use only content whose providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate the visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users’ device and, among other things, contain technical information about the browser and operating system, referring websites, visit time, and other details about the use of our Online Offering, as well as be linked to such information from other sources.
Google Fonts
We integrate the fonts (“Google Fonts”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Google Maps
We integrate the maps of the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may in particular include the users’ IP addresses and location data, which, however, are not collected without their consent (usually as part of the settings on their mobile devices). The data may be processed in the USA.
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticate