With this information relating to data protection, we would accordingly like to inform you when and which data we store and how we use these – of course by complying with applicable case law. Data protection at ESCP Europe Wirtschaftshochschule Berlin e.V. is especially oriented to the European General Data Protection Regulation (GDPR) and the new German Federal Data Protection Act [neues Bundesdatenschutzgesetz – BDSGneu].
Data protection officer
Legal bases of the data processing
Provision of the website
Online application via the website
Use of Facebook and LinkedIn
Integration of services and contents of third parties
Google Tag Manager
Purposes of the processing of personal data
Recipients / forwarding of data
Data processing outside of the European Union
Protection of minors
Rights of the data subjects
Right to lodge a complaint at a supervisory authority
Erasure of data
Change to this data protection information
The data controller responsible for this website is:
ESCP Europe Wirtschaftshochschule Berlin e.V, Heubnerweg 8-10, 14059 Berlin, Tel.: +49 (0) 30 – 32 007 219, email: email@example.com
Data Protection Officer
The data protection officer of the data controller is: Berit Schubert, DataSolution LUD GmbH, Isarstraße 13, D-14974 Ludwigsfelde, Germany, Tel.: +49 (0) 3378 205729, email: firstname.lastname@example.org
Legal bases of the data processing
In order to be able to offer you our website and the related services we process personal data on the following legal bases:
– Consent (Art. 6 Para. 1 lit. a) GDPR)
– to fulfil contracts (Art. 6 Para. 1 lit. b) GDPR
–on the basis of a weighing up of interests (Art. 6 Para. 1 lit. f) GDPR)
– to fulfil a legal obligation (Art. 6 Para. 1 lit. c) GDPR)
In connection with the respective processing we will refer to the corresponding terms so that you can classify on which basis we process personal data.
When personal data are processed on the basis of a consent granted by you, you have the right to revoke the consent towards us at any time with effect for the future.
When we process data on the basis of a weighing up of interests you have as the data subject the right, by taking the stipulations of Art. 21 GDPR into consideration, to object to the processing of the personal data.
Provision of the Website
When you visit our website, personal data are processed in order to be able to display the contents of the website to you on your terminal device. In order for it to be possible to present the pages in your browser it is necessary to process the IP address of the terminal device used by you. In addition, there is further information about the browser of your terminal device. Under data protection law we are also obliged to guarantee the confidentiality and integrity of the personal data processed with our IT systems.
For this purpose and due to this interest, the following data are recorded on the basis of a weighing up of interests:
– IP address of the computer that calls up the website (for a maximum of 7 days)
– Operating system of the calling computer
– Browser version of the calling computer
– Name of the retrieved file
– Date and time of the retrieval
– Transferred data volume
– Referring URL
The IP address will be deleted after 7 days at the latest from all systems, which are used in connection with the operation of this website. We can then no longer establish a reference to a person from the remaining data.
The data are furthermore also used in order to be able to determine and remedy errors on the website.
We offer a contact form on our website through which you can request information regarding our products or services, or you can contact us generally. We have marked the data from you which it is essential to enter in order to answer a request as mandatory fields. Details relating to further data fields are voluntary. We need these details in order to process your request, to address you correctly and to send you a reply. The data processing is carried out with concrete requests in order to fulfil a contract respectively to initiate a contract. In case of general requests, the processing is carried out on the basis of a weighing up of interests.
Requests, which are received via the contact form of our website are processed by us electronically in order to answer your request. In this context if applicable also further persons or departments and, if applicable, third parties will gain knowledge of the form contents that you have sent.
The transmission of the form data via the internet is carried out via encrypted connections.
Online Application via the Website
You can apply for a job online on our website. For this purpose, it is necessary to register in our applicant management system. Personal data are collected for the registration, which are necessary for the reciprocal, proper fulfilment of the contract. These shall include: Form of address, first and last name, title, street and town, telephone number, email address, country as well as voluntary details.
If you carry out an online application from our websites then this takes place through the online application system of Aurion Corporation Pty Ltd, Australia. All booking data entered by you are transferred in an encrypted form. Aurion has obligated to handle your transmitted data by conforming with data protection. It takes all organisational and technical measures for the protection of your data. The data are exclusively used for processing the application and for communication. The legal basis can be derived from the contract initiation relationship pursuant to Art. 6 Para. 1 lit. b GDPR.
In order to improve our services, the applicant’s data are forwarded to central offices of the Hochschule in Paris, France. The data controller is ESCP Europe Wirtschaftshochschule Berlin e.V. The respective applicant’s data can only be viewed by the data controller, the access to the master data of an applicant is used together e.g. in order to carry out marketing activities in a centralised manner. The legal basis for the processing of the data is our legitimate interest in the data processing pursuant to Art. 6 Para. 1 lit. f GDPR within the scope of a central administration and use of the data of our students and interested parties as well as business partners within ESCP Europe.
On our website it is possible to grant us the consent to send you information relating to events, courses, offers, etc. in various ways. If a user takes advantage of this possibility the data entered in the input mask, e.g. from the contact form will be stored in our CRM system. The data transmitted to us may be: First name, last name, email address, telephone number, country, Postal Code/town, language* (*mandatory details).
If you grant us the consent the data will be stored in the mailing system of Mailchimp Inc., USA. Mailchimp has obliged to handle your transmitted data conform to data protection law. It takes all organisational and technical measures for the protection of your data.
The transfer of your data to a third country, in this case USA, was protected by corresponding guarantees in the form of the certification of the service provider in the Privacy Shield.
For the support, advice and solicitation of corporate customers we collect and use, in addition to the business partner or also potential business partner, the contact, telephone number and the postal address. We receive the information from various sources, either through a request (email or by telephone), but also through events, trade fairs, business cards, which our sales and distribution employees receive, etc. The data are stored in the CRM module of our central hotel software.
The data will not be forwarded to third parties in this context. The data are exclusively used for the stated purposes.
Cookies are small files, which make it possible to store specific information, relating to the device, on the access device of the users (PC, smartphone etc.). They serve on the one hand, to improve the user-friendliness of websites and therefore for the users (e.g. storage of login data). On the other hand, they serve to record the statistical data of the website use and to be able to analyse these data for the purpose of improving the offer. The users can influence the use of the cookies. The majority of browsers have an option with which the storage of cookies is restricted or prevented completely. However, it is pointed out that the use and in particular the convenience of use are restricted without cookies.
You can manage many online ad cookies from companies through the US
site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/.
Which types of cookies are there?
- Urgently required cookies – This type of cookies are always activated as they are necessary for the basic functions of the website. These include cookies, with which it can be stored where a person is moving on the site.
- Functionality and efficiency – With these analytical cookies the functionality of the site can be improved by the anonymous tracking of user behaviour. The speed can also be increased through these cookies, with which for example requests can processed. The communication with Facebook, Twitter or other social networks also falls under this category.
You can stipulate in your browser settings that you will be informed about the setting of cookies and you only permit cookies in an individual case, you exclude the acceptance of cookies for certain cases or generally as well as activate the automatic deletion of the cookies when closing the browser.
Use of Facebook and LinkedIn
So-called social plugins (“plugins”) of the social networks Facebook and LinkedIn are used on our website. These services are offered by the following companies:
• Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”)
• LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
If you call up our web presence your browser will establish a direct connection to the servers of the provider. The content of the plugins will be transmitted directly to your browser by the respective provider and integrated into the site. By the activation of the plugins the providers receive the information that your browser has called up the corresponding page of our web presence, even if you do not possess a profile or are not logged in at that moment. This information (including your IP address) is transmitted directly from your browser directly to a server of the respective provider and is stored there.
If you are logged into one of the services, the providers can directly allocate the visit to our website to your profile. If you interact with the plugins, for example press the “f” button, the corresponding information is also transmitted directly to a server of the provider and stored there.
With regard to the purpose and scope of the data collection and the further processing and use of the data by the provider as well as your rights in this respect and setting options for the protection of your privacy please refer to the data protection information of the provider.
Integration of Services and Contents of Third Parties
Use of Google Analytics, Google Convers Tracking and Google Remarketing
Our internet presence uses Google Analytics, Google AdWords Conversion Tracking and Google Remarketing. These are services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
Use of Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”) on the legal basis of the prevailing legitimate interest (analysis of the website use). For this purpose, we have concluded a data processing agreement with Google.
This website uses the function “IP-anonymisation”. Through this feature, your IP address is truncated beforehand by Google within member states of the European Union or in other contracting states of the Treaty on the European Economic Area and therefore anonymised. Only in exceptional cases will the full IP address be transferred to a server of Google in the USA and truncated there.
According to the details of Google, Google will use the collected data in order to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the website use and the internet use.
Deactivate Google Analytics
- You can prevent the recording of your user data on our website generally by setting “Do Not Track” in your web browser. Our website takes the “Do Not Track” signal into consideration that your web browser then sends to all websites.
- You can prevent the recording of your user data by Google Analytics generally on all websites, by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de
- You can only prevent the recording of your user data by Google Analytics on this website by clicking on the following link. An opt-out cookie will be set that prevents the recording of your data on future visits to this website: Deactivate Google Analytics.
Google Adwords Conversion Tracking
We use Google AdWords in order to display advertising to you on websites of Google and other third parties. With the Conversion-Tracking we can determine how successful the individual advertising measures are. We thus track the purpose of displaying advertising to you, which is of interest for you and in order to design our website more interesting for you. The legal basis for the processing of your data is Art. 6 Para. 1 lit. f GDPR.
These cookies enable Google to recognise your internet browser again. If a user visits certain pages of the website of an AdWords customer and the cookie stored on hits computer has not expired yet Google and the customer can recognise that the user clicked on the advertisement and was forwarded to this site. A different cookie will be allocated to each AdWords customer. Cookies can therefore not be tracked via the websites of AdWords customers. We do not collect and process any personal data in the stated advertising measures ourselves. Merely statistical evaluations are made available to us by Google. Based on these evaluations we can recognise which of the used advertising measures are particularly effective. We do not receive further data from the use of the advertising means, in particular we cannot identify the users based on this information.
Owing to the used marketing tools your browser automatically establishes a direct connection to servers of Google. We have no influence on the scope and the further use of the data collected by Google and inform you in accordance with our level of knowledge: Through the integration of AdWords Conversion-Tracking Google receives the information that you have called up the corresponding part of our internet presence or have clicked on one of our advertisements. If you are registered with a service of Google, Google can allocate the visit to your account. Even if you are not registered at Google or have not logged in there is the possibility that the provider finds out and stores your IP address.
You can prevent the storage of the cookies by a corresponding setting of your browser software; however, we would like to point out that in this case you will, if applicable, not be able to use all functions of this website in full. You can in addition prevent the recording of the data generated by the cookie and that relate to your use of the website (incl. your IP address) and their transfer to Google as well as the processing of these data by Google by downloading and installing the browser plugin available under the following link: http://www.google.com/settings/ads/plugin. Google takes part in the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. You can find further information relating to data protection at Google here: https://policies.google.com/privacy?hl=de.
Google Tag Manager
This website uses the Google Tag Manager. Google Tag Manager is a solution with which the marketers can manage website tags via an interface. The tool Tag Manager itself (that implements the tags) is a cookie-less domain and does not collect any personal data. The tool ensures the triggering of other tags, which on their part, under certain circumstances, collect data. Google Tag Manager does not access these data. If a deactivation was carried out on domain or cookie level, these will continue to exist for all tracking tags, which are implemented with Google Tag Manager.
This site uses the map service Google Maps through an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to use the functions of Google Maps it is necessary to store your IP address. This information is, as a rule, transferred to a server of Google in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps is carried out in the interest of a corresponding presentation of our online offers and in it being easy to find the locations stated by us on the website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
Our website uses plugins of the YouTube site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages fitted with a YouTube plugin a connection is established to the servers of YouTube. The Youtube server is informed in this case which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to allocate your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
On our Facebook Fanpage under: https://www.facebook.com/escpberlincampus/ we use plugins of the provider Facebook.com, which are made available by the company Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA. Through the use of the Fanpage data are forwarded to the Facebook servers, which include information about your visits to our Fanpage. For Facebook users who are logged in this has the consequence that the usage data are allocated to your personal Facebook account. As soon as you as a logged in Facebook user actively use the Facebook plugin (e.g. by clicking on the “Like” button or by using the comment function), these data are transferred to your Facebook account and published. You can only avoid this by previously logging out of your Facebook account.
We have no precise knowledge of which data Facebook stores and uses. Therefore, as a user of the Fanpage you must expect that Facebook also consistently stores your actions on the Fanpage.
By clicking on the “Like” button Facebook receives your IP address, processor type and browser version. Through your IP address Facebook could, together with other data as well as your real name, if you have entered this with your Facebook profile, determine your identity and customary habits under this profile. If you always log into Facebook through this user profile, Facebook could in particular find out your preferences, contacts and lifestyle.
Purposes of the Processing of Personal Data
We process the aforementioned data for the operation of our website and to fulfil contractual obligations towards our customers or to safeguard our legitimate interests.
In case of requests from you aside from an active customer relationship we process the data for purposes of distribution and marketing. You can object to a use of your personal data for marketing purposes at any time.
Insofar as you make data available to us voluntarily e.g. in forms and these are not necessary to fulfil our contractual obligations, we process these data in the justified assumption that the processing and use of these data is in your interest.
Recipients /Forwarding of Data
Data, which you provide to us, are principally not forwarded to third parties. In particular your data are not forwarded to third parties for their marketing purposes.
However, we use, if applicable, service providers for operating this website or for further of our products or services. It may occur here that a service provider gains knowledge of personal data. We select our service providers carefully – in particular with regard to data protection and data security – and take all measures that are necessary under data protection law for admissible data processing.
Data processing outside of the European Union
Insofar as personal data are processed outside of the European Union you can see this from the previous statements.
Protection of Minors
This service is mainly directed at adults. We currently do not market any special areas for children. Accordingly, we neither deliberately collect information to determine ages, nor do we deliberately collect personal data of children below the age of 16. However, we would like to point out to all visitors of our website below the age of 16 not to disclose or make available any personal data through our service. In the event that we determine that a child below the age of 16 has made personal data available to us, we will erase the personal data of the child from our files, insofar as this is technically possible.
Rights of the Data Subjects
If your personal data are processed, you are a data subject within the meaning of GDPR and you are entitled to the following rights against the data controller: You have a right to receive information regarding the personal data stored in relation to your person, about the purposes of the processing, about possible transmissions to other bodies and about the duration of the storage.
Should data be incorrect or no longer required for the purposes, for which they were collected, you can request the rectification, erasure or restriction of the processing. Insofar as envisaged in the processing activities you can also view your data yourself and correct these if applicable.
Should reasons arise from your particular personal situation against a processing of your personal data, you can, insofar as the processing is supported on a legitimate interest, object hereto. The data controller will no longer process the personal data relating to you, unless it can prove essential reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercising or defence of legal claims.
If the personal data relating to you are processed in order to conduct direct marketing, you have the right to file an objection at any time against the processing of the personal data relating to you for the purpose of such marketing; this shall also apply to profiling, insofar as it is associated with such direct marketing. If you object to the processing for purposes of direct marketing or profiling the personal data relating to you will no longer be processed for these purposes.
You have the right to revoke your declaration of consent under data protection law at any time. Through the revocation of the consent the lawfulness of the processing carried out owing to the consent until the revocation will not be affected.
In case of questions regarding your rights and to safeguard your rights please contact the data controller or the data protection officer.
Right to Lodge a Complaint at a Supervisory Authority
As a data subject you have the right, irrespective of any other legal remedy under administrative law or in a court, to lodge a complaint at a supervisory authority for data protection, in particular in the member state of your place of abode or the place of the presumed breach, if you are of the opinion that the processing of the personal data relating to you breaches data protection.
The supervisory authority, to which the complaint is submitted, will notify you of the status and result of your complaint including the possibility of a legal remedy in court.
Erasure of Data
We will principally erase personal data when there is no necessity for further storage. A necessity can in particular exist if the data are required still in order to fulfil contractual services, to be able to examine and grant warranty and, if applicable, guarantee claims or to be able to defend ourselves against such claims. In the event of statutory storage obligations an erasure can only be taken into consideration after expiry of the respective storage obligation.
We use technical and organisational security measures pursuant to Art. 32 GDPR in order to protect your data managed by us against accidental or wilful manipulation, loss, destruction or against access by unauthorised persons. Our security measures are continuously improved in line with the technological development. The access hereto is only possible for a few authorised persons and persons obliged to special data protection, who are occupied with the technical, administrative or editorial supervision of data.
Change to this Data Protection Information
We revise this data protection information in case of changes to this website or for other reasons, which render this necessary. You can always find the respective current version on this website.
Status | September 2020 | © Copyright ESCP Business School