Privacy Policy

2. CONTACT DATA AND RIGHT TO INFORMATION

This data privacy policy applies to data processing by ISM International School of Management GmbH, Otto-Hahn-Strasse 19, D-44227 Dortmund, and for the following websites and/or applications: www.ism.de, en.ism.de and blog.ism.de.

You have a right to free information about your personal data stored by us and, if applicable, a right to correction, blocking or deletion of this data. If you have any questions about the collection, processing or use of your personal data, for information, correction, blocking or deletion of data and revocation of consents granted or objection to a particular use of data, please contact us directly: This email address is being protected from spambots. You need JavaScript enabled to view it.

We have appointed Mr. Marc Althaus as our external company data protection officer, who continuously works to ensure compliance with data protection regulations and carries out regular checks. You can find the contact details here:

Contact form:
https://www.dsextern.de/anfragen

DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
D-22589 Hamburg, Germany

3. PURPOSE OF DATA COLLECTION, LEGAL BASIS, INTERESTS AND CATEGORY OF RECIPIENTS

3.1 Accessing our website/application

When you access our website/application, the browser used on your end device automatically sends information to the server of our website/application and temporarily stores it in a so-called log file. We have no influence on this. The following information is collected without your intervention and stored until automatic deletion after seven days:

1. IP address of the requesting Internet-enabled device,
2. Date and time of access,
3. Name and URL of the file retrieved,
4. Website/Application from which the access was made (referrer URL),
5. Browser used and, if applicable, the operating system of your Internet-enabled computer
6. Name of your access provider
7. Language, country, city
8. Screen resolution
9. Demographic characteristics: age, gender
10. Search keyword

The legal basis is Article 6 (1)(f) GDPR. Our legitimate interest follows from the purposes of data collection listed below. At this point, we would like to point out that we are not able to draw any conclusions about your identity from the collected data and that we will not do so.

The IP address of your terminal device and the other data listed above are used by us for the following purposes:

1. Ensuring smooth connection establishment,
2. Ensuring a comfortable use of our website/app,
3. Evaluating system security and stability as well as
4. Other administrative purposes

Furthermore, we use so-called cookies, tracking tools and targeting methods for our website/application. The exact procedures involved and how your data is used for this purpose is explained in more detail below in section 3.3.4.

If you have consented to so-called geolocation in your browser or in the operating system or other settings on your terminal device, we do not use this function. However, you may receive individual services based on your current location through the search engines you use or other online service providers.

3.2 Conclusion, execution or termination of a contract

3.2.1 Data processing upon conclusion of a contract

The object of ISM's activities is the provision of services and the distance sale of goods, retail trade within the scope of the permits issued by the authorities and the serial production of the goods to be offered. In this context, we process the data required for the conclusion, execution or termination of a contract. This includes:

1. Last name / Birth name
2. First name
3. Place of birth
4. Country of birth
5. Date of birth
6. Gender
7. Nationality
8. Address(es)
9. Email address(es)
10. Entry date
11. Billing and payment information
12. Phone number(s)
13. Study program
14. Other courses booked (e.g. pre-courses)
15. Registration for exams
16. Exam results
17. Study contract
18. If available, further supplementary documents to the study contract

The legal basis for this is Article 6 (1)(b) GDPR. Insofar as we do not use your contact data for advertising purposes (see 3.3. below), we store the data collected for the processing of the contract until the expiry of the statutory or possible contractual warranty and guarantee rights. After expiration of this period, we retain the information of the contractual relationship required by commercial and tax law for the periods determined by law. For this period (regularly ten years from the conclusion of the contract), the data is processed again solely in the event of an audit by the tax authorities.

Furthermore, the above-mentioned data will be forwarded to foreign partner universities as part of your mandatory semester abroad.

3.2.2 Identity, creditworthiness and transmission of data to credit agencies and debt collection companies

If necessary, we may verify your identity by using information from service providers. The legal basis for this is Article 6(1)(b) and (f) of GDPR. The authorization for this results from the protection of your identity and the prevention of fraud attempts at our expense. The circumstance and the result of our request will be added to your customer account or your guest account for the duration of the contractual relationship.

In the course of the ordering process, we also check your creditworthiness in order to be able to show you only the payment methods that can be used by you. For this purpose, we transmit the following types of data to so-called credit agencies cooperating with us: Name, address, date of birth. The legal basis for this is the following declaration of consent by you within the meaning of Article 6(1)(a) GDPR:

I hereby consent to the verification of my creditworthiness by ISM. I am aware that the check is already carried out at the beginning of the order process and that I can revoke my consent at any time.

You can revoke your consent at any time with effect for the future by sending a declaration to the address given under "Contact". The revocation of consent does not affect the lawfulness of the personal data processed until the revocation. If you do not want to give the above consent, please give us before you initiate the completion of your purchase a corresponding note or use the option of guest ordering. In this case, however, we can only offer you payment methods that are not associated with a credit risk for ISM. The circumstance and the result of our inquiry will be saved to your customer account for the duration of the contractual relationship.

If you have already made a purchase from us, the data we have stored about you may be supplemented by so-called score values. Scoring is the creation of a forecast of future events based on information collected and experience gained in the past. On the basis of the data stored about you, an assignment is made to statistical groups of people who have had similar entries in the past. The underlying method used is a well-founded mathematical-statistical method for forecasting risk probabilities that has been tried and tested in practice for a long time.

In the event of a delay in payment, we will transmit the necessary data to a company commissioned to enforce the claim if the other legal requirements are met. The legal bases for this are both Article 6(1)(b) and Article 6(1)(f) GDPR. The assertion of a contractual claim is to be regarded as a legitimate interest within the meaning of the second-named provision. We also transmit information about the delay in payment or a possible bad debt to credit agencies cooperating with us if the other legal requirements are met. The legal basis for this is Article 6(1)(f) GDPR. The legitimate interest which this requires arises from our and third parties’ interest in reducing contract risks for future contracts.

In order to collect our outstanding receivables, we transfer this function to a collection agency and, in this context, pass on the necessary data to the collection agency commissioned by us. This company first checks the legitimacy of the receivables transferred for collection and then sends a reminder for the delinquent invoice in writing or, if necessary, by telephone. If payment is refused, the collection agency will initiate legal dunning proceedings if necessary. There is also the possibility of execution as well as the seizure of realizable objects.

3.2.3 Transmission of data to partner companies

ISM transmits the data collected during the application process for a study place (according to 3.2.1) as a curriculum vitae with attachments to qualified partner companies in order to support dual or part-time students in their search for a dual or partner in the run-up to their studies. The data will only be transmitted to partners exclusively for the application process. This data is deleted after completion of the application process or studies, unless longer legal retention periods exist.

3.3 Data processing for advertising purposes

3.3.1 Advertising purposes of ISM and third parties

Insofar as you have concluded a contract with us, we manage you as an existing customer. In this case, we process your contact data in order to send you information about new and similar products and services. From time to time, we transmit your postal contact data to contract partners selected by us with special care as service providers, so that they can inform you about new and similar products of ISM.

3.3.2 Advertising in line with interests

To ensure that you only receive information that is of supposed interest to you, we categorize and add further information to your customer profile. Statistical information as well as information about you (e.g. basic data of your customer profile) is used for this purpose. The aim is to send you advertising that is geared solely to your actual or perceived needs and, accordingly, not to bother you with useless advertising.

The legal basis for the aforementioned data processing is in each case Article 6(1)(f) GDPR. The processing of existing customer data in this way for our own advertising purposes or for the advertising purposes of third parties is to be regarded as legitimate interest.

3.3.3 Right of objection

You can object to data processing for the aforementioned purposes separately for the respective communication channel at any time and with effect for the future. For this purpose, it is sufficient to send an e-mail or a postal letter to the contact details mentioned under section 1.

If you object, the contact address concerned will be blocked for further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent after receipt of your objection. This is due to technical reasons and does not mean that we will not implement your objection. Thank you for your understanding.

3.3.4 Cookies - general information

We use so-called cookies in our systems on the basis of Article 6 (1)(f) GDPR. Our interest in optimizing our website is to be regarded as legitimate in the sense of the aforementioned provision. Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. In the cookie, information is stored that arises in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity. The use of cookies serves to make the use of our offer more pleasant for you. For the purpose of user-friendliness, we use permanent cookies that are stored on your end device for a period of 30 days. If you visit our site again to use our services, it is automatically recognized that you have already been with us and what entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies in order to statistically record the use of our website and to evaluate it for the purpose of optimising our offer and content for you as well as to display information tailored specifically to you. These cookies allow us to automatically recognize that you have already visited us when you visit our website again. These cookies are deleted automatically after a period of 30 days. Most internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, disabling cookies completely may mean that you cannot use all the features of our website. The storage period of cookies depends on their purpose and is not the same for all.

3.3.4.1 Cookie Consent with Usercentrics

This website uses the cookie consent technology of Usercentrics to obtain your consent to store certain cookies on your terminal device or to use of certain technologies, and to document this consent in accordance with data protection law.

Operator of Usercentrics:
Usercentrics GmbH
Rosental 4
80331 Munich

Information about Usercentrics' privacy policy can be found here: https://usercentrics.com/de/datenschutzerklaerung/

When you enter our website, the following personal data is transferred to Usercentrics:

1. Your consent(s) or revocation of consent(s)
2. Information about your browser
3. Information about your terminal device
4. Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consents granted to you or its revocation. The data collected in this way will be stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 paragraph 1 p.1 lit.c GDPR.

3.3.4.2 Prevent cookies from being set

If you want to prevent cookies from being set, you can - in addition to or instead of our cookie consent solution - set cookies on the website in a more general way:

Browser settings

Most browsers are set to accept cookies by default, but you can set your browser to reject cookies or ask for confirmation from you first. The help function in the menu bar of most web browsers explains how you can prevent your browser from accepting new cookies, how you can have your browser notify you when you receive new cookies, or even how you can delete all cookies you have already received and have the browser block all others.

However, if you refuse cookies, this may result in the unavailability of part of our website (and services of other websites) and thus some functions can not be used. Also, cookies usually need to be enabled to object to the use of programs / uses (because of the setting of his objection (opt-out cookies).

3.3.5 Google Analytics

For the purpose of needs-based design and ongoing optimization, we use Google Analytics, a web analytics service provided by Google Inc ("Google"), on the basis of Article 6(1)(f) GDPR. In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website such as

1. Browser type/version,
2. Operating system used,
3. Referrer URL (the site previously visited),
4. Host name of the accessing computer (IP address),
5. Time of the server request,

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible. The retention period of the data sent by you and linked to cookies, user IDs or advertising IDs is 14 months. With each new activity, the period is set to the current duration plus the retention period mentioned.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

3.3.5.1 Google Optimize

On our website we use the web analysis and optimization service "Google Optimize", which is provided by

Google LLC

1600 Amphitheatre Parkway

Mountain View, California 94043, USA

We use the Google Optimize service to increase the attractiveness, content and functionality of our website by playing new features and content to a percentage of our users and statistically evaluating the change in usage. Google Optimize is a sub-service of Google Analytics (see´section Google Analytics).

Google Optimize uses cookies to help optimize and analyze how you use our website. The information generated by these cookies about your use of our website is usually transferred to a Google server in the USA and stored there. We use Google Optimize with activated IP anonymization, so that your IP address is shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area before. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity fo website optimisation purposes and providing other services relating to website activity and internet usage.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. For more information about the data collection and processing by Google, please refer to Google's privacy policy, which you can access at https://policies.google.com/privacy?hl=en.

3.3.6 Google Tag Manager

This website uses Google Tag Manager. Operator of Google Tag Manager is:
Google LLC
1600 Amphitheatre Parkway
Mountain View, California 94043, USA

Through this service, website tags can be managed through one interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected.

The Google Tag Manager is a tool for managing website tags. Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.

3.3.7 Google Enhanced Conversion Tracking

On our website, we use a Web Tracking Service of the company

Google Ireland Limited
Gordon House, Barrow Street 4
Dublin, Ireland

(hereinafter: Google Enhanced Conversion). With the help of Google Enhanced Conversions, ISM collects conversion data.

Google Enhanced Conversion Tracking is a feature that can increase the accuracy of our conversion measurement. It sends hashed first-party conversion data from our website to Google in a secure manner as part of an addendum to existing conversion tags. Customer information is not shared with other advertisers. Access controls and encryption are in place to prevent unlawful access. You can revoke the data collection and storage at any time with effect for the future.

3.3.8 Targeting

The targeting measures listed below and used by us are carried out on the basis of Article 6(1)(f) GDPR. By means of the targeting measures used, we want to ensure that you are only shown advertisements on your end devices that are based on your actual or presumed interests. It is in your interest as well as ours not to bother you with advertisements that are not interesting for you.

3.3.8.1 Onsite-Targeting

On our website, information is collected and analyzed using cookies to optimize advertising. This information contains, for example, details of which of our study programs you were interested in. The collection and evaluation is exclusively pseudonymous and does not allow us to identify you. In particular, the information is not combined with personal data about you. Based on the information, we can show you offers on our site that are specifically geared to your interests, as determined by your previous user behavior. The cookie is automatically deleted after 30 days.

3.3.8.2 Re-Targeting

We also use re-targeting technologies from ad servers. This enables us to make our online offer more interesting and tailored to you. For this purpose, a cookie is set with which interest data is collected using pseudonyms. Based on this information, you will be shown interest-related advertisements about our offers. No personal data is stored and no usage profiles are merged with personal data about you. The cookie is stored for a period of 30 days and then automatically deleted.

3.3.8.3 Opposition options

You can disable the targeting technologies described above by selecting the appropriate cookie setting in your browser (see also 3.3.4). Facebook custom audience can be deactivated under the following link: https://www.reachlocal.com/opt-out.

3.3.9 Hubspot

Hubspot is a company that offers a sales and customer relationship management (CRM) platform.

Hubspot Inc.
25 Street,

Cambridge, MA 02141, USA

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.

For more details, please see Hubspot's privacy policy: https://legal.hubspot.com/de/privacy-policy.

3.3.9.1 CRM

We use Hubspot CRM on this website.

Among other things, Hubspot CRM enables us to manage existing and potential customers as well as customer contacts. With the help of Hubspot CRM, we are able to record, sort, and analyze customer interactions via email, social media, or telephone across different channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyze the user behavior of our contacts on our website.

The use of Hubspot CRM is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible.

3.3.9.2 Form

Form is a Hubspot service for creating online forms. All forms on our website are created using this service.

Data collected:

1. User Agent Data,
2. IP address,
3. Browser type,
4. Internet service provider,
5. Company name,
6. HTML pages,
7. Information from third-party sources,
8. Device drive system,
9. Usage data,
10. Phone number,
11. Referrer URL,
12. Session duration,
13. Device type,
14. Visited pages,
15. Click path,
16. Domain name,
17. Contact information,
18. Date and time of visit,
19. Device identifier,
20. Geographical location,
21. E-mail address,
22. Data provided via forms on the website.

The use of Hubspot Form is based on Art. 6 para. 1 lit. f GDPR.

Place of processing is: United States of America.

4. CONTACT

According to Article 8(1) GDPR, the processing of the child's personal data is lawful when the child has reached the age of sixteen. If the child has not yet reached the age of sixteen, this processing is lawful only if and to the extent that this consent is given by or with the consent of the holder of parental responsibility over the child. With the consent to the declaration of consent, we assume that you have either reached the age of sixteen or you have obtained parental consent.

4.1 Contact forms

4.1.1 Contact form for interested parties

We provide you with contact forms to simplify contacting us and making appointments. This applies to ordering information material, making appointments with the student advisory service and registering for information events and the entrance test. The collected data includes, for example:

• First name and last name
• Postal address
• Email address
• Phone number

The data collected in this context will be stored by us in order to inform you on the channels you have selected with information about the study program and the university. The data will be forwarded for further processing within the university. In case of inactivity on your part, your data will be deleted after 36 months, unless otherwise specified by you.

4.1.2 Cooperation with external Internet portals

Cooperation with Studyportals

We cooperate with the external study portal Studyportals.

You can find information on Studyportals's data protection here: https://studyportals.com/about-us/privacy-2/.

In order for the service (referral of a prospective student) from Studyportals to ISM to be billed on a performance-related basis, a code from Studyportals is integrated into our application form. When you fill out our application form, the following data is collected from you:

• Time of the call of the website (request to the server of the host provider)
• URL of the web page from which the web page was accessed
• IP address

The above-mentioned data is transmitted to the service provider clickmeter and its hoster Amazon Web Services and processed there. This may also involve a transfer to countries outside the EU, in particular the USA.

Information about Amazon Web Services' privacy policy can be found here: https://aws.amazon.com/de/privacy/?nc1=f_pr

Information about clickmeter's privacy protection can be found here: https://www.clickmeter.com/privacy-policy

The purpose of this processing is the performance-related billing of successful mediations between Studyportals and ISM. The legal basis for the data processing is the service contract and thus Article 6 (1)(b) GDPR as well as the legitimate interest of ISM according to Article 6 (1)(f) GDPR. ISM has a legitimate interest in maintaining control over the actual placements made via Studyportals.

4.1.3 Contact form for press contacts

For inclusion in our press distribution list, we provide you with a corresponding contact form. Your data will be stored by us for further processing and used for communication purposes. Third-party providers may be consulted for further processing. The storage of data by the provider may exceed the scope of this privacy policy.

4.1.4 Google reCAPTCHA

We include the "reCAPTCHA" function on our website to be able to recognize whether entries (e.g. in online forms) are made by humans and not by automatically acting machines (so-called "bots"). Processed data may include IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on web pages, previously visited web pages, interactions with Captcha on other web pages, possibly cookies, and results of manual recognition processes (e.g. answering questions asked or selecting objects in images).

Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://www.google.com/recaptcha/; privacy policy: https://policies.google.com/privacy?hl=en; opt-out: opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, ad display settings: https://adssettings.google.com/authenticated?hl=en.

4.2 Blog

For reactions to our blog, we provide the mail address This email address is being protected from spambots. You need JavaScript enabled to view it.. The contact details you enter in the e-mail (at least name and e-mail address) will be stored within the university to process your request, forwarded internally and deleted after processing.

4.3 Whatsapp

We provide Whatsapp as a communication channel with the university. Data that you send us via Whatsapp will be stored within the university and forwarded internally in order to be able to process your request. Your data will be deleted after processing. We would like to point out that other data protection guidelines and liability regulations apply to the use of third-party operators such as Whatsapp. The storage and use of data by the provider that is generated during use may exceed the scope of this privacy policy.

Operator of WhatsApp is:
WhatsApp Inc.
1601 Willow Road

Menlo Park, California 94025, USA

4.4 E-mail

Data that you send us by e-mail will be stored within the university and forwarded internally in order to be able to process your request. E-mails are archived within the university within the scope of the legal retention obligation.

4.5 Possibility of objection

You can revoke the selected contact options at any time.

5. VIDEO

5.1 Youtube

We use the provider YouTube to embed videos. The videos were embedded in the extended data protection mode. Like most websites, YouTube also uses cookies to collect information about visitors to its website. YouTube uses these, among other things, to collect video statistics, to prevent fraud and to improve the user experience. Also, this leads to a connection with the Google DoubleClick network. When you start the video, this could trigger further data processing operations. We have no control over this.

For more information about data protection at YouTube, please see their privacy policy at: https://www.youtube.com/t/privacy_at_youtube.

The legal basis for this is Article 6 (1)(f) GDPR.

5.2 Media library

If necessary, and if no other resource is available, film contributions are also integrated via media libraries; the legal basis for this is Article 6 (1)(f) GDPR. We would like to point out that other data protection guidelines and liability regulations apply to the use of third-party operators such as media libraries. The storage and use of data by the provider that is generated during use may exceed the scope of this privacy policy.

5.3 Zoom

We use Zoom web conferencing software to conduct classes, online meetings, video conferences, and/or webinars (hereinafter Online Meetings).

Zoom operator is:
Zoom Video Communications, Inc.
55 Almaden Blvd, Suite 600,
San Jose, California 95113, USA

Insofar as you call up the Zoom website, the operator of Zoom is responsible for data processing. However, calling up the website is only necessary for using Zoom in order to download the software for using Zoom. You can also use Zoom if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the Zoom app. If you do not want to or cannot use the Zoom app, then the basic functions can also be used via a browser version, which you can also find on the Zoom website.

When using Zoom, different types of data are processed. The scope of the data depends on the data you provide before or during participation in an online meeting.

The following personal data are subject to processing:

• For online meetings: first name and surname, if applicable, subject of the meeting and description, attendee IP addresses and device/hardware information
• For recording: MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
• When dialing in with the telephone: information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
• Text, audio and video data: You may have the option of using the chat, question or survey features in an online meeting. To this extent, the text entries you make are processed in order to display and, if necessary, log them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the Zoom applications.

In order to participate in an online meeting or to enter the "meeting room", you must at least provide information about your name. If we want to record online meetings, we will transparently inform you in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed to you in the Zoom app.

If it is necessary for the purposes of documenting or logging the results of an online meeting, we will log the chat content. However, this will usually not be the case. For purposes of recording and following up on online meetings, we may also process questions asked by webinar participants.

If you are registered as a user with Zoom, then online meetings reports (meeting metadata, phone dial-in data, webinar questions and answers in webinars, webinar survey function) can be stored with Zoom for up to one month.

The existing possibility of software-based "attention monitoring" ("attention tracking") is deactivated. Automated decision-making process within the meaning of Art. 22 GDPR is not used.

Personal data that is processed in connection with participation in online meetings is generally not disclosed to third parties, unless it is intended for disclosure. Please note that content from online meetings, as well as from face-to-face meetings, is often used to communicate information with customers, prospects or third parties and is therefore intended for disclosure.

Zoom's provider necessarily obtains knowledge of the above-mentioned data to the extent provided for in our order processing agreement with Zoom.

In order to give students the opportunity to view online courses at other times and time zones, they are recorded on a voluntary basis, stored for one week and the deleted again. For this purpose, the lecturer must activate the recording of his course himself.

Zoom is a service provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded an order processing contract with the Zoom provider.

The legal basis of the data processing is Article 6 (1)(b) and (f) GDPR. Information about data protection at Zoom can be found at: https://zoom.us/docs/de-de/privacy-and-legal.html

6. APPLICATIONS TO THE ISM

If you provide us with personal data as part of the application process, you can send it to us online via our application platform. The basis for this is an agreement on order processing. The personal data provided to us in this way is divided into the following data types and data categories for collection, processing or use:

• Personal data (first and last name, date of birth, address, school-leaving certificate)
• Communication data (telephone no., mobile no., fax no., email address)
• Information (from third parties, e.g. credit agencies or public directories)
• Data concerning the evaluation and assessment during the application process
• Data on education (school education, vocational training, civil/military service, studies, doctoral degree)
• Data on the previous professional career, training and work references
• Information on other qualifications (e.g. language skills, PC skills, voluntary activities)
• Application photo
• Details of the expected salary
• Application history

We use the personal data you provide exclusively within the ESO Education Group of companies to process your application for the advertised position. Only persons involved in the application process will be given access to your personal data. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. We do not disclose your personal data to third parties unless you have consented to the disclosure of data or we are obliged to disclose data due to statutory provisions and/or official or court orders. When you submit an application, an account is created in our career portal where you can view and manage your application. In the course of the application process, you have the opportunity to rate the application process and our company online with the service provider softgarden e-recruiting GmbH. This feedback may appear on the rating portals of softgarden and kununu GmbH.

Your data will be deleted automatically within six months of the specific application process being completed. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to a longer storage period.

If you decide to join the Talent Pool, your personal data may be accessed by all members of the ESO Education Group in the event of any potential job assigments and vacancies. The Talent Pool can be joined by agreeing to the invitation of a recruiter or by proactively using the “Get in touch” form.

7. RECIPIENTS OUTSIDE THE EU

7.1 Data processing for advertising purposes

The processing mentioned in section 3.3 causes a data transfer to the servers of the providers of tracking and targeting technologies commissioned by us. These servers are located in the USA.

7.2 Data processing at foreign universities

In addition to the processing of data described in section 3.2, we will pass on your data to foreign universities located outside the European Union or the European Economic Area (EEA) if this involves the planning and implementation of a stay abroad in connection with your studies at ISM, which will be completed outside Europe.

8. YOUR RIGHTS

8.1 Overview

In addition to the right to revoke your consent given to us, you have the following additional rights if the respective legal requirements are met:

1. Right to information regarding your personal data stored by us according to Art. 15 GDPR,
2. Right to rectification of inaccurate data or completion of correct data according to Art. 16 GDPR,
3. Right to have your data stored by us deleted according to Art. 17 GDPR,
4. Right to restrict the processing of your data according to Art. 18 GDPR,
5. Right to data portability according to Art. 20 GDPR.

8.2 Right of objection

Under the conditions of Art. 21 (1) DSGVO, data processing may be objected to for reasons arising from the particular situation of the data subject.

The above mentioned general right to object applies to all purposes for processing described in this Data Privacy Notice that are processed on the basis of Article 6 (1)(f) GDPR. Unlike the specific right of objection directed at data processing for advertising purposes (compare section 3.3.3 above), we are only obliged under the GDPR to implement such a general right of objection if you provide us with reasons of overriding importance for doing so (e.g. a possible risk to life or health). In addition, you have the option of contacting a supervisory authority or the data protection officer.

9. DATA SECURITY

All data transmitted by you personally, including your payment data, is transferred with the generally normal and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard, which is also used, for example, in online banking. Among other things, you can recognise a secure SSL connection by the attached s at the the http (for example https://…) in the address bar of your browser or by the lock symbol in the lower area of your browser.

We also use appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. Data exchange between the server and a computer accessing it (client) is secured by SSL certificates with the SHA-256 signature algorithm. This applies to www.ism.de, en.ism.de and ismblog.de.