Privacy policy
We, ISTE, welcome you to our website and appreciate your interest in our company. The protection of your personal data is important to us. Personal data are individual details about the personal or factual circumstances of an identified or identifiable natural person. This includes information such as civil name, address, telephone number and date of birth, e-mail address or IP address. We only collect such data to the extent that is technically necessary, as this data enjoys special protection. In accordance with our legal obligations, we would like to explain below which data is collected when you visit our website and how we use this data. The handling of your data is in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
This privacy policy applies to the following website(s): www.iste-group.com, https://iste-akademie.onmybreev.de. Insofar as we refer to other providers via links, these may have different principles and rules for data collection, processing and use.
For all questions relating to data protection our Data Protection Official is at your disposal:
ISTE Group GmbH
Stephan H. Multhaupt
Soerser Weg 1
D-52070 Aachen
E-Mail: info@iste-group.com
General
1. Legislative Basis
Art. 6 sec. 1 lit. (a) EU-GDPR shall be the legal basis if and insofar we obtain approval of the affected person for the processing of personal data.
Art. 6 sec. 1 lit. (b) EU-GDPR shall be the legal basis when we process personal data which is essential for the performance of a contract of which the affected person is a contracting party. This shall also apply for processing activities which are necessary for the execution of pre-contractual measures.
Art. 6 sec. 1 lit. (c) EU-GDPR shall be the legal basis if it is necessary to process personal data to fulfil a legal obligation which has to be satisfied by the University.
Art. 6 sec. 1 lit. (d) EU-GDPR shall be the legal basis if vital interests of the affected person or another person require the processing of personal data.
Art. 6 sec. 1 lit. (f) EU-GDPR shall be the legal basis if the data processing is essential for the protection of legitimate interests of the University or a third person and if such legitimate interests are not predominated by fundamental rights and liberties of the affected person.
2. Scope of Processing of Personal Data
We generally process personal data of our users only and insofar as this is necessary for the provision of operating a website including its content and our activities for the specific purpose indicated. Processing of personal data of our users only happens after we have received the individual user‘s consent. This shall not apply if obtaining user’s prior consent is not feasible for practical reasons and if the processing of data is permitted by rule of law.
3. Appropriation and Time of Data Storage
If you put personal data at our disposal due to your consent, we will use such data only for the purpose covered by your prior consent. Data storage beyond that purpose may be possible if EU or national rules of law or other rules and regulations which are binding for us, permit such storage. We will respect your protection requiring interests according to the rules of law.
All personal data of an affected person will be deleted or locked as soon as the purpose is omitted. This shall also take place if a stipulated blocking period expires.
Provision of Website and Creation of Log Files
1. Description and Scope of Data Processing
Our system automatically collects and records data and information coming from the user’s computer system on each visit of our website.
Following data will be collected:
- IP-address
- Website used by the user to contact our website
- Date and time of the visit
- Transferred amount of data and information about the success of the visit (sog. Web-Log)
- Website, used by user before using the called website (Referer)
- Client-Information (as e.g. type of browser and operating system)
Some internal websites require the registration via user name and password for members of the University or registered users. User name and time of visit will be recorded, amongst other reasons for the prevention of misuse.
2. Legal Basis for the Data Processing
Art. 6 sec. 1 lit. (f) GDPR shall be the legal basis for the temporary filing of data and the log files.
3. Purpose of Data Processing
The temporary storage of the IP-address by the system is necessary to facilitate the delivery of our website to user’s computer.
We use all access data mentioned above exclusively in a non-personalised format for the continuous improvement of our website by use analysis as well as to resolve any problems.
4. Timespan of Data Storage
Date will be deleted as soon as the storage is not necessary any longer to reach the intended purpose of their collection. This is the case within 14 days with respect to data collection for the provision of the website, after analysis and potential problems have been solved.
5. No Possibility to Object
The logging of your IP-address is absolutely essential for the provision and operation of our website as well as the data storage in log files. Hence, there is no possibility for the user to object.
6. Data Transfer
We do not pass on to third persons personal data which we collect when a user visits our website.
Message Form and E-Mail-Contact
1. Description and Scope of Data Processing
You will find varying message forms and entry masks on our websites which you may use for the specified purpose. If a user makes use of those forms and/or masks, all entered data will be delivered to us and recorded. All recorded data will be specifically mentioned in each single case.
Any user may contact us by e-mail-addresses as well. In such a case we will record all of user’s personal data transferred, the e-mail-address itself as well as the content of the message. Such data will be used exclusively for the processing of the conversation.
We apply for your permission for the data processing when you contact us and we will refer to this Data Protection Declaration.
We do usually not pass on any of your data to third persons. If – nonetheless – we pass on data in single cases, we will inform you adequately.
2. Legal Basis for the Data Processing
Art. 6 sec. 1 lit. (a) GDPR is the legal basis for the data processing in case user has given his consent.
Art. 6 sec. 1 lit. (f) GDPR is the legal basis for the processing of data which has been transferred due to e-mail correspondence. If the e-mail contact is aimed at the conclusion of a contract, Art. 6 sec. 1 lit. (b) GDPR is an additional legal basis.
3. Purpose of Data Processing
Processing of personal data coming from the message forms and/or entry masks will be used only for the purpose which is mentioned in connection with the message forms and/or entry masks. If you contact us via e-mail, such purpose is the handling of your contact. At the same time the handling of your contact constitutes the necessary legitimate interest in processing the data.
4. Timespan of Data Storage
Data will be deleted as soon as the purpose for the collection of data has been reached. This is the case with respect to the personal data transferred by e-mail as soon as the conversation with the user is finalised. The conversation shall be deemed finalised if the parties have resolved the concerned issue terminally.
If there is a deadline for the time of data storage, we will inform you adequately at the particular place.
5. Right of Objection and Elimination
User has the right to withdraw his consent for the processing of his personal data at any time. If user contacts us via e-mail, he may revoke the storage of his personal data at any time. Nonetheless, conversation with user may not be continued in such a case.
You can withdraw your consent or revoke the storage of your data by e-mail.
All personal data which we have stored in the course of the contact will be deleted in such a case.
Data Security and Data Protection, Communication by E-Mail
Your personal data will be stored in such a way that it will not be accessible for third persons by using all technical and organisational measures. Websites with sensitive content will be protected via cryptographic protocols as e.g. SSL/TLS.
Most of the standard form content of our websites is internally transferred by e-mail. When using communication via e-mail we cannot guarantee perfect data security. Hence we recommend using regular mail if the transferred information is sensitive.
Information about the Use of Cookies
We use cookies on various pages to make your visit to our website more attractive and to enable the use of certain functions. Cookies are small text files that can be stored on your computer by your browser. The process of storing a cookie file is referred to as ‘setting a cookie’. You can set your browser according to your wishes so that you are informed about the setting of a cookie and then decide on a case-by-case basis whether you want to accept the cookie or generally not accept it or generally accept it. Cookies can be used for different purposes, e.g. to recognise whether your PC has had a connection to a website (permanent cookies) or to be able to save offers that you last viewed (session cookies). Some of our websites require cookies. We recommend that you accept cookies for our websites in order to be able to use all the functions of our websites.
Rights
If we process your personal data you are the „aggrieved party“ in the sense of the GDPR. As a consequence you are entitled to the following rights (towards the responsible person):
1. Right of Information
You have the right to ask the responsible person for a confirmation whether your personal data has been processed by us.
If such data processing took place, you have the right to ask the responsible person for the following information:
- the purpose for which the personal data has been processed
- the categories of personal data which has been processed
- the receivers resp. the categories of receivers to whom we have revealed your personal data or to whom we will reveal your personal data
- the intended time span of data storage of your personal data or – if specific information is not possible – certain criteria for the time span of data storage
- the existence of a right of objection or elimination of your personal data as well as a right of restriction of data processing by the responsible person or a right of objection against any data processing
- the existence of a right of complaint at a regulatory authority
- all available information where the data comes from if the personal data has not been directly collected from the concerned person
- the existence of an automated decision making process including profiling according to Art. 22 sec. 1 and 4 GDPR and – at least in such cases – significant information about the involved logic as well as the scope and the sought effects of such processing for the concerned person.
You have the right to ask for information whether your personal data will be transmitted in a third country or to an international organisation. You have the right to ask for information about the appropriate guarantees in connection with the transmission according to Art. 46 GDPR.
2. Right of Correction
You have a right of correction and/or completion of your personal data against the responsible person if your processed personal data is not correct or incomplete. The responsible person has to carry out the correction immediately.
3. Right of Restriction of Data Processing
You have the right to ask for the restriction of data processing of your personal data under the following prerequisites:
- if you contest the correctness of your personal data: for the time span which enables the responsible person to check the correctness of your personal data;
- if data processing is unlawful and if you decline the deletion of your personal data but instead ask for the restriction of use of your personal data;
- if the responsible person does not use your personal data for the data processing any longer but you need it for the enforcement, exercise or defence of legal claims or
- if you have revoked against data processing according to Art. 21 sec. 1 GDPR but it not certain yet if the responsible person’s legitimate reasons prevail your reasons.
If the processing of your personal data has been restricted, such data may – apart from being stored – only be processed with your consent or for the enforcement, exercise or defence of legal claims or for the protection of rights of another person or legal entity or because of an important public interest of the EU or a member state.
If the restriction of data processing was restricted under the prerequisites mentioned beforehand, you will be informed by the responsible person prior to the suspension of the restriction.
4. Right of Deletion
a) Obligation to Delete:
You have the right to ask the responsible person that your personal data will be deleted immediately. The responsible person is obliged to delete such data immediately presupposed that one of the following factors applies:
- The purpose for which your personal data has been collected or processed is not relevant or necessary anymore.
- You revoke your consent on which the data processing according to Art. 6 sec 1 lit. (a) or Art. 9 sec. 2 lit. (a) GDPR has been based on and there is no other legal basis for the data processing.
- You file an objection according to Art. 21 sec. 1 GDPR against the data processing and there are no overriding legitimate reasons for the processing or you file an objection against the data processing according to Art. 21 sec. 2 GDPR.
- Your personal data has been processed unlawfully.
- The deletion of your personal data is necessary for the fulfilment of a legal obligation according to EU law or the law of a member state also governing the responsible person.
- Your personal data has been collected in connection with offered services of the information society according to Art. 8 sec. 1 GDPR.
b) Information for Third Persons
If the responsible person has made your personal data public and if he is obliged to delete them according to Art. 17 sec. 1 GDPR he will take appropriate measures considering the available technology and the costs of implementing such appropriate measures (including technical aspects) in order to inform the person responsible for the data processing, which processes your personal data, that you as the concerned person have claimed to delete all links to your personal data or of any copies or replications of your personal data.
c) Exceptions
The right of deletion as well as the obligations described under 4. b) above does not exist if the data processing is necessary:
- for the execution of the right of free speech and information;
- for the fulfilment of a legal obligation which requires the data processing according to the law of the EU or a member state and of which the responsible person is an object to, or for the perception of a task which is in the public interest or in exercise of public authority which has been delegated onto the responsible person;
- for reasons of public interest in the domain of public health according to Art. 9 sec. 2 lit. (h) and (i) as well as Art. 9 sec. 3 GSPR;
- for archival purposes which are also in the public interest, for scientific or historic research purposes or for statistical purposes according to Art. 89 sec. 1 GDPR, as long as the right mentioned under a) will presumably make the realisation of the goals of the data processing impossible or seriously impair such goals, or
- for the assertion, exercise or defence of legal claims.
5. Right of Information
If you have claimed your right of correction, deletion or restriction of processing toward the responsible person, such person is obliged to inform all persons or entities which have received your personal data about the correction or deletion of data or restriction of processing unless this is impossible or only feasible with unreasonable effort.
You have the right toward the responsible person to be informed about such receivers.
6. Right of Data Transferability
You have the right to receive all of your personal data which you have transmitted to the responsible person in a structured, established and machine-readable format. Additionally, you have the right to transmit such data to another responsible person without any hindrance by the responsible person whom you have provided with your personal data, if – data processing is based on a consent according to Art. 6 sec. 1 lit. (a) GDPR or Art. 9 sec. 2 lit. (a) GDPR or on a contract according to Art. 6 sec. 1 lit. (b) GDPR and
– data processing takes place by means of automated procedures.
When exercising this right you have also the right to obtain that your personal data will be transmitted directly from one responsible person to another one if this is technically feasible. Any freedoms or rights of other persons may not be damaged by this.
The right of data transferability does not apply for the processing of personal data which is necessary for the perception of a task which is in the public interest or in exercise of public authority which has been delegated onto the responsible person.
7. Right of Objection
You have the right to file an objection against the data processing or your personal data for reasons deriving out of your specific situation at any time according to Art. 6 sec. 3 lit. (b) GDPR in connection with § 3 LDSG; this shall also apply with respect to a profiling which is based on these provisions.
The responsible person does not process your personal data any longer, unless he can prove compulsory reasons for the processing requiring protection which – at the same time – prevail your interests, rights and freedom or if the procession serves the enforcement, exercise or defence of legal claims.
You have the possibility to execute your right of objection in connection with the use of services of the information society – notwithstanding the Directive 2002/58/EG – while using automated procedures which apply technical specifications.
8. Right of Objection of the Data Protection Declaration of Consent
You have the right to withdraw your data protection declaration of consent at any time. Your withdrawal does not touch the lawfulness of data processing until the time of your withdrawal.
9. Automated Decision in Each Individual Case including Profiling
You have the right to be subject of a decision which is not exclusively based on automated procession – including profiling – and which will have legal effect on you or which will have a similar effect on you.
10. Right of Complaint with Supervisory Authority
Notwithstanding any other legal remedy by court or administration you have the right of complaint with a supervisory authority, especially in the member state where you have your domicile, your place of work or the place where the potential infringement took place if you are of the opinion that the processing or your personal data has violated the GDPR.
The supervisory authority where you filed your complaint shall inform the complainant about the current state of affairs and the result of the complaint including the possibility of filing a legal remedy at a competent court according to Art. 78 GDPR.
Timeliness and Validity of the Data Protection Declaration
This privacy policy is currently valid and dated 01.07.2025.
It might become necessary due to further development of our website(s) or due to the implementation of new technologies to change this data protection declaration. We reserve the right to change this data protection declaration for the future at any time. We recommand to read the current data protection declaration from time to time anew.