The protection of your personal data is very important to us. In the following, we would therefore like to inform you in detail about which data we collect from you when you visit our website and use our offers there, and how these are processed or used by us in the following and what rights you are entitled to in this respect.
Your personal data, such as your name, address, e-mail address or telephone number will only be processed by us on the basis of the statutory data protection law, i.e. the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG-neu) and the German Telemedia Act (TMG).
II. Responsible body in Terms of § 13 Para. 1 TMG / § 3 Para. 7 BDSG
Responsible party in terms of the data protection law:
CLT Creative Learning Technologies GmbH
Campus A 1-1
66123 Saarbrücken, Germany
Phone: +49 681 302 712 88
Our data protection declaration uses the terms of the EU General Data Protection Regulation (GDPR), which we would like to explain briefly for your convenience. You will find these and other definitions in Art. 4 GDPR.
a) Personal Data
- ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data Subject
‘Data subject’ means any identified or identifiable natural person whose personal data are processed by the controller.
- ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of Processing
- ‘Restriction of Processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
- ‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
i) Third Party
- ‘Third Party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- ‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
You will receive information at any time about the personal data we have stored about you as well as the origin, recipient and purpose of data collection and data processing. You also have the right to demand the correction, blocking or deletion of your data. Excluded from this are data that are stored due to legal regulations or are required for the proper handling of business. In order that a data block can be implemented at any time, data is kept in a block file for control purposes. If data is not covered by a legal archiving obligation, we will delete your data at your request. If the archiving obligation applies, we will block your data. For all questions and concerns regarding the correction, blocking or deletion of personal data, please contact our data protection officer at the contact details in this data protection declaration or at the address given in the imprint.
IV. Special components of our website
Third Party Content and Services
You can register on our website to receive our newsletter. We need your e-mail address for this. In addition, we must check, in compliance with the relevant legal regulations, whether you are actually the owner of the e-mail address provided and wish to receive the newsletter. We therefore collect information that makes such a check possible. The data collected in this context is used to send and receive the newsletter. They have a different purpose and are not passed on to third parties. Since the sending and receiving of the newsletter depends on your consent, you can revoke this consent to the collection and storage of your data at any time without giving reasons. To do so, please use the "unsubscribe link" provided in the newsletter. Your data will then be deleted by us within six months after you have unsubscribed.
The server log files are anonymous data that are collected when you access our website. This information does not allow any conclusions about you personally, but for technical reasons it is indispensable for the delivery and presentation of our content. Furthermore, they serve our statistics and the continuous optimization of our contents. Typical log files are the date and time of access, the amount of data, the browser used for access and its version, the operating system used, the domain name of the provider you have commissioned, the page from which you came to our offer (referrer URL) and your IP address. Log files also enable us to carry out a detailed check if we suspect that our website is being used illegally.
Contradiction of Advertising E-Mails
In the context of the legal imprint obligation we have to publish our contact data. This data is partly used by third parties to send unsolicited advertising and information. We hereby object to any sending of advertising material of any kind not expressly authorized by us. Furthermore, we expressly reserve the right to take legal action against the unwanted and unsolicited sending of advertising material. This applies in particular to so-called spam e-mails, spam letters and spam faxes. We would like to point out that the unauthorized transmission of advertising material can affect competition law, civil law and criminal law. Spam e-mails and spam faxes in particular can lead to high claims for damages if they disrupt business operations by overcrowding mailboxes or fax machines.
Encrypted Payment Transactions
We secure your data in payment transactions. Therefore, for security reasons and to protect your confidential and personal contents, our site uses SSL encryption during transmission in payment transactions. You can find out for yourself whether SSL encryption is activated or not. You can recognize the use of the encryption by the address line of the browser. Only if the regular display changes from "http://" to "https://" is the data transmission encrypted. The browser line "https://" indicates the use of SSL encryption, payment transactions are now encrypted. With the activation of the SSL encryption it becomes impossible for third parties to read your confidential data. Therefore, please transfer your data only if SSL encryption is activated.
On our website we use the remarketing function "Custom Audiences" of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; "Facebook"). The purpose of the application is to target website visitors with interest-based advertising on the social network Facebook. For this purpose, the Facebook remarketing tag was implemented on the website. This tag is used to establish a direct connection to the Facebook servers when visiting the website. This tells the Facebook server which of our pages you have visited. Facebook assigns this information to your personal Facebook user account. When you visit the social network Facebook, you will then see personalized, interest-based Facebook ads. Your data may be transferred to the USA. Facebook has certified itself according to the US-EU Privacy Shield Agreement and is thus committed to complying with European data protection guidelines. The data processing, in particular the setting of cookies, is carried out with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You may revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until revocation. You can find more information on the collection and use of data by Facebook, on your rights in this regard and on ways to protect your privacy in Facebook's data protection information at https://www.facebook.com/about/privacy/.
We offer you the possibility to sign up for our service with Facebook-Connect. An additional registration is therefore not possible. For registration you will be redirected to the Facebook page where you can log in with your usage data. This will link your Facebook profile and our service.
Google Analytics Remarketing
Google Tag Manager
Google Ads Conversion-Tracking
We use the online advertising program "Google Ads" on our website and, in this context, conversion tracking (visitor action evaluation). Google Conversion Tracking is an analysis service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). If you have your habitual residence in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the data controller. Google Ireland Limited is therefore the company affiliated with Google which is responsible for processing your data and for ensuring compliance with the applicable data protection laws. When you click on an ad placed by Google, a conversion tracking cookie is placed on your computer. These cookies have a limited validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages on our site and the cookie has not expired, Google and we may recognize that you clicked on the ad and were directed to that page. Each Google Ads customer receives a different cookie. As a result, there is no way that cookies can be tracked across the sites of ads customers. The information collected through the conversion cookie is used to compile conversion statistics. This tells us the total number of users who have clicked on one of our ads and been redirected to a page with a conversion tracking tag. However, we do not receive information that personally identifies users. Your information may be transferred to the USA. Google has certified itself under the U.S.-EU Privacy Shield Agreement and is committed to complying with European privacy laws. The data processing, in particular the setting of cookies, is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You may revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until revocation. You can find more information and the Google data protection declaration at: https://www.google.de/policies/privacy/
Google Maps Plugin
We also include features of the Instagram online service on our website. The provider of these functions is Instagram Inc, located in the USA, CA 94025, 1601 Willow Road, Menlo Park. The Instagram button allows you to link to your Instagram account when you visit our site, provided you are logged in to Instagram. This allows Instagram to obtain information about your visit to our site and assign this visit to your Instagram profile. We have no knowledge of the content of the information submitted or how Instagram uses it.
V. Rights of the Data Subject
a) Right of Access by the Data Subject, Art. 15 GDPR
Every person affected by the processing of personal data has the right, granted by the General Data Protection Regulation, to obtain at any time and free of charge from the data controller information about the personal data stored about him/her and a copy of this information. Furthermore, the data subject has the right to obtain information on the following:
- the processing purposes
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or to international organizations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of a right of rectification or erasure of personal data concerning him or her or of a right of opposition to or limitation of the processing by the controller
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected from the data subject: All available information about the origin of the data
- the existence of automated decision making including profiling in accordance with Article 22, paragraphs 1 and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing on the data subject
Furthermore, the data subject has the right of information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right of access, he or she may contact us at any time using the contact details of the controller mentioned in III.
b) Right to Rectification, Art. 16 GDPR
Every person concerned by the processing of personal data has the right, granted by the General Data Protection Regulation, to request that incorrect personal data concerning him/her be corrected immediately. The data subject shall also have the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
If a data subject wishes to exercise this right of rectification, he or she may contact us at any time at the contact details of the data controller mentioned in III.
c) Right to Erasure (‘Right to be Forgotten’) Art. 17 GDPR
Any person concerned by the processing of personal data has the right granted by the General Data Protection Regulation to obtain from the controller the immediate erasure of personal data relating to him/her, where one of the following reasons applies and provided that the processing is not necessary:
- the personal data have been collected or otherwise processed for purposes for which they are no longer necessary.
- the data subject withdraws the consent on which the processing was based pursuant to Art. 6, paragraph 1, letter a, GDPR or Art. 9, paragraph 2, letter a, GDPR, and there is no other legal basis for the processing.
- The data subject lodges an objection to the processing pursuant to Art. 21 para. 1 FADP, and there are no legitimate reasons for the processing, or the data subject lodges an objection to the processing pursuant to Art. 21 para. 2 GDPR
- The personal data have been processed unlawfully.
- The deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data has been collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR
If one of the above reasons applies and a data subject wishes to have personal data stored by us deleted, he/she can contact us at any time by using the contact details of the data controller as specified in III. We will comply with your justified request for deletion immediately.
If the personal data have been made public by us and our company, as the data controller, is obliged to delete the personal data pursuant to Art. 17 para. 1 GDPR, our company shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data that the data subject has requested that these other data controllers delete all links to these personal data or copies or replications of these personal data, unless the processing is carried out in accordance with the law.
d) Right to Restriction of Processing, Art. 18 GDPR
Any person affected by the processing of personal data has the right, granted by the General Data Protection Regulation, to request the controller to limit the processing if one of the following conditions is met:
- the accuracy of the personal data is contested by the data subject, for a period of time which enables the controller to verify the accuracy of the personal data
- the processing is unlawful, the data subject refuses to have the personal data deleted and instead requests the restriction of the use of the personal data
- the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to assert, exercise or defend legal claims
- the data subject has lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.
If one of the above-mentioned conditions is met and a data subject wishes to request the restriction of personal data held by us, he or she may contact us at any time at the contact details of the data controller mentioned in III.
e) Right to Data Portability, Art. 20 GDPR
Any person concerned by the processing of personal data has the right, granted by the General Data Protection Regulation, to obtain the personal data concerning him/her which he/she has supplied to a controller, in a structured, standard and machine-readable format, and the right to have such data communicated to another controller, without interference by the controller to whom the personal data has been supplied, provided that
the processing is based on a consent pursuant to Article 6 paragraph 1 letter a GDPR or Article 9 paragraph 2 letter a GDPR or on a contract pursuant to Article 6 paragraph 1 letter b GDPR and the processing is carried out using automated procedures.
Furthermore, in exercising their right to data transfer, the data subject has the right, in accordance with Art. 20, paragraph 1 of the GDPR, to obtain that personal data be transferred directly from one person in charge to another person in so far as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.
In order to assert the right to data transfer, the person concerned can contact the person concerned at any time at the addresses listed in III. above contact details of the data controller.
f) Right to Object, Art. 21 GDPR
Every person concerned by the processing of personal data has the right, granted by the General Data Protection Regulation, to object at any time, for reasons arising from his particular situation, to the processing of personal data concerning him that is carried out on the basis of Article 6, paragraph 1, letters e or f of the GDPR. This also applies to profiling based on these provisions.
In the event of an objection, we as the responsible party will no longer process the personal data unless we can prove compelling reasons for processing worthy of protection that outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.
If we process personal data for the purpose of direct marketing, the data subject shall have the right to object at any time to the processing of personal data for the purpose of such marketing. This also applies to profiling, insofar as it is connected with such direct marketing. If the data subject objects to us processing for the purposes of direct marketing, we will no longer process the personal data for those purposes.
In addition, the data subject has the right to object, for reasons arising from his or her particular situation, to the processing of personal data concerning him or her that is carried out by us as data controller for scientific or historical research purposes or for statistical purposes in accordance with Article 89, paragraph 1 of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
In order to exercise the right of objection, the data subject may contact us at any time using the contact details of the controller mentioned in III.
g) Right to Revoke a Data Protection Consent
Every person affected by the processing of personal data has the right granted by the General Data Protection Regulation to revoke his or her consent to the processing of personal data at any time.
If the data subject wishes to exercise his or her right to revoke consent, he or she may contact us at any time using the contact details of the data controller mentioned in III.
h) Right of Appeal; Art. 77 GDPR
Every person affected by the processing of personal data has the right to complain to a supervisory authority, as granted by the General Data Protection Regulation. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters for this purpose.
Amir Baradaran, Michael Kellermann
CLT Creative Learning Technologies GmbH
Starter Center of Saarland University
Campus A 1-1
66123 Saarbrücken, Germany
Phone: +49 681 302 712 88