Data privacy

We’re happy that you’ve chosen to visit the Haufe Group website. Protecting your personal data is very important to us. In this data privacy statement, we’d like to inform you about how we deal with your personal data when you visit our website, and what your rights are.

1. Who are we, and how can you contact us?

We, the

Haufe Service Center GmbH
A Haufe Group Enterprise
Munzinger Strasse 9
79111 Freiburg, Germany
E-mail: service@haufe.de

as the controller of your personal data, are responsible for protecting them. If you have any questions about data processing, your rights, or this data privacy statement, our Data Protection Officer Raik Mickler will be happy to help you. You can contact him at:
dsb@haufe-lexware.com

2. What data is processed when you visit our website?

The following section informs you which data is collected when you visit our website, the purposes for which the data is collected, the legal basis for the data processing, what options you have to control the data collection and processing yourself, and when the data is deleted.

2.1 Amazon Web Services

2.1.1 Data collected:

The eAcademy blends learning new content with applying it in your own business context, which is supported by project coaching. To be able to provide the eAcademy service, we use solutions and technologies provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg (AWS).

In this case, the data collected include in particular:

  • E-mail address
  • First name
  • Last name
  • Telephone number (optional)
  • IP address of the computer making the request

2.1.2 Purposes of the data processing:

We process your data so they we can provide you with the desired service.

2.1.3 Legal basis:

We process the data for the performance of a contract in accordance with Article 6, paragraph 1b of the EU General Data Protection Regulation (GDPR).

2.1.4 Period of storage and control options:

We store your data for as long as you have an active account with us. If you delete this account, or the account is closed for another reason, we delete all the associated data, unless deletion is prevented by legal or contractual retention periods.

2.1.5 Transfer to third countries:

The data is basically procerhovssed in European computing centers. As part of maintenance and support measures, it can happen that data is also transferred to a third country, the USA. In order to be able to guarantee appropriate protection for your data in these circumstances as well, we have obligated Amazon Web Services to maintain a level of data protection equivalent to EU law, invoking the relevant EU standard contract clause.

2.2 Log files

2.2.1 Data collected:

When you visit our website, your browser automatically transmits the following data:

  • Your IP address
  • The website you are coming from
  • Websites that you access from our site
  • The sites that you click, and
  • The time you accessed the site
  • The name of your internet service provider
  • Your browser type and version
  • The operating system of your end device
  • The date and duration of your visit

2.2.2 Purposes of the data processing:

Temporary storage of your data is necessary in order to enable us to deliver the website to your computer, and to guarantee that the website is able to function. With the aid of these data we also collect statistical information on how our web pages are being used. In addition to this, we collect the data in order to be able to trace and prevent unauthorized access to the web server and improper use of the web pages, and to ensure the security of our IT systems.

2.2.3 Legal basis:

We store these data temporarily on the basis of legitimate interests (Article 6, paragraph 1f GDPR). Our legitimate interest consists in achieving the purposes described above.

2.2.4 Period of storage and control options:

The data are deleted when they are no longer necessary for achieving our purposes. Log files are deleted after no longer than 90 days.

2.3 General information on cookies and targeting technologies

2.3.1 Data collected:

When you visit our website, so-called “cookies” are stored on your computer. These are small text files that are placed on your end device. Cookies usually contain a characteristic sequence of characters, the so-called “cookie ID”, which enables your browser to be identified when you visit our website again.

In addition to this we use so-called “tags”. These are small code elements that help us to measure user behavior and the success of marketing activities.

Depending on the type of cookies or tags, various data is collected and processed in pseudonymized form.

We use both our own cookies and cookies from other providers (third-party provider cookies). These third-party provider cookies are described in more detail under 2.3 below.

2.3.2 Purposes of the data processing:

Technical cookies enable the website to function correctly. Some of the functions of our website cannot be provided without the use of cookies.

The purpose of functional cookies is to configure our website so as to make navigation more user-friendly, and to guarantee specific functionalities – e.g. the shopping cart display that appears on multiple pages, showing you how many articles you have in your cart at the moment, or storage of your login data so that, when you access the site again, you can make use of the data and settings you have already entered.

Analysis cookies and tags enable us to generate overall statistics, e.g. about the number of site visits, which parts of the website are most often viewed, and information on locations and the average length of visits to the web pages. This allows us to enhance the quality of our web pages and their content.

Advertising cookies and retargeting technologies enable us to provide you with offers and information that is individually tailored to your requirements. In this way we can make our website more interesting for you and provide you with personalized advertising based on your interests when you visit other sites.

2.3.3 Legal basis:

We use technical cookies and functionality cookies on the basis of legitimate interests (Article 6, paragraph 1f GDPR). Our legitimate interest is to guarantee the functionality and optimum usability of our web pages.

We use analysis cookies and advertising cookies, as well as tags and retargeting technologies, on the basis of legitimate interests (Article 6, paragraph 1f GDPR, recital 47) or on the basis of your consent (Article 6 paragraph 1a GDPR), which we obtain via a cookie banner. Our legitimate interest is to optimally tailor our web pages to our customers’ interests. You can withdraw your consent at any time, informally and with future effect, by using the opt-out links in this data privacy statement.

2.3.4 Period of storage and control options:

Some of the cookies we use are automatically deleted when you close your browser (so-called “session cookies”), while others remain on your end device permanently and enable us to recognize your browser again (so-called “persistent cookies”).

You have full control over the use of cookies, and can delete cookies in your browser, completely deactivate the storage of cookies, or selectively accept specific cookies. Please use the Help function of your browser to find out how you can change these settings. This may restrict the functionality of our web pages.

2.4 Third-provider cookies and tracking technologies used

2.4.1 3Q SDN Video hosting

2.4.1.1 Data collected:

In order to display video content, we have integrated the 3Q SDN SaaS platform in our website. 3Q SDN is a platform for processing video material and all services connected with it. The company operating 3Q SDN is 3Q GmbH, Kurfürstendamm 102, 10711 Berlin, Germany.

3Q places a cookie in your browser. In this way, 3Q receives information on the extent to which our video service is used. The personal data transmitted to 3Q usually consist of the IP address, time stamp, URL, user agent, and data required for compiling statistics. You can access the currently applicable data protection policy of 3Q at https://www.3qsdn.com/de/datenschutz_und_richtlinien.

2.4.1.2 Purposes of the data processing:

The 3Q platform collects data for the controllers’ use of the audiovisual content provided. We use 3Q to offer you our study content and thus fulfill our obligation to perform the contract.

2.4.1.3 Legal basis:

We use 3Q in order to make our educational content available via video, as specified in our contractual offer. The data processing is thus carried out on the basis of the contract concluded between us (Article 6, paragraph 1b GDPR).

2.4.1.4 Period of storage:

Your data is only stored for as long as is necessary to fulfill its purposes.

In addition, you can prevent cookies being placed in your browser by implementing the corresponding settings in your browser. We would like to point out that this may lead to display problems, and it is possible that you may not be able to use all the functions of our website.

2.4.2 Econda

2.4.2.1 Data collected:

We use solutions and technologies provided by Econda GmbH, Eisenlohrstrasse 43, 76135 Karlsruhe, Germany (“Econda”). With the aid of cookies, Econda creates pseudonymous user profiles across multiple pages. By this means data are collected that enable your browser to be recognized. Your IP address is made unrecognizable immediately after it is received in order to prevent it being matched to user profiles.

2.4.2.2 Purposes of the data processing:

We use Econda for the needs-based design and optimization of our web pages.

2.4.2.3 Legal basis:

We use Econda if you have given your consent to this. We obtain your consent when you access our web pages via the cookie banner on the lower edge of the page.

2.4.2.4 Period of storage and control options:

Econda saves these data and they are regularly deleted.

You can prevent Econda from collecting and processing data by implementing the appropriate setting in your browser or via this link: [ https://www.econda.de/en/data-storage-opt-out/ ].

2.4.2.5. Google tag manager

Google tag manager is a solution that enables us to manage so-called website tags via a user interface, and thus integrate e.g. Google analytics, other Google marketing services, etc. in our online offering. The tag manager itself (which implements the tags) does not process any personal data. For information on the processing of personal data, please refer to the relevant Google services. You can access the guidelines for use of Google tag managers here: https://www.google.com/analytics/tag-manager/use-policy/

2.5 Wordpress

2.5.1 Data collected:

For certain web pages we use the open source management system “Wordpress” and plug-ins. Plug-ins are extensions to the “Wordpress” software connected with certain functions. Using these plug-ins may involve processing your personal data, e.g. your IP address.

To a certain extent, third-party provider cookies and tracking technologies are used. In this case, the basic principles described above and in section II. B. apply without restriction.

2.5.2 Purposes of the data processing:

We use plug-ins for the following purposes in particular:

  • As a protection against abusive comments (“spam”)
  • To find faulty links
  • To improve the load speed of our mobile web pages
  • Where plug-ins are used for cookie and tracking technologies of third-party providers, the description of purposes given under section B. applies.

2.5.3 Legal basis:

We use Wordpress and the relevant plus-ins for particular purposes on the basis of legitimate interest. Our legitimate interest consists in achieving the purposes described above.

We use cookie and tracking technologies from third-party providers as part of a plug-in if you have given your consent for this. You can withdraw your consent as per the procedures described above at any time.

2.5.4 Period of storage and control options:

We store your data for as long as we need them for our concrete processing purposes.

You can prevent social networks from collecting and processing data by using the appropriate settings in your browser.

If you do not wish social networks to match the data collected via our website directly with your user profile, you must log out before your visit our web pages.

2.6. Adform:

2.6.1 Data collected:

We use solutions and technologies provided by Adform Germany GmbH, Grosser Burstah 50-52, 20457 Hamburg, Germany. With the aid of cookies, Adform creates user profiles across multiple pages to manage web campaigns and measure their success. Cookie IDs and order IDs are processed. It is possible for us to connect the order ID with a specific order.

2.6.2 Purposes of the data processing:

This service collects information on user behavior to manage advertising campaigns and measure their success, and to manage personalized advertising.

2.6.3 Legal basis:

We store these data temporarily on the basis of legitimate interests (Article 6, paragraph 1f GDPR). Our legitimate interest consists in achieving the purposes described above.

2.6.4 Period of storage and control options:

The data is stored by Adform for up to 13 months. If you do not want to be involved in conversion tracking, you can deactivate Adform cookies via your browser under https://site.adform.com/privacy-policy/

2.6.5 Transfer to third countries:

It is possible that your data may be transferred to the USA, Singapore, Belarus or Norway.

3. What data do we process when you establish contact with us, order a newsletter, open a user account, purchase online products, or make use of our services?

The following section informs you which data are collected and processed when you establish contact with us, order a newsletter, open an account or purchase online products, the purposes for which they are processed and the recipients from whom they are processed, the legal basis for the data processing, and when the data are deleted.

3.1 Opening an account

3.1.1 Data collected:

When you open an account with us, we request the following data about you: First and last name, e-mail address, billing address (company address and, if necessary, another e-mail address to be used for billing purposes) and your individual, freely chosen password. In addition to this, you can upload a profile picture that can then be seen in the application – naturally, this is only voluntary.

After you log off you receive a verification e-mail from us. The purpose of this is both to confirm your identity and to enable us to issue invoices. The verification link in the mail is valid for two weeks.

3.1.2 Purposes of the data processing:

On the one hand, we process these data in order to create your account, so that you obtain access to the services we provide, and we can process your contract with us. At the same time, we also process these data so that you can create an appealing profile.

3.1.3 Legal basis:

To the extent that we need your data to perform the contract with you and make our services available to you, or to implement steps on the basis of your inquiry prior to entering into the contract, the data is processed on the basis of Article 6, paragraph 1b of the GDPR. To the extent that you voluntarily provide information in order to complete your profile, the data is processed on the basis of Article 6, paragraph 1a of the GDPR.

3.1.4 Period of storage and control options:

We store your data for as long as you keep an account on our platform. You can delete your profile yourself at any time. You can also download your data at any time in the form of a zip file.

If you delete your account, all the data associated with your account will be deleted irrevocably. This includes any courses already purchased or concluded.

The profile picture you provide voluntarily, and which we save on the basis of your consent, can be deleted at any time by clicking on “Delete picture” in your profile. This constitutes a withdrawal of consent in the sense of Article 7, paragraph 3 of the GDPR.

3.2 Establishing contact, support

3.2.1 Data collected:

We collect and process the data you provide to us, such as your contact details, name and address, when you get in contact with us by telephone or e-mail. All data that you communicate to us is transferred between your browser and our server in encrypted form.

3.2.2 Purposes of the data processing:

The data is processed by our customer service, or service providers contracted by us, exclusively on the basis of your inquiry, and in order to process your inquiry.

3.2.3 Legal basis:

We process your data in order to perform steps resulting from your inquiry prior to entering into and during the contract (Article 6, paragraph 1b GDPR).

3.2.4 Period of storage:

We store your data for as long as we need them for our concrete processing purposes in order to guarantee or comply with statutory retention periods.

3.2.5 Transfer to third countries:

The service providers we use to manage your data include Salesforce.com (salesforce.com EMEA Limited, Company No. 05094083, registered in England: Floor 26 Salesforce Tower, 110 Bishopsgate, London EC2N 4AY, UK).

The data is generally processed in European computing centers. As part of maintenance and support measures, it can happen that data is also transferred to a third country, the USA. In order to be able to guarantee appropriate protection for your data in these circumstances as well, we have obligated the service provider Salesforce Inc. to maintain a level of data privacy equivalent to EU law, invoking the relevant EU standard contract clause.

3.3 Seminar registration and billing

3.3.1 Data collected:

In the course of registering your account with us we collect and process data you provide, for example, contact details such as your name and address, information on the topic, location and period you are booking and, if necessary, other details of the relevant seminar.

3.3.2 Purposes of the data processing:

We process your data to enable us to provide the relevant seminar, to create your invoice and send it to you, and if necessary, to enable us to send you future marketing material regarding similar seminars and products.

3.3.3 Legal basis:

We process your data in order to be able to fulfill our contractual obligations towards you (Article 6, paragraph 1b EU GDPR). Additionally, we process your data on the grounds of legitimate interest (Article 6, paragraph 1f EU GDPR), in order to be able to submit similar interesting offers to you in future.

3.3.4 Period of storage and control option:

We store your data for as long as we need them for our concrete processing purposes in order to guarantee or comply with statutory retention periods.

To the extent that we use your data to approach you with marketing material on the basis of your previous bookings with eAcademy, you can object to the data processing. To do this, it is sufficient for you to contact our customer service or simply to cancel your subscription directly by clicking the “Unsubscribe” link in the marketing e-mail.

3.4 Coaching

3.4.1 Data collected:

You can also book coaching sessions through our website. When you do this, we forward your data (first and last name, login e-mail address, and details of your individual course project) to your chosen coach. In addition, when you book you can also provide a telephone number on a voluntary basis, which we will then forward to the coach as well. The latter will then contact you personally and discuss your preferred communication options with you. We have no influence on this. We do not process any other data in this context.

3.4.2 Purposes of the data processing:

We process the data so that we can provide the coaching you have booked and to make communication between you and your coach possible.

3.4.3 Legal basis:

Data processing is based on performance of a contract (Article 6, paragraph 1b GDPR).

3.4.4 Period of storage:

We store your data for the duration of the contact and then delete them, unless statutory retention obligations prevent us from undertaking the deletion.

3.5 Customer surveys

3.5.1 Data collected:

For the purposes of online surveys, we use the services of the provider Netigate Deutschland GmbH, Luisenforum, Kirchgasse 2, 65185, Germany. Netigate processes user details solely for the purposes of analyzing the survey and saves them anonymously, i.e. in particular without the user’s IP address, unless personal data such as names or e-mail addresses are requested. If personal data are also requested as part of the survey (e.g. name, address, company etc.), then as part of the survey we also indicate separately that these are additional details provided voluntarily.

3.5.2 Purposes of the data processing:

We use Netigate for the needs-based design and optimization of our products and services.

3.5.3 Legal basis:

We use Netigate when you fill out the corresponding questionnaire. Filling out the questionnaire is voluntary. To the extent that you disclose personal information as part of the survey, the data is processed on the basis of your consent (cf. Article 6, paragraph 1a GDPR).

3.5.4 Period of storage and control option:

In the case of surveys containing personal information, these are automatically deleted after 13 months. If you have disclosed personal data on a voluntary basis, you can withdraw your consent at any time with future effect (cf. Article 7, paragraph 3 GDPR). A message to our customer service is sufficient to do this.

4. What rights do you have and how can you exercise them?

4.1 Withdrawal of consent

If necessary, you can withdraw the consent you gave to the processing of your personal data at any time, with future effect. Please note that withdrawing your consent has no effect on the legality of the data processing carried out up to that point, and that it does not extend to data processing that is permitted by law, and which may therefore be carried out even without your consent.

4.2 Other rights of the data subject

In addition to this, you have the following data subject rights in accordance with Articles 15 to 21 and 77 of the EU Data Protection Regulation (GDPR), if the relevant legal conditions are satisfied:

4.2.1 Information:

At any time, you can ask us to send you information on which of your personal data we process, and provide you with a copy of the personal data we have stored (Article 15 GDPR).

4.2.2 Rectification:

At any time you can request the rectification of inaccurate personal data or completion of incomplete personal data (Article 16 GDPR).

4.2.3 Erasure:

Regarding the erasure of your personal data: Please note that the following types of data are excluded from erasure: data that we require to complete or perform contracts and to establish, exercise and defend legal claims, and data that are subject to statutory, regulatory or contractual storage obligations (Article 17 GDPR).

4.2.4 Restriction of processing:

In certain circumstances, you can request that the processing of your data be restricted, e.g. if in your opinion the data is inaccurate, if processing is unlawful, or if you have raised an objection to the data processing. The result of this is that your data may only be processed in a very limited way without your consent, e.g., for the establishment, exercise and defense of legal claims, or to protect the rights of other natural and legal persons (Article 18 GDPR).

4.2.5 Objection to the data processing:

You can object to data processing for direct marketing purposes at any time. Additionally, if specific grounds exist, you can object to the data processing that is based on a legitimate interest (Article 21 GDPR).

4.2.6 Data portability:

You have the right to receive the data you have provided us, and that we are processing on the basis of your consent or to fulfill the contract, in a commonly used, machine-readable format, and to request that the data be directly transmitted to third parties, where this is technically feasible (Article 20 GDPR).

5. Ways of contacting us

You can exercise your rights by contacting us at the following addresses:

Haufe Group
Mr. Raik Mickler
Data Protection Officer
Munzinger Strasse 9
79111 Freiburg, Germany
E-mail: dsb@haufe-lexware.com

You can withdraw your consent to data processing using cookies and tracking technologies by making the appropriate settings in your browser, or by using the opt-out options described in detail in section 2.3.

6. Right to complain to a supervisory authority

If you think that, for example, our data processing is unlawful, or that we have not granted the rights described above to the necessary extent, you have the right to file complaints with the responsible data protection supervisory authorities.

Last updated: April 2019

Ihr Browser ist veraltet!

Bitte aktualisieren Sie Ihren Browser, um diese Website korrekt darzustellen.

Browser jetzt aktualisieren

×