An overview of data protection
1. General notes and definitions
The following notes provide a simple overview of what happens to your personal data when you visit our website or use our online learning system “Skoove”. Skoove is currently available via the Internet browser, iPad and iPhone application. Our website and Skoove are hereinafter collectively referred to as “services”. Personal data are all data with which you can be personally identified.
Who is responsible for the data collection?
Data processing when using our services is carried out by Learnfield GmbH. You can find our contact details in the imprint of this website.
How do we collect your data?
On the one hand, your data is collected when you communicate it to us. This may be data that you enter in a contact form, for example.
Other data is automatically collected by our IT systems when you use our services. These are mainly technical data (e.g. Internet browser, operating system or time of page visit). This data is collected automatically as soon as you use our services.
What do we use your data for?
Part of the data is collected in order to ensure error-free provision of our services. Other data can be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint if you have any further questions on the subject of data protection. You also have the right of appeal to the competent supervisory authority.
Analytics and third-party tools
When using our services, your usage behaviour can be statistically evaluated. This is done primarily with cookies and so-called analysis programs. The analysis of your usage behavior is usually anonymous; the usage behavior cannot be traced back to you. You may object to this analysis or prevent it by not using certain tools. You will find detailed information on this in the following data protection declaration.
You can object to this analysis. We will inform you about the possibilities of objection in this data protection declaration.
2. General information and mandatory information
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
When you use our services, various personal data is collected. Personal data is data with which you can be personally identified. This data protection declaration explains which data we collect and for what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. communication by email) can have security gaps. A complete protection of data against access by third parties is not possible.
Note on the responsible body
10243 Berlin, Germany
Telephone: +49 (0) 30 120 85 919
Responsible body is the natural or legal person who alone or together with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)
In the event that data are processed on the basis of Art. 6 Sect. 1 lit. e or f GDPR, you have the right to at any time object to the processing of your personal data based on grounds arising from your unique situation. This also applies to any profiling based on these provisions. To determine the legal basis, on which any processing of data is based, please consult this Data Protection Declaration. If you log an objection, we will no longer process your affected personal data, unless we are in a position to present compelling protection worthy grounds for the processing of your data, that outweigh your interests, rights and freedoms or if the purpose of the processing is the claiming, exercising or defence of legal entitlements (objection pursuant to Art. 21 Sect. 1 GDPR).
If your personal data is being processed in order to engage in direct advertising, you have the right to at any time object to the processing of your affected personal data for the purposes of such advertising. This also applies to profiling to the extent that it is affiliated with such direct advertising. If you object, your personal data will subsequently no longer be used for direct advertising purposes (objection pursuant to Art. 21 Sect. 2 GDPR).
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The responsible supervisory authority for data protection issues is the State Data Protection Commissioner in Berlin.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
Data protection officer
We have appointed a data protection officer for our company.
Thorsten Schröers | SAFE-PORT Consulting GmbH
Hülshoff-Straße 7 | D-59469 Ense
Telephone: +49 (0) 2938 977 978
4. Data collection
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Registration on this website
You can register on our website to use additional functions of our services. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
Registration with Facebook Connect
Instead of registering directly on our website, you may also register using Facebook Connect. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
If you decide to register with Facebook Connect and click on the “Login with Facebook” or “Connect with Facebook” buttons, you will be automatically redirected to the Facebook platform. There you can log in with your Facebook username and password. This will link your Facebook profile to our website or services. This link gives us access to your data stored on Facebook. Including especially your:
- Facebook name
- Facebook profile picture
- Facebook cover picture
- Email address provided to Facebook
- Facebook ID
- Facebook friends
- Facebook Likes
This data will be used to set up, provide, and personalize your account.
Processing of data (customer and contract data)
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.
Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transferred when signing up for services and digital content
We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract with us. In this case, we conclude a contract for order data processing and fully implement the strict requirements of the German data protection authorities when using external service providers.
A further transmission of personal data will not take place or only if you have expressly consented to the transmission.
The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
We collect and process the personal data of applicants for the purpose of processing the application process. The processing can also be done electronically. This is especially the case if an applicant submits the corresponding application documents by electronic means, for example by email. When concluding a contract of employment with an applicant, the transmitted data will be stored for the purpose of executing the employment relationship in compliance with the statutory provisions. If no contract of employment is concluded with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion does not prejudice any other legitimate interests of the controller or if you have not actively consented to further use in our candidate database for future projects. Please note that the transfer by email is not automatically encrypted. Alternatively, you have the option to send your request at any time by mail to the Learnfield GmbH, Karl-Marx-Allee 85, D-10243 Berlin.
We use the services of the provider Applied Training Systems, Inc. (ATSI) D.B.A. Recruiterbox to handle the application process. Recruiterbox is certified according to the “EU-US Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA that is intended to ensure compliance with European data protection standards in the USA.
In the Recruiterbox data protection policy you will find further information on the protection of your privacy. We have concluded a so-called “Data Processing Agreement” with Recruiterbox, in which we commit Recruiterbox to protect the data of our customers and not to pass it on to third parties. This agreement can be viewed on the Recruiterbox website.
Analytics and advertising
Our services use Google Analytics, a web analytics service. It is operated by Google Inc., USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of our services by you. The information generated by the cookie about your use of our services is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. Learnfield has a legitimate interest in analyzing user behavior to optimize both its services and its advertising on other platforms.
We have activated the IP anonymization feature on our services. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of Learnfield to evaluate your use of our services, to compile reports on your usage of our services, and to provide other services regarding utilization activities and Internet usage for Learnfield. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of our services. You can also prevent the data generated by cookies about your use of our services (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits of our services: Disable Google Analytics.
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic data collection by Google Analytics
Our services use Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section “Refusal of data collection”.
Our services measure conversions using visitor action pixels from Facebook Inc., USA (“Facebook”).
These allow the behavior of site visitors to be tracked after they click on a Facebook ad to reach the provider’s website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.
If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
6. Email dispatch
If you register for our Services, we will send you our newsletter (advertising for existing customers). You can object to this use of your data for advertising purposes at any time by sending an e-mail to email@example.com (statement advertising objection). A corresponding unsubscribe link can also be found in every newsletter. The legal basis for this data processing is Art. 6 para. 1 lit f GDPR, based on our legitimate interest in advertising our products and services.
For the dispatch of newsletters we use the service Intercom Messages of the company Intercom Inc.
Intercom is a service which organizes and analyzes the distribution of newsletters. If you provide data (e.g. your email address) to subscribe to our newsletter, it will be stored on Intercom servers in the USA.
Intercom is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the US to ensure compliance with European privacy standards in the United States.
We use Intercom to analyze our newsletter campaigns. When you open an email sent by Intercom, a file included in the email (called a web beacon) connects to Intercom’s servers in the United States. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests.
If you do not want your usage of the newsletter to be analyzed by Intercom, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe directly by sending an email to us.
Data processing is based on Art. 6 (1) (a) GDPR. You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of Intercom. Data we have stored for other purposes (e.g. email addresses of customers) remains unaffected.
We have entered into a data processing agreement with Intercom, in which we require Intercom to protect the data of our customers and not to disclose said data to third parties. This contract can be viewed on the website of Intercom: https://intercom.com
We send you emails for various reasons. System messages, such as a registration confirmation, are sent on the basis of Article 6(1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
We have concluded a so-called “Data-Processing-Agreement” with MailChimp, in which we oblige MailChimp to protect the data of our customers and not to pass it on to third parties. This contract can be viewed on the website of MailChimp (https://mailchimp.com).
Your data for sending system emails will remain stored by us and on the servers of MailChimp in the USA as long as you are registered with us as a user. You can request the deletion of your data at any time by sending us an informal email.
7. Payment service providers
Payment on our website is processed by the technical service provider Paymill GmbH, Deutschland, and Stripe, Inc. to whom you directly transmit your billing data (for example: name, address, credit card number, invoice amount) for the purpose of payment processing in accordance with Art. 6 para. 1 letter b GDPR using the form provided on our website. Learnfield does not collect, process or store any payment data.
For the execution of a credit card payment Paymill GmbH forwards your accounting data on the basis of the art. 6 exp. 1 lit. b GDPR to the so-called Acquirer banks.
Paymill GmbH forwards your billing data to InterCard AG, www.intercard.de (InterCard) for the execution of direct debit payments on the basis of Art. 6 Para. 1 letter b GDPR. A check is made there against the InterCard lock file, in which accounts for which open receivables exist are stored, unless rights from the underlying transaction have been asserted. In addition, maximum amounts are set for payments within certain periods. The lock file and payment data are processed and stored by InterCard to prevent misuse and limit the risk of non-payment.
8. Customer support
To organize our communication with you and to provide you with qualified support, we use the Intercom Inbox service of Intercom Inc., USA.
With the help of Intercom, data is collected and stored (e.g. time of retrieval, browser type and operating system), which form the basis of our customer support. Furthermore, we use Intercom as a communication medium, for emails or messages within our services. Accordingly, data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Intercom is certified according to the “EU-US-Privacy-Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.
We have concluded a data processing agreement with Intercom in which we oblige Intercom to protect our customers’ data and not to pass it on to third parties. This contract can be viewed on the website of Intercom: https://intercom.com.
If you wish to object to the storage and transmission of data via Intercom in customer support, please contact us.
9. Performance data
To optimize your learning experience, we process data related to playing the instrument. This is necessary, for example, to give you individual feedback on your learning success.
Accordingly, data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
10. Non-personal data
With the use of our services also data are processed, which are not personal. These data are evaluated by us exclusively for statistical purposes. It is not possible to draw conclusions about a specific person.
The following services, to which we transmit pseudonymised or anonymised data, are certified according to the “EU-US-Privacy-Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.
We use technologies of AppsFlyer Ltd, USA (https://www.appsflyer.com) to collect and store data for marketing and optimization purposes. Pseudonymised user profiles are created from this data. The data collected with the technologies are not used to personally identify the user of our services and are not combined with personal data about the bearer of the pseudonym. You have the right at any time to object to the collection and storage of data with effect for the future. To cancel the AppsFlyer service, please visit this page: https://www.appsflyer.com/optout.
To continuously improve our mobile application we use the services of Crashlytics (Crashlytics, Inc., USA). Should unexpected errors or crashes occur in the mobile application, specific information such as device type, operating system version and other technical data is sent to Crashlytics. This information does not contain any personally identifiable information. The data protection guidelines of Crashlytics can be viewed at https://try.crashlytics.com.