Datenschutzerklärung - BOS-Akademie

Privacy policy

1. Data Protection at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data refers to all data that can be used to personally identify you. Detailed information on data protection can be found in our privacy policy listed below.

Definitions of Terms

The legislator requires that personal data be processed lawfully, fairly, and in a transparent manner in relation to the data subject ("lawfulness, fairness, transparency"). To ensure this, we provide you with the legal definitions of terms used in this privacy policy:

I. Personal Data

“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

II. Processing

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

III. Restriction of Processing

“Restriction of processing” means the marking of stored personal data with the aim of limiting their future processing.

IV. Profiling

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

V. Pseudonymization

“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

VI. Filing System

“Filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis.

VII. Controller

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

VIII. Processor

“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

IX. Recipient

“Recipient” means a natural or legal person, public authority, agency, or another body to whom the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

X. Third Party

“Third party” means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

XI. Consent

“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Data Collection on This Website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Note on the Responsible Party” in this privacy policy.

How do we collect your data?

Your data is collected in part by you providing it to us. This may include, for example, information you enter into a contact form.
Other data is collected automatically or after your consent when you visit the website. This primarily includes technical data (e.g. internet browser, operating system, or time of page access). The collection of this data occurs automatically as soon as you access the website.

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the submitted data will also be used for quotations, orders, or other inquiries.

What rights do you have regarding your data?

You have the right to receive information free of charge at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time with effect for the future. Additionally, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority.
If you have any questions regarding data protection, you can contact us at any time.

Analytics tools and third-party tools

When visiting this website, your browsing behavior may be statistically analyzed. This is primarily done using so-called analytics programs. Detailed information about these programs can be found in the privacy policy below.

2. Hosting

We host the content of our website with the following provider:

IONOS

The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter referred to as “IONOS”). When you visit our website, IONOS collects various log files including your IP address. For more details, please refer to the IONOS privacy policy:

https://www.ionos.de/terms-gtc/datenschutzerklaerung/

The use of IONOS is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website possible. If consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) as defined by the TDDDG. Consent can be revoked at any time.

Data Processing Agreement (DPA)

We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider. This is a contract required under data protection law that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data are any data by which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this takes place.

Please note that data transmission over the Internet (e.g., when communicating by email) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.

Security & Protection of Personal Data

We consider it our primary responsibility to maintain the confidentiality of the personal data you provide and to protect it from unauthorized access. Therefore, we apply the utmost care and the latest security standards to ensure the highest possible protection of your personal data.

As a privately owned company, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the German Federal Data Protection Act (BDSG). We have implemented technical and organizational measures to ensure that data protection regulations are observed by both us and our external service providers.

Information on the Responsible Party

The responsible party for data processing on this website is:

Bollin Consulting GmbH
Sebaldstraße 23
73525 Schwäbisch Gmünd
Germany

Phone: +49 7171 - 99 810 31
E-Mail: info@bos-akademie.de

The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage Duration

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you request the deletion of your data or revoke your consent to data processing, your data will be deleted—provided there are no other legally permissible reasons for retaining your personal data (e.g. retention periods under tax or commercial law). In the latter case, the data will be deleted once those reasons no longer apply.

General Information on the Legal Basis for Data Processing on This Website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR and, where special categories of data pursuant to Art. 9(1) GDPR are processed, on the basis of Art. 9(2)(a) GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. via device fingerprinting), data processing additionally takes place on the basis of § 25(1) TDDDG. Consent may be revoked at any time. If your data is required for the performance of a contract or for pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if necessary to fulfill a legal obligation based on Art. 6(1)(c) GDPR. Data processing may also be based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Details on the applicable legal basis for processing in each case are provided in the respective sections of this privacy policy.

Recipients of Personal Data

As part of our business operations, we work with various external parties. In some cases, it is necessary to transfer personal data to these external parties. We only disclose personal data to third parties if it is required for the fulfillment of a contract, if we are legally obligated to do so (e.g. disclosure to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the disclosure of data. When engaging processors, we only transfer personal data of our customers on the basis of a valid data processing agreement. In cases of joint processing, a joint controller agreement is concluded.

Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may revoke any previously granted consent at any time. The legality of data processing carried out prior to the withdrawal remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

If the data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, including profiling based on these provisions. The relevant legal basis on which processing is based can be found in this privacy policy.

If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims (objection pursuant to Art. 21(1) GDPR).

If your personal data is being processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing.

If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to Art. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

Right to Data Portability

You have the right to receive the data that we process automatically on the basis of your consent or in fulfillment of a contract, in a commonly used, machine-readable format, and to have it transferred to yourself or to a third party. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.

Access, Rectification, and Erasure

In accordance with the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, their origin and recipients, and the purpose of data processing. You may also have a right to rectification or erasure of these data. For this and any other questions regarding personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time. The right to restriction of processing applies in the following cases:

If you contest the accuracy of the personal data we hold about you, we usually need time to verify this. For the duration of the verification process, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data was or is unlawful, you may request the restriction of data processing instead of erasure.

If we no longer need your personal data, but you require them for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.

If you have objected to processing pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data—apart from being stored—may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content—such as orders or inquiries that you send to us as the website operator—this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser’s address bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to advertising emails

The use of contact details published as part of the legal notice obligation for sending unsolicited advertising and information materials is hereby objected to. The site operators expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam emails.

4. Data Collection on This Website

Cookies

Our websites use so-called “cookies.” Cookies are small data packets that do no harm to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them or your web browser automatically deletes them.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies allow the integration of certain services provided by third-party companies within websites (e.g., cookies for processing payment services).

Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or video display). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies that are necessary for the electronic communication process, to provide certain functions you desire (e.g., the shopping cart function), or to optimize the website (e.g., cookies for measuring web traffic) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent for the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent can be revoked at any time.

You can configure your browser to inform you about the setting of cookies, to allow cookies only in individual cases, to exclude the acceptance of cookies in certain cases or in general, and to enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

You can find out which cookies and services are used on this website in this privacy policy.

Contact form

If you send us inquiries via the contact form, the information you provide in the form—including the contact details you entered—will be stored by us for the purpose of processing your inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively handling the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if this has been requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been fully processed). Mandatory legal provisions—especially retention periods—remain unaffected.

Inquiry via Email, Telephone or Fax

If you contact us by email, telephone or fax, your inquiry including all resulting personal data (e.g., name, nature of the inquiry) will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

The data you send to us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions—especially statutory retention periods—remain unaffected.

5. Newsletter

Newsletter Data

If you would like to receive the newsletter offered on our website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you consent to receiving the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter subscription form is based solely on your consent (Art. 6(1)(a) GDPR). You can revoke your consent to the storage of the data, the email address, and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing that has already taken place remains unaffected by the revocation.

The data you provide to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe or once the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Data stored by us for other purposes remains unaffected by this.

After unsubscribing from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be combined with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You may object to this storage if your interests outweigh our legitimate interest.

Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies,” which are text files stored on your computer that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will first be shortened by Google within the member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

You can prevent the storage of cookies by adjusting the settings of your browser software accordingly; however, please note that in this case you may not be able to fully use all the features of this website. Additionally, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in shortened form, thus excluding any direct personal reference. If data collected about you has a personal reference, it is immediately excluded, and the personal data is deleted without delay.

We use Google Analytics to analyze the use of our website and to regularly improve it. The resulting statistics allow us to enhance our services and make them more appealing to you as a user. In exceptional cases where personal data is transferred to the USA, Google is certified under the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 (1) sentence 1 lit. f GDPR.

Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use:

http://www.google.com/analytics/terms/de.html Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html Privacy policy: http://www.google.de/intl/de/policies/privacy

This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My Data,” “Personal Data.”