Privacy Policy

Preamble

The protection of your data is important to us. With this Privacy Policy, we inform you, as the data controller, in accordance with the requirements of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), about the nature, scope, and purpose of the processing of personal data in connection with our website.

Definitions

“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“Recipient” means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

General Information

Data Controller:

crossculture academy GmbH
Filderstrasse 45
70180 Stuttgart

Contact Details of the Data Protection Officer:

Legal Basis

1. Legal Basis for Data Processing

We process personal data on at least one of the following legal bases:

  1. Consent of the data subject to the processing of personal data for one or more specific purposes (Art. 6 (1) sentence 1 lit. a GDPR)
  2. Performance of a contract with the data subject or to take steps prior to entering into a contract at the request of the data subject (Art. 6 (1) sentence 1 lit. b GDPR)
  3. Compliance with a legal obligation to which we are subject (Art. 6 (1) sentence 1 lit. c GDPR)
  4. Protection of our legitimate interests or those of a third party (Art. 6 (1) sentence 1 lit. f GDPR)

In this Privacy Policy, we indicate the respective legal basis for individual processing activities.

2. Rights of the Data Subject

As a data subject, you have the following rights: According to Art. 15 GDPR, you can request information about your personal data processed by us.

  • The purposes of processing,
  • The categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed,
  • The planned storage period or the criteria for determining the storage period.
  • The source of your data, if these were not collected from you,
  • The existence of a right to rectify or delete the data concerning you, the right to restrict processing or object to such processing,
  • The existence of automated decision-making, including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing,
  • The existence of a right to lodge a complaint with a supervisory authority.
  • Finally, you have the right to be informed whether personal data have been transferred to a third country or to an international organization and – if so – about the appropriate safeguards in connection with the transfer.
  •  

Right to Rectification of Inaccurate Data:

  • According to Art. 16 GDPR, you can request the immediate rectification of inaccurate or the completion of incomplete personal data stored by us.

Right to Erasure ("Right to be Forgotten"):

  • According to Art. 17 GDPR, you can request the deletion of your personal data stored by us if one of the following reasons applies:

    • The data are no longer necessary for the purposes for which they were collected,
    • You withdraw your consent and there is no other legal basis for processing,
    • You object to the processing and there are no overriding legitimate grounds for processing,
    • The personal data have been unlawfully processed,
    • The erasure of the personal data is necessary to fulfill a legal obligation to which the controller is subject,
    • The personal data were collected in relation to the offer of information society services according to Article 8(1).
    • In the case of valid reasons for deletion, we will forward your data to those third parties who process your data on our behalf.
     

Right to Restriction of Processing:

  • According to Art. 18 GDPR, you can request the restriction of processing of your personal data,
  • As far as you dispute the accuracy of the data,
  • The processing is unlawful, but you oppose the deletion and we no longer need the data,
  • You need the data we no longer need to assert, exercise, or defend legal claims,
  • You have objected to processing according to Art. 21 GDPR, and it is not yet clear whether our legitimate grounds for processing outweigh your interests.

Right to Data Portability:

  • According to Art. 20 GDPR, you can request that your personal data that you have provided to us be handed over to you in a structured, commonly used, and machine-readable format or be transmitted to another controller.

Right to Object:

  • According to Art. 21 GDPR, you can object to the processing of your personal data if there are reasons arising from your particular situation or if the objection is directed against direct advertising and the legal basis for processing the personal data is legitimate interests according to Art. 6(1) sentence 1 lit. f GDPR.

Withdrawal of Consent:

  • According to Art. 7(3) GDPR, you can withdraw your once-given consent at any time. This has the consequence that we will no longer continue the data processing based on this consent in the future.

Right to Lodge a Complaint with a Supervisory Authority:

  • According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement.
 

List of Supervisory Authorities in Germany :(https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html)
If you wish to exercise the above rights of the data subject, you can contact us at any time using the contact details provided above.

3. Deletion and Restriction of Processing of Personal Data

Unless otherwise regulated in this Privacy Policy in individual cases, personal data will be deleted if these data are no longer necessary for the purposes for which they were collected or otherwise processed, and there are no legal retention obligations that conflict with deletion. We also delete the personal data processed by us according to Art. 17 GDPR upon request if the conditions specified therein are met. If personal data are required for other and legally permissible purposes, they will not be deleted, but their processing will be restricted according to Art. 18 GDPR. In the case of restriction, the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax reasons. The statutory retention periods according to § 257 para. 1 nos. 2 and 3 HGB as well as § 147 para. 1 nos. 2, 3, 5 AO, § 257 para. 1 nos. 1 and 4 HGB as well as § 147 para. 1 nos. 1, 4, 4a AO apply to the retention periods.

4. Disclosure of Data and Recipients

We only disclose personal data to recipients (processors or other third parties) to the extent necessary and only under one of the following conditions:

  • The data subject has consented to the disclosure;
  • The disclosure serves to fulfill contractual obligations or pre-contractual measures at the request of the data subject;
  • We are legally obligated to disclose;
  • The disclosure is based on legitimate interests of us or a third party.

5. Third Countries

The transfer of personal data to a country or an international organization outside the European Union (EU) or the European Economic Area (EEA) is only carried out, subject to legal or contractual permissions, under the conditions of Art. 44 et seq. GDPR. This means that an adequacy decision by the EU Commission according to Art. 45 GDPR is available for the respective country, appropriate safeguards for data protection according to Art. 46 GDPR, or binding corporate rules according to Art. 47 GDPR exist.

Contract Data

In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations via our online offer, which are carried out at the request of the data subject, we process the data necessary for fulfilling the contract from the data subject. This includes:

  • Contract partner data, such as name, address, and contact details, possibly different delivery or billing addresses or recipients and, if necessary, the date of birth;
  • Contract data, such as subject of the contract, duration, customer category;
  • Payment data such as bank details, credit card data, payment history.
 

The legal basis for data processing is Art. 6(1) sentence 1 lit. b GDPR. Data will only be passed on to third parties insofar as this is necessary to fulfill pre-contractual measures and contractual obligations, e.g., to banks, payment service providers, credit card companies for payment processing, and to shipping service providers for the dispatch of goods. We use a CRM software provided and hosted by another company to manage and process the aforementioned data.

Data We Process on Our Website

1. Cookies

As part of our online offer, we use cookies. Cookies consist of a key and a value and are  managed by the user’s browser and stored on your device (laptop, tablet, smartphone, PC, etc.) when you visit our site. They do not cause any harm to your device, do not contain viruses, or other malicious software.

       Essential Cookies:
       We use session cookies to recognize that you have already visited individual pages of our
       online offer during your visit to our site. Such cookies also provide certain functionalities.
       Session cookies are deleted after the end of your visit to our online offer. In addition, our
       Consent Management Tool “Real Cookie Banner” uses a pseudonymized identification of
       the user (UUID) to manage the consents you have set. The data processed by cookies is
       necessary for the purposes mentioned to safeguard our legitimate interests and those of
       third parties according to Art. 6(1) sentence 1 lit. f GDPR.

       Functional Cookies and Statistics:
       In addition, we use temporary cookies to optimize user-friendliness and the statistical
       evaluation of the use of our offer, which are stored on your device for a specified period. If
       you visit our site again to use our services, it will automatically recognize that you have been
       with us before and what entries and settings you have made, so you do not have to enter
       them again. These are not activated when you visit the website. You can give us consent for
       the use in the Real Cookie Banner. If you agree to the respective cookie, we are entitled to
       use your data for the specified purposes according to Art. 6(1) sentence 1 lit. a GDPR.

2. Hosting

To provide our online offer, we use services from hosting companies, such as providing web servers, storage space, database services, security services, and maintenance services. In doing so, we or our hosting provider process personal data of users of our online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer according to Art. 6(1) lit. f GDPR.

3. Access Data and Logfiles

When you access our online offer or individual pages, information is automatically sent from your device’s browser to the server of our online offer. This information is stored in so-called log files by us or our hosting provider and deleted at the latest after 7 days.

The following information is stored:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which the access is made (referrer URL),
  • Browser used and, if applicable, the operating system of your computer,
  • Status codes and data volume transferred
 

       These data are processed for the following purposes:

  • Provision of the online offer, including all functions and content,
  • Ensuring a smooth connection setup of the website,
  • Ensuring a comfortable use of our website,
  • Ensuring system security and stability,
  • Anonymous statistical evaluation of accesses,
  • Optimization of the website,
  • Disclosure to law enforcement authorities in the event of an unlawful interference/attack on our systems,
  • Other administrative purposes.
 

 These data are not attributable to specific individuals. A combination of these data with other data sources is not performed. The legal basis for data processing is Art. 6(1) sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes of data collection outlined above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about a person.

4. Contact Form and Other Contact Methods

If you use the contact form, you will be asked to provide your name and email address, and possibly other contact details, so that we can contact you personally. Additional information may be provided voluntarily. Data processing for the purpose of contacting us and answering your inquiry is carried out according to Art. 6(1) sentence 1 lit. a GDPR based on the consent you have voluntarily given. If you contact us using the contact details published within our online offer (e.g., via email) and transmit personal data to us in the process, these data will be deleted after processing your inquiry, unless retention is required for the documentation of other processes (e.g., subsequent contract conclusion).

5. Newsletter

If you wish to receive our newsletter, we need your email address. Data processing for the purpose of sending the newsletter is based on Art. 6(1) sentence 1 lit. a GDPR using the double opt-in procedure based on your voluntary consent. The email address will be used and stored for this purpose until you withdraw your consent or unsubscribe from receiving the newsletter. You can unsubscribe at any time, for example, via a link at the end of each newsletter. Alternatively, you can send your revocation/unsubscription request at any time to the email address mentioned under Section II.  We send our newsletters using a so-called tracking pixel. A tracking pixel is a miniature graphic embedded in the HTML format of the sent newsletter to enable an analysis of reader behavior. In this context, we store whether and when a newsletter was opened by you and which links contained in the newsletter were accessed by you. We create statistical evaluations of the success or failure of a marketing campaign with these data to optimize newsletter dispatch and tailor the content of future newsletters better to the interests of our users. The collected data are not shared with third parties and are deleted after the statistical evaluation.

6. Matomo

We use the software “Matomo” (www.matomo.org) on this website, a service provided by  InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. If you consent to the use of Matomo, the software will set a cookie on your computer, which can recognize your browser. When subpages of our website are accessed, the following data are stored:

  • The IP address of the user, truncated by the last two bytes (anonymized),
  • The accessed subpage and the time of access,
  • The page from which the user reached our website (referrer),
  • Which browser with which plugins, which operating system, and which screen resolution are used,
  • The time spent on the website,
  • The pages accessed from the accessed subpage.
The data collected with Matomo are stored only on our own servers. They are not shared with third parties. We use the data to analyze user behavior and obtain information about the use of individual components of the website. This enables us to continuously optimize the website and its user-friendliness. Our legitimate interest lies in these purposes  according to Art. 6(1) lit. f GDPR. By anonymizing the IP address, we take into account the users’ interest in protecting personal data. The data are never used to identify the website user personally and are not merged with other data.

Duration of Storage:The data are deleted when they are no longer needed for our purposes.

7. SalesViewer®

We use SalesViewer® on our website.It allows us to identify companies visiting our website. No personal data are collected or stored in the process.

 [https://www.salesviewer.com/de/datenschutzerklaerung]

8. Bitrix24

The newsletter is sent via Bitrix24. The provider of Bitrix24 is Bitrix24 Limited, registered at Poseidonos 1, Ledra Business Center, Egkomi, 2406, Nicosia, Cyprus (hereinafter “Bitrix24”). Bitrix24 is used for the sending and evaluation of the reach of our newsletter. For this purpose, your email address and, if applicable, other data required by Bitrix24 for the provision of the newsletter are processed on our behalf. The legal basis for processing by Bitrix24 is Art. 6(1) lit. f GDPR and our legitimate interest in the use of a user-friendly and secure newsletter system and the optimization of our online offer. For more information on how Bitrix24 handles your personal data, please refer to their privacy policy:  [https://www.bitrix24.de/privacy] and [https://www.bitrix24.de/gdpr]

9. Digistore

You can order intercultural online training directly from our website. Payment processing is then carried out via the payment service provider Digistore. By placing an order via Digistore, you agree to Digistore’s privacy policy. Alternatively, you can also order the desired course by sending us an email or using our contact form.

10. Google Maps

This online offer uses Google Maps from Google to display maps, terrain data, or geographical maps. The provider of the following Google services is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). This service collects your IP address, which of our websites you visited, and, if applicable, other data required by Google for the provision of Maps (e.g., location data). The generated information is stored on a server in the USA. These data may also be transmitted to third parties if this is required by law or if third parties process these data on our behalf or on behalf of Google. The terms of use for Google Maps can be found at [https://www.google.com/intl/de_de/help/terms_maps.html]
Further information on how Google handles your personal data can be found in Google’s privacy policy: [https://www.google.com/intl/de/policies/privacy/] The legal basis for using the following services is your voluntary consent according to Art. 6(1) sentence 1 lit. a GDPR.

11. EasyFeedback

Since your opinion matters to us, we use a tool to request your feedback after a training session. You will receive an email with a link where you can find the questionnaire. Participation in this survey is voluntary. Your responses are anonymized before transmission to us. The stored data cannot be attributed to you. Regardless of whether you  participate in the survey or not, your email address will be deleted weeks after the completion of the survey.