Privacy Policy

Preamble


We adhere to privacy regulations, and we also want to ensure transparency regarding when we store what data and how we use it. With these privacy policies we as the controller of data processing inform you according to (EU) 2016/679 (GDPR General data protection) about the kind, amount and usage of personal data collected when visiting our website.

I Definitions

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; ‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

II General Information

1. Controller

crossculture academy GmbH
Filderstr. 45
70180 Stuttgart
Phone: 0049 711.722468-44
Fax: 0049 711.722468-45
E-Mail: info@crossculture-academy.com

2. Contact data of the Data Protection Officer

Gabriele Knödler-Bittner

gkb@dsb-plus.de

III Legal Basis

1. Legal basis for processing data

We process personal data on the following legal basis:

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Art.  6 Abs. 1 S. 1 lit. a GDPR);
  • processing is necessary for the performance of a contract or precontractual measures to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (Art.  6 Abs. 1 S. 1 lit. b GDPR);
  • processing is necessary for compliance with a legal obligation to which the controller is subject; (Art.  6 Abs. 1 S. 1 lit. c GDPR);
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. (Art.  6 Abs. 1 S. 1 lit. f GDPR).

With this privacy policies we indicate the referring legal basis regarding the processing of personal data in mentioned cases.

2. Rights of the data subject

To you as a data subject the following rights apply according to Chapter III GDPR:
According to Art 15 GDPR The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  • the purposes of the processing;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of the right to request from the controller rectification or erasure of personal data or completion of incomplete personal data completed, restriction of processing of personal data concerning the data subject or to object to such processing;
  • the existence of automated decision-making, including profiling;
  • the right to lodge a complaint with a supervisory authority;
  • where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.

Right to Rectification:
According to Art. 16 GDPR, the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (‘right to be forgotten’):
According to Art 17 GDPR the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws consent on which the processing is based;
  3. the data subject objects to the processing pursuant to and there are overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
  4. the personal data have been unlawfully processed;
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

In case of legitimate reasons for the request for deletion we will transfer data to those third parties to whom we previously transferred your personal data.


Right to restriction of processing:
According to Art. 18 GDPR the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws consent on which the processing is based according to point (a) of Article6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
  3. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
  4. the personal data have been unlawfully processed;
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

Right to portability:
According to Art. 20 GDPR the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

Right to object:
According to Art. 22 GDPR the data subject should, nevertheless, be entitled to object to the processing of any personal data relating to his or her particular situation.


Right to restriction of processing:
According to Art. 7 Abs. 3 GDPR The data subject shall have the right to withdraw his or her consent at
any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent
before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as
easy to withdraw as to give consent.

Right to lodge a complaint with a supervisory authority:
According to Art. 77 GDPR every data subject should have the right to lodge a complaint with a single
supervisory authority specifically in the Member State of his or her habitual residence.

List of official authorities in Germany:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

If you would like to plead your rights as a data subject, please contact us using the contact data mentioned in the contact data.

3. Deletion and restriction of processing personal data

Unless otherwise specified in this privacy policy for the individual case, personal data will be deleted when this data is no longer necessary for the purposes for which it was collected or otherwise processed and the deletion does not conflict with any statutory retention obligations.
The firsts are determined in accordance with our deletion concept. We also delete the personal data processed by us in accordance with Art. 17 GDPR upon request if the conditions provided for therein are met. If personal data is required for other and legally permissible purposes, it will not be deleted, but its processing will be restricted in accordance with Art. 18 DSGVO. In the event of restriction, the data will no longer be processed for other purposes, except for those purposes for which we are legally obligated. This applies, for example, to personal data that must be retained by us for reasons of commercial or tax law. The statutory periods according to § 257 para. 1 No. 2 and 3 HGB as well as § 147 para. 1 No. 2, 3, 5 AO, § 257 para. 1 No. 1 and 4 HGB as well as according to § 147 para. 1 No. 1, 4, 4a AO apply to the retention periods.

4. Transfer of personal data and recipients

We transfer personal data to recipients (processor or third party) only when necessary and only when one of the following requirements apply:

  • The data subject has given consent to the processing of his or her personal data;
  • Transfer is necessary for the performance of a contract or precontractual measures to which the data subject is party or in order to take steps at the request of the data subject prior to entering into contract;
  • Transfer is necessary for the purposes of the legitimate interests pursued by the controller;
  • Transfer is necessary for the purposes of the legitimate interests pursued by the controller or by a third party

5. Third Countries

A third country is understood to be a country outside the legal area of the European Union (EU) or the European Economic Area (EEA). The transfer of personal data to a third country or an international organization outside the European Union (EU) or the European Economic Area (EEA) shall only take place subject to legal or contractual permissions in accordance with the conditions set out in Art. 44 et seq. GDPR. This means that an adequacy decision by the EU Commission pursuant to Art. 45 GDPR exists for the country in question, appropriate data protection safeguards exist pursuant to Art. 46 GDPR or binding internal data protection rules exist pursuant to Art. 47 GDPR.

IV Contractual Data

In connection with and for the purpose of the fulfilment of pre-contractual measures and contractual obligations via our Internet offer, which take place at the request of the data subject, we process from the data subject the data necessary for the fulfilment of the contract. This includes:

  • Data of the contractual partner as name, address, contact data, different data for delivery or invoicing information, and date of birth when necessary.
  • Contractual data as subject matter of contract, period, category of customer.
  • Payment data as bank account, credit card data, payment history.

Legal basis for data processing is Art. 6 Abs. 1 S. 1 lit. b GDPR.
The data is only transferred to third parties to the extent that this is necessary for the fulfilment of pre-contractual measures and contractual obligations, e.g. to banks, payment service providers, credit card companies for the processing of payments and to shipping service providers for the dispatch of goods.
We use CRM software, which is provided and hosted by another company, to manage and process the
mentioned data.

V Individual Data Processed on our Website

1. Cookies

In some instances, our website and its pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. They consist of a key value and other technical information and where stores on your device, when visiting our website.
We use cookies for different purposes. We explain the type of cookies and the respective legal basis below:


Essential Cookies:
We use session cookies to recognize that you have already visited individual pages of our website during your visit. Certain functionalities are also provided by such cookies. Session cookies are deleted after the end of your visit to our website.
Essential services are required for the basic functionality of the website. They only contain technically necessary services. You cannot object to these services.

In addition, our consent management tool “Real Cookie Banner” uses a pseudonymised identification of the user (UUID) to manage and document the consents you have given. This pseudonymised identification is stored until the consent to activate a cookie expires.

Functional cookies and general statistics:
In addition, we use temporary cookies to optimize the user-friendliness and statistical evaluation of the use of our offer, which are stored on your terminal device for a certain specified period. If you visit our site again to use our services, it is automatically recognized that you were already with us at an earlier point in time and which entries and settings you have made so that you do not have to enter them again.
These functional cookies and the cookies for collecting statistics are not activated when you visit the website. You can give us consent to use them in the Real Cookie Banner. If you do not give us consent, these cookies will not be activated. Should you consent to the activation of the respective cookie, we are entitled to use your data for the stated purposes in accordance with Art. 6 para. 1 p. 1 lit. a GDPR based on your consent.

2. Hosting

To provide the website we use third party services, as providing webserver, storage, database services security services or maintenance services. Personal data is processed by us or third party, on basis of our legitimate interest to provide efficient and secure online services, according to Art. 6 Abs. 1 lit. f GDPR.

3. Server log files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:

  • The type and version of browser used
  • The used operating system
  • Referrer URL
  • The hostname of the accessing computer
  • The date and time of the server inquiry
  • The IP address
  • Name and URL of the retrieved file
  • Status codes and amount of data transferred
  • Name of your access provider.

This data is processed for the following purposes:

  • Provision of the website including all functions and contents
  • Ensuring a smooth connection of the website,
  • Ensuring a comfortable use of our website,
  • Ensuring system security and stability
  • Anonymized statistical evaluation of accesses
  • Optimization of the website
  • Disclosure to law enforcement authorities if there has been an illegal intervention/attack on our systems
  • other administrative purposes.

This data cannot be assigned to specific persons. This data is not merged with other data sources.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection outlined above. In no case do we use the collected data for the purpose of drawing conclusions about a person.

4. Contact form

If you use our contact form, you will be asked to provide your name and e-mail address and, if applicable, other contact details so that we can get in touch with you personally. Further information can be provided voluntarily. Data processing for the purpose of contacting us and responding to your request is carried out in accordance with Art. 6 para. 1 p. 1 lit. a GDPR based on the consent you have given voluntarily.
If you contact us using the contact data published on our website (e.g. by e-mail) and provide us with personal data, this data will be deleted after processing your request or within three months at the latest, unless storage is required for the documentation of other processes (e.g. subsequent conclusion of a contract) in accordance with Art. 6 para. 1 p. 1 lit. b GDPR.

5. Newsletter

If you would like to receive our newsletter, your email address is required.
The data processing for the purpose of sending the newsletter is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO based on the consent voluntarily given by you by means of the so-called double opt-in procedure. The e-mail address will be used for this purpose and stored until you revoke your consent or unsubscribe from receiving the newsletter. You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can also send your revocation/unsubscription request at any time to the e-mail address stated under point II.
We send our newsletters with a so-called tracking pixel. A tracking pixel is a miniature graphic that is embedded in the HTML format of the newsletter sent to enable an analysis of reader behavior. In this context, we store whether and at what time a newsletter was opened and which of the links contained in the newsletter were called up. We use this data to create statistical evaluations of the success or failure of a marketing campaign to optimize newsletter distribution and to better tailor the content of future newsletters to the interests of users. The collected data will not be passed on to third parties and will be deleted after the statistical evaluation.

6. Matomo

On this website we use „Matomo“ (www.matomo.org), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. If you accept the usage of Matomo a cookie will be stored on your device, which enables the software to recognize your browser. The following data will be stored, when visiting the sites of our website.

  • the IP address of the user, shortened by the last two bytes (anonymized)
  • the sub-page called up and the time of the call-up
  • the page from which the user accessed our website (referrer)
  • which browser with which plugins, which operating system and which screen resolution is used
  • the time spent on the website
  • the pages that are accessed from the sub-page called up

Data collected by Matomo will only be stored on our own server. They will not be transfered to third party.

We use this data to analyse the surfing behaviour of users and to obtain information about the use of individual components of the website. This enables us to continuously optimise the website and its user-friendliness.
The legal basis is the consent you have given in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.
By anonymising the IP address, we consider the interest of users in the protection of personal data. The data will never be used to personally identify the user of the website and will not be merged with other data.
Duration of storage: The data is deleted when it is no longer required for our purposes.

7. SalesViewer®

We use SalesViewer® on our website.
With SalesViewer companies could be identified. No personal data will be collected or stored.
https://www.salesviewer.com/de/datenschutzerklaerung

8. Bitrix 24

Our newsletter uses Bitrix24, provider is Bitrix24 Limited, registered in Poseidonos 1, Ledra Business Center, Egkomi, 2406, Nicosia, Cypres („Bitrix24“). Bitrix24 will be used to send out newsletters and analyse the reach. Therefore Bitrix24 processes your e-mail address and other data if necessary. Legal basis of processing data by Bitrix24 is Art. 6 Abs. 1 lit. f GDPR and our legitimate interest for the usability and save newsletter system and to optimize our website.
We will delete data on request or rejection of your consent.
Learn more about how Bitrix24 will process your personal data in the following documents.
https://www.bitrix24.de/privacy and https://www.bitrix24.de/gdpr

9. Digistore

Unsing our website you could order intercultural online-trainings directly.
Payment is processed by Digistore.
By ordering an online training via Digistore you agree to the privacy policy of Digistore.
https://www.digistore24.com/page/privacy/1/de
You could order the intercultural online-trainings by sending us an email or using or contact form, too.

10. Google Maps

This website uses Google Maps from Google to display site plans, map material, terrain data or geographical maps. Provider of this service is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”).
This service records your IP address, which of our Internet pages you have visited and, if applicable, further data required by Google for the provision of the maps (e.g. location data). The information generated is stored on a server in the USA. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of us or Google.
The legal basis for the use of Google Maps is your voluntary consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.

Further information on how Google handles your personal data can be found in Google’s privacy policy:
https://www.google.com/intl/de/policies/privacy/.
The terms of use for Google Maps can be found at: https://www.google.com/intl/de_de/help/terms_maps.html

11. EasyFeedback

Because we are interested in your opinion, we use a tool to ask you for your feedback after a training. Therefore, you will receive an email after the training with a link to the questionnaire. Participation in this survey is voluntary.

Your answers will be anonymised before they will be sent to us. The stored data cannot be assigned to you.

Regardless of whether you participate in the survey or not, your email address will be deleted by us two weeks after the survey is completed.

VI Change of Privacy Settings

You can change your privacy settings at any time. To do so, you will find the “Change privacy settings” link at the bottom of each of our pages.

Last updated on 4.27.2022

+49 (0)711 722 468 44
Cookie Consent with Real Cookie Banner