Data Protection

We are very pleased about your visit to our website and the expressed interest in our offers. The protection of your personal data has a special significance for the management of the International University of Health, Exercise and Sports S.A.. Visiting our web pages is basically possible without your personal data. However, processing of your personal data may be required if you use a special service via the Internet pages. In this case we always get your consent.

We always process your personal data confidentially and in accordance with the statutory provisions, in particular the EU General Data Protection Regulation, together with the applicable national data protection regulations and this privacy policy.

We want you to feel safe at all times when you visit our websites, so we assure you that we have taken technical and organizational measures to ensure the highest possible protection of your rights and that we constantly strive to ensure that the legal requirements of both our Employees as well as external service providers. However, web-based services can always present security vulnerabilities, so absolute protection can not be guaranteed. You can also transfer your personal data using other means of communication (for example: by post, by telephone or fax).

1. Definitions

The protection of your personal data is in accordance with the Data Protection Regulation, the state and sectoral laws and therefore uses the same terminology that will be explained below for you.

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (‘the data subject’); a natural person is regarded as identifiable, which can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical, physiological , genetic, mental, economic, cultural or social identity of this natural person.

b) Processing

Processing means any process performed with or without the help of automated processes, or any such process associated with personal data such as collecting, collecting, organizing, organizing, storing, adapting or modifying, reading, querying, using, disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.

c) Restriction of processing

Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.

d) Profiling

Profiling refers to any type of automated processing of personal data that consists in using that personal information to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences To analyze or predict interests, reliability, behavior, whereabouts or location of this natural person.

e) Pseudonymization

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without additional information being provided, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.

f) Responsible

The person responsible is any natural or legal person, public authority, body or other body that, alone or in concert with others, decides on the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided for under Union or national law.

g) Third party

A third party is a natural or legal person, public authority, body or body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or processor.

h) Consent

The data subject’s consent shall be deemed to be voluntary in a written, informed and unambiguous manner in the form of a statement or other unambiguous confirmatory act informing the data subject that they consent to the processing of their personal data is.

2. Name and address of the controller

Responsible for the processing within the meaning of the General Data Protection Regulation, as well as the data protection laws of the member states of the European Union and other area-specific laws with data protection character is the:

International University of Health, Exercise and Sports S.A.

50, avenue du Parc des Sports
L-4671 Differdange
Phone: +352 288 494-40


3. Name and address of the data protection officer

The external data protection officer of the controller is:

Denise Schleip
Im MediaPark 4e
50670 Cologne
Phone: +49 221 921512-782
Fax: +49 221 921512-10

Your trust and the protection of your data are important to us. Therefore, we would like to be available at any time for your questions concerning data protection and the processing of your data. If you wish to receive more detailed information about this privacy policy or suggestions, you can always contact us.

4. Cookies

We use so-called cookies on our Internet pages, which enables web-based applications to manage the status of an online visit and to enable smooth navigation between the individual services and content on the website. Cookies are stored on your computer’s hard drive and do no damage there.

A cookie is a small data file that is transferred from the web server to your computer if you browse our pages. A cookie contains only information that we send to your computer – private data can not be read with a cookie. If cookies are accepted by you, we will not have access to your personal information.

Cookies store different information. It is primarily intended to store information about the user during or after his visit to a website. Here are temporary cookies and permanent cookies to distinguish. The former are deleted when the user leaves the website. The latter are also stored after closing the browser. This type of cookie also serves to measure reach and analyze usage patterns. In addition, there are the so-called third-party cookies from other providers than the person responsible, from other providers than the person responsible for the website. This website uses temporary and permanent cookies whose operation we inform you about in this privacy statement.

Most browsers accept cookies by default. If you want to prevent the use of cookies, we ask you to disable the default setting in your browser. Saved persistent cookies can also be deleted in this way. In order to deactivate the setting of cookies for the purpose of online marketing, you can do so via the page If cookies are banned, certain features on our pages may not be available and some web pages may not be displayed correctly.

5. Access data

Every page access stores access data about this process in a log file. In connection with the access, we receive usage data that is temporarily stored for statistical purposes and then deleted. Log data is collected solely for internal purposes and is not forwarded to third parties.

These include:

  • IP address of the requesting computer,
  • date and time of the request,
  • desired access method / function from the requesting computer,
  • input values (file name, etc.) transmitted by the requesting computer,
  • Access status of the web server (file transfer, file not found, command not executed, etc.),
  • name of requested file and transferred amount of data,
  • URL from which the file was requested / requested.

The stored data is anonymized at the earliest possible date (deletion of the last octet of the IP address) and used only for purposes of identifying and tracking inadmissible attempts to access and access the Web server. A further evaluation, with the exception of statistical purposes in anonymous form, does not take place. These data are not assigned to specific people. Individual user profiles are not made. Without your consent we do not collect any personal data through our websites. The consent given by you to the processing of your data can be revoked at any time with effect for the future. Please note that specific legal provisions may mean that, despite your objection, we must continue to store the data for a period specified by law. Data collected automatically on websites for the purposes of securing web services is processed exclusively within the scope of the EU Data Protection Directive.

6. Collection of inventory data

When using some areas of our website, we ask you as a user to collect some data that can be clearly assigned to your person. This happens when you order information material or apply for a place at university.

In doing so, we only collect the inventory data necessary for the respective purpose, such as:

  • Name,
  • Mailing address,
  • Phone number,
  • Mailing address,
  • Email address,
  • Consent to the collection and processing of personal data.

When applying for a degree program additionally:

  • Phone number,
  • Nationality,
  • Date of birth,
  • Type of university entrance qualification,
  • Information on the type of educational background (vocational training, study).

Which information is actually required results from the respective input mask. The data is always encrypted. Data that you voluntarily submit to us in the areas of “Request for information material” and “Apply online” is processed, among other things, using the Salesforce CRM solution. Hosting this solution is also outside the scope of the EU Data Protection Directive. Due to contractual obligations of the supplier, which go beyond the minimum requirements of the self-obligation according to Safe Harbor and presented proof of test (see also: an appropriate level of protection has been proven. The data collected will be used only for the purposes of International University of Health, Exercise and Sports S.A. used. A transfer is made only to the chosen shipping service provider, who in turn uses the personal data only to fulfill the contract. By registering the access data provided by the provider, such as the assigned IP address, the date and time of registration are logged in order to prevent misuse of our services and to clarify possible crimes. Any further transmission of data will not take place unless there is a legal obligation.

The registration on our website is always voluntary and only to offer services that only inevitably make a registration necessary. Any registered person may at any time modify or completely delete the data in question, unless there is no legal obligation to keep records. In addition, we provide information on the stored data on request. In this respect, our data protection officer is at your disposal.

7. Newsletter

Consent to the receipt of advertising by email and / or telephone: If you have expressly consented to the receipt of advertising by email and / or telephone, we will store your entered data, e.g. Your email address as well as your first name and last name and use this data exclusively for sending information about courses, events, opinion polls, competitions of companies from the COGNOS education group (these include, inter alia, the Hochschule Fresenius gem. GmbH, the Carl Remigius Medical School gem. GmbH, the AMD Akademie Mode & Design GmbH, the Ludwig Fresenius Schulen GmbH, Thalamus Schulen GmbH, mentor Personal- und Organisationsentwicklung GmbH, LUNEX The International University of Health, Exercise & Sports S.A.) and our cooperation partners from the education sector. For the receipt of advertisement by email the indication of your email address is sufficient. The data you provide will be used solely for marketing, advertising and to a limited extent for your own market research purposes. If necessary, subscribers can also be informed of circumstances that are relevant to the service or the registration (eg changes to the email or technical conditions).

For the effective registration we need a valid email address. In order to verify that an application is actually made by the owner of an email address, we use the “Double opt-in” procedure. For this, we record the consent to receive advertising by email and / or telephone, the dispatch of a confirmation email and the receipt of the requested response. Further data is not collected. The emails are sent by a shipping service provider on the basis of our legitimate interests in accordance with Art. 6 (1) lit. 1 f GDPR and a contract processing contract pursuant to Art. 28 (3) sentence 1 GDPR. The shipping service provider may use the data and metadata to optimize the services and for statistical purposes in a pseudonymised manner. However, the shipping service does not use your information to write to you on your behalf or to share it with third parties. You can unsubscribe from the mailing list at any time and / or terminate the transfer in accordance with your consent. Just send us an email to You will then receive a confirmation email regarding the revocation in the receipt of advertising.

8. Contact via the website

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. It will not be passed on to third parties. If this is still necessary to process your request, we would ask for it from you prior to disclosure.

9. Deletion and blocking of personal data

We only process and store your personal data for as long as the storage purpose requires it or as provided for in the regulations of the European directives and / or regulations. After elimination of the purpose of storage or periods of storage provided for in European directives and / or regulations, the data is routinely deleted. The duration of the storage corresponds to the respectively valid legal retention periods. Your data will be routinely deleted after the deadline, unless they are still required to fulfill or initiate the contract.

10. Rights of data subjects

a) Right to information

You have a right to know if a controller is processing your personal information. As far as this is the case, you continue to have a right to information about the circumstances of the data processing. This right to information extends to the particular data, the purposes of the processing, the categories of personal data being processed and the recipients to whom the data has been transferred or disclosed. In addition, on the planned duration of the storage, the origin of the data, as far as these were not collected from you and the existence of an automated decision-making including profiling. In addition, the right to information includes a right to information on the existence of a right to rectification or deletion of personal data and a right to information about the existence of a right to complain to a supervisory authority.

b) Right to erasure

You have the right of the person responsible to request the immediate deletion of your personal data, if the following reasons are present and the processing is not required:

  • The purpose of collecting or processing the data has been eliminated or the data is no longer required.
  • You have exercised your right to object to the data processing.
  • You have revoked your consent to data processing and there is a lack of a legal basis for data processing now.
  • The deletion was due to a legal obligation.
  • The processing of the data was illegal.

c) Data transferability

You have the right to receive personal data relating to you provided to us as a controller in a structured, common and machine-readable format, and you have the right to transfer that data to another controller without hindrance to inform the controller to whom the data was provided. This right should exist if automated data processing was used to execute a contract or based on consent. The claim also includes the right to have the data transmitted directly from one controller to another controller for as far as technically feasible.

d) Right to object

The right of objection on the one hand includes the possibility of objecting to the processing of one’s own data for advertising purposes. In addition, if there are special reasons, an originally lawful data processing for other purposes may be objected to.

e) Right to restriction of processing

You may have the right to restrict processing if certain conditions exist that your personal data are blocked at the controller and thus not further processed. Thus, the blocking may be required for the duration of the investigation, if the correctness of the stored data is disputed.

f) Right to rectification

The right of rectification includes your right as an affected person to demand from us, as the person responsible without delay, the correction of any incorrect personal data concerning you.

11. Legal basis of processing

For most of the processing operations, we obtain your consent to them. Then Art. 6 I lit. a and Art. 7 GDPR as the basis for processing operations. In some cases, the processing may also be required to fulfill the contract or to initiate the contractual relationship, in particular the delivery of the information material requested by you and the application for a place to study. In this case the legal basis of the processing is Art. 6 I lit. b GDPR. If the processing of data is required due to legal obligations, for example in the case of tax information requests, the processing is based on Art. 6 I lit. c GDPR. The processing of data may also be necessary for the protection of vital interests of affected or other natural persons. The legal basis in this case would then be Art. 6 I lit. d GDPR. If none of these allowances are met, the processing may also be subject to Art. 6 I lit. f GDPR be supported. This may be the case if the processing is necessary to safeguard the legitimate interests of our company or third parties, and provided that the interests, fundamental rights and fundamental freedoms of us as the controller do not prevail. A legitimate interest is, for example, the performance of our business activities to protect the interests of our employees and shareholders. We also consider the tracking of user behavior by cookies in the context of advertising, which do not concern sensitive data and have no personal reference as a legitimate interest.

12. Transfers to third countries

When we process data in a third country (ie in a country outside the European Union or the European Economic Area), or in the context of the use of third party services or disclosure, or transmission of data to third parties, this is done exclusively for the purpose of fulfilling contractual obligations or the initiation of an agreement, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. We process, transmit or have data processed only in a third country if the requirements of Art. 44 et seq. GDPR are met. The processing is e.g. on the basis of specific guarantees, such as the establishment of a level comparable to the EU standard (eg “privacy shields”), the observance of officially recognized contractual obligations or the submission of test certificates that recognize another recognized (via the “safe harbor” commitment level of protection) (see also the extended requirements of the “Düsseldorfer Kreis“).

13. Cooperation with contract processors and third parties

If, during our processing, we disclose, transmit to, or otherwise provide access to other persons and companies (processors, affiliates of the COGNOS Group or third parties), this is always done on the basis of a legal permission (eg the transmission of the payment data to the responsible company within the group of companies for the fulfillment of the contract is necessary or if for the sending of the study material requested by you a passing on of the address data to the dispatching service takes place, in accordance with kind 6 paragraph 1 letter b GDPR), one Consent, a legal obligation, on the basis of a legitimate interest or a data processing on behalf in accordance with Art. 28 GDPR.

14. SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption procedures over HTTPS.

15. Hosting

The hosting services we use are designed to provide the following services: Platform Services, Computing Capacity, Storage Space, Database Services Security Settings and the technical service and maintenance required to operate the Online Service. We or our hosting provider process this on the basis of our legitimate interest in the provision of our online presence in accordance with Art. 6 para. 1 lit. f GDPR i.V.m. Art. 28 GDPR Inventory, contact, usage, contract data as well as meta and communication data of interested parties, applicants, students and visitors of our website.

16. Analyzes, market and opinion research

We analyze our database for business transactions, contracts, inquiries about market trends, to be able to recognize customer and user requirements and to make our operation economical. In doing so, we process inventory, contact, usage, contract data as well as meta and communication data of interested parties, applicants, students and visitors of our website on the basis of our legitimate interest in maintaining and optimizing our business according to Art. 6 para. 1 lit. f GDPR. Such analyzes are carried out for the purpose of business analysis, marketing and sales, as well as market research. These analyzes serve to optimize our offer, increase usability and optimize our business operations. The analyzes and profiles are carried out anonymously if possible and not passed on to third parties.

17. Privacy Policy Google Analytics

This website uses features of the Google Analytics web analytics service provided by Google Inc. 1600 Amphitheater Parkway Mountain View, CA 94043, USA. Google Analytics uses cookies that are stored on your computer and that allow an analysis of the use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google, on behalf of the operator of this website, uses this information to evaluate the use of the website, to compile reports on the activities of the website and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.

We use Google Analytics based on our legitimate interests in the analysis and optimization of our marketing activities and thus also economic interests within the meaning of Art. 6 para. 1 lit. f. GDPR. We consider the economic interest in the optimization of marketing activities to be a legitimate interest. We have taken measures to make weighing up the interests in favor of the person responsible as a less invasive measure. We believe that this can increase user-friendliness. For example, we have concluded a contract processing agreement with Google pursuant to Art. 28 GDPR. In the variant chosen by us the personal data of the users are deleted or anonymized after 14 months. In addition, we have activated the IP anonymization anonymize.ip. This truncates the last octet of your IP address from Google within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and then shortened there. Google is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European data protection standards.

You can prevent the storage of cookies by a corresponding setting of your browser software. In this case, you may not be able to use all features of this website in full. You may also prevent the collection of data generated by the cookie and related to your use of the website including your IP address to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: Please note that you can not delete the opt-out cookies as long as you do not want to record measurement data. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again. For more information about how Google handles data and how it works, please read the Google Privacy Policy and Google Ads Ads Settings:

18. Privacy Policy Google AdWords Conversion Tracking

Our websites use the online advertising program “Google AdWords”. This is an analysis service provided by Google Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. This internet advertising service allows ads to appear in the search engine results and in the Google advertising network. In this case, predefined keywords can be determined in advance and cause a display of a display in the search engine results as soon as a user enters this particular keyword. The advertisements are distributed by means of an automatic algorithm on the relevant internet pages. The purpose of this data processing is the placement of interest-relevant advertising on third-party websites and in Google’s search engine results. If you reach our website via a google ad, a conversion cookie will be stored on the person’s computer. However, this automatically expires after 30 days and does not serve to identify the person. Unless the cookie has expired, it will be tracked to see if certain subpages of our website have been accessed. Google uses the cookie to create visitor statistics that we can use to measure the success of certain AdWords ads. However, neither we nor any other person receives information that enables us to identify certain individuals.

We use Google AdWords Conversion Tracking based on our legitimate interests in the analysis and optimization of our marketing activities and thus also economic interests within the meaning of Art. 6 para. 1 lit. f. GDPR. We only use cookies in the context of advertising, which do not concern sensitive data and do not suggest any personal reference for us. The display of any targeted advertising and its measurement is usually transparent to the persons concerned. Due to the lack of personal reference your interests worthy of protection are taken into account, so that the balance in favor of the person in charge fails.

You can permanently prevent the setting of cookies by means of a corresponding setting of your Internet browser. In this way, already set cookies can be deleted. You can make this deactivation, for example, via!/.

In addition, interest-based advertising by Google may be contravened. More information on this and the privacy policy of Google can be found here:

19. Privacy Policy Google Tag Manager

Our sites use Google Tag Manager to manage web site tags through a single interface. The Google Tag Manager Tool does not collect any personally identifiable information, it’s a cookie-less domain that implements the tags. By measuring user behavior and traffic, social media and online reach, tags enable users to identify and target audiences, and to optimize content accordingly. We use the tags Google Analytics, Bing Ads and Double Click. If you have deactivated these domains and / or cookies, this deactivation remains unaffected by the Tag Manager.

20. Privacy Policy for the Use of Social Plugins

On our websites social plugins of different social networks are integrated. These allow you to bookmark these pages and share content with other participants. You can recognize them by the logos that can be viewed on the social networking websites. To protect your data, we rely on the solution “Shariff” in the implementation. As a result, these buttons are integrated on the website only as a graphic that contains a link to the corresponding website of the button provider. By clicking on the graphic you will be redirected to the services of the respective provider. Only then will your data be sent to the respective provider. Unless you click on the graphic, there will be no exchange between you and the providers of the social media buttons. Information about the collection and use of your data in the social networks can be found in the respective terms of use of the respective providers. More information about the Shariff solution can be found here:

We have integrated the social media buttons of the following companies on our website:

a) Facebook Like / Share

Social Network Operator: Facebook Inc., 1601 South California Avenue, Palo Alto, California 94304, United States
Privacy Policy Facebook:

b) Google+ button

Social Network Operator: Google Inc., 1600 Amphitheater Parkway Mountain View, California 94043, USA
Privacy Policy Google+:

c) Twitter Tweet button

Social Network Operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, California 94107, United States
Privacy Policy Twitter:

d) Instagram social plugin

Social Network Operator: Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA
Privacy Policy Instagram:

e) YouTube social plugin

Social Network Operator: YouTube LLC, 901 Cherry Ave., San Bruno, California 94066, USA
Privacy Policy YouTube:

f) LinkedIn social plugin

Social network operator: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, United States
Privacy Policy LinkedIn:

21. Google Maps

Our site has integrated the Google Maps API service, a Google application (Google Inc., 1600 Amphitheater Parkway, Mountain View, California, 94043, US), to visually display geographic information. When using Google Maps, data on the use of the Maps functions by visitors to the websites are also collected, processed and used. This processed data may include IP addresses and location data. For more information about Google’s data processing, please refer to Google’s Privacy Policy, which can be found at However, this information will not be collected without your consent, and it will periodically appear in your mobile device settings. If necessary, your data will also be transmitted to the USA. By certification to the EU-U.S. Privacy Shield Framework guarantees Google compliance with data protection standards similar to EU data protection regulations.
You can prevent the use of your data through settings at this address: