We are very pleased about your visit to our website and the expressed interest in our offers. The protection of your personal data has a special significance for the management of the International University of Health, Exercise and Sports S.A.. Visiting our web pages is basically possible without your personal data. However, processing of your personal data may be required if you use a special service via the Internet pages. In this case we always get your consent.
We want you to feel safe at all times when you visit our websites, so we assure you that we have taken technical and organizational measures to ensure the highest possible protection of your rights and that we constantly strive to ensure that the legal requirements of both our Employees as well as external service providers. However, web-based services can always present security vulnerabilities, so absolute protection can not be guaranteed. You can also transfer your personal data using other means of communication (for example: by post, by telephone or fax).
The protection of your personal data is in accordance with the Data Protection Regulation, the state and sectoral laws and therefore uses the same terminology that will be explained below for you.
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (‘the data subject’); a natural person is regarded as identifiable, which can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical, physiological , genetic, mental, economic, cultural or social identity of this natural person.
Processing means any process performed with or without the help of automated processes, or any such process associated with personal data such as collecting, collecting, organizing, organizing, storing, adapting or modifying, reading, querying, using, disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.
c) Restriction of processing
Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
Profiling refers to any type of automated processing of personal data that consists in using that personal information to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences To analyze or predict interests, reliability, behavior, whereabouts or location of this natural person.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without additional information being provided, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
The person responsible is any natural or legal person, public authority, body or other body that, alone or in concert with others, decides on the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided for under Union or national law.
g) Third party
A third party is a natural or legal person, public authority, body or body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or processor.
The data subject’s consent shall be deemed to be voluntary in a written, informed and unambiguous manner in the form of a statement or other unambiguous confirmatory act informing the data subject that they consent to the processing of their personal data is.
2. Name and address of the controller
Responsible for the processing within the meaning of the General Data Protection Regulation, as well as the data protection laws of the member states of the European Union and other area-specific laws with data protection character is the:
International University of Health, Exercise and Sports S.A.
50, avenue du Parc des Sports
Phone: +352 288 494-40
3. Name and address of the data protection officer
The external data protection officer of the controller is:
Im MediaPark 4e
Phone: +49 221 921512-782
Fax: +49 221 921512-10
We use so-called cookies on our Internet pages, which enables web-based applications to manage the status of an online visit and to enable smooth navigation between the individual services and content on the website. Cookies are stored on your computer’s hard drive and do no damage there.
A cookie is a small data file that is transferred from the web server to your computer if you browse our pages. A cookie contains only information that we send to your computer – private data can not be read with a cookie. If cookies are accepted by you, we will not have access to your personal information.
Cookies store different information. It is primarily intended to store information about the user during or after his visit to a website. Here are temporary cookies and permanent cookies to distinguish. The former are deleted when the user leaves the website. The latter are also stored after closing the browser. This type of cookie also serves to measure reach and analyze usage patterns. In addition, there are the so-called third-party cookies from other providers than the person responsible, from other providers than the person responsible for the website. This website uses temporary and permanent cookies whose operation we inform you about in this privacy statement.
5. Access data
Every page access stores access data about this process in a log file. In connection with the access, we receive usage data that is temporarily stored for statistical purposes and then deleted. Log data is collected solely for internal purposes and is not forwarded to third parties.
- IP address of the requesting computer,
- date and time of the request,
- desired access method / function from the requesting computer,
- input values (file name, etc.) transmitted by the requesting computer,
- Access status of the web server (file transfer, file not found, command not executed, etc.),
- name of requested file and transferred amount of data,
- URL from which the file was requested / requested.
The stored data is anonymized at the earliest possible date (deletion of the last octet of the IP address) and used only for purposes of identifying and tracking inadmissible attempts to access and access the Web server. A further evaluation, with the exception of statistical purposes in anonymous form, does not take place. These data are not assigned to specific people. Individual user profiles are not made. Without your consent we do not collect any personal data through our websites. The consent given by you to the processing of your data can be revoked at any time with effect for the future. Please note that specific legal provisions may mean that, despite your objection, we must continue to store the data for a period specified by law. Data collected automatically on websites for the purposes of securing web services is processed exclusively within the scope of the EU Data Protection Directive.
6. Collection of inventory data
When using some areas of our website, we ask you as a user to collect some data that can be clearly assigned to your person. This happens when you order information material or apply for a place at university.
In doing so, we only collect the inventory data necessary for the respective purpose, such as:
- Mailing address,
- Phone number,
- Mailing address,
- Email address,
- Consent to the collection and processing of personal data.
When applying for a degree program additionally:
- Phone number,
- Date of birth,
- Type of university entrance qualification,
- Information on the type of educational background (vocational training, study).
Which information is actually required results from the respective input mask. The data is always encrypted. Data that you voluntarily submit to us in the areas of “Request for information material” and “Apply online” is processed, among other things, using the Salesforce CRM solution. Hosting this solution is also outside the scope of the EU Data Protection Directive. Due to contractual obligations of the supplier, which go beyond the minimum requirements of the self-obligation according to Safe Harbor and presented proof of test (see also: trust.salesforce.com/trust) an appropriate level of protection has been proven. The data collected will be used only for the purposes of International University of Health, Exercise and Sports S.A. used. A transfer is made only to the chosen shipping service provider, who in turn uses the personal data only to fulfill the contract. By registering the access data provided by the provider, such as the assigned IP address, the date and time of registration are logged in order to prevent misuse of our services and to clarify possible crimes. Any further transmission of data will not take place unless there is a legal obligation.
The registration on our website is always voluntary and only to offer services that only inevitably make a registration necessary. Any registered person may at any time modify or completely delete the data in question, unless there is no legal obligation to keep records. In addition, we provide information on the stored data on request. In this respect, our data protection officer is at your disposal.
Consent to the receipt of advertising by email and / or telephone: If you have expressly consented to the receipt of advertising by email and / or telephone, we will store your entered data, e.g. Your email address as well as your first name and last name and use this data exclusively for sending information about courses, events, opinion polls, competitions of companies from the COGNOS education group (these include, inter alia, the Hochschule Fresenius gem. GmbH, the Carl Remigius Medical School gem. GmbH, the AMD Akademie Mode & Design GmbH, the Ludwig Fresenius Schulen GmbH, Thalamus Schulen GmbH, mentor Personal- und Organisationsentwicklung GmbH, LUNEX The International University of Health, Exercise & Sports S.A.) and our cooperation partners from the education sector. For the receipt of advertisement by email the indication of your email address is sufficient. The data you provide will be used solely for marketing, advertising and to a limited extent for your own market research purposes. If necessary, subscribers can also be informed of circumstances that are relevant to the service or the registration (eg changes to the email or technical conditions).
For the effective registration we need a valid email address. In order to verify that an application is actually made by the owner of an email address, we use the “Double opt-in” procedure. For this, we record the consent to receive advertising by email and / or telephone, the dispatch of a confirmation email and the receipt of the requested response. Further data is not collected. The emails are sent by a shipping service provider on the basis of our legitimate interests in accordance with Art. 6 (1) lit. 1 f GDPR and a contract processing contract pursuant to Art. 28 (3) sentence 1 GDPR. The shipping service provider may use the data and metadata to optimize the services and for statistical purposes in a pseudonymised manner. However, the shipping service does not use your information to write to you on your behalf or to share it with third parties. You can unsubscribe from the mailing list at any time and / or terminate the transfer in accordance with your consent. Just send us an email to email@example.com. You will then receive a confirmation email regarding the revocation in the receipt of advertising.
8. Contact via the website
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. It will not be passed on to third parties. If this is still necessary to process your request, we would ask for it from you prior to disclosure.
9. Deletion and blocking of personal data
We only process and store your personal data for as long as the storage purpose requires it or as provided for in the regulations of the European directives and / or regulations. After elimination of the purpose of storage or periods of storage provided for in European directives and / or regulations, the data is routinely deleted. The duration of the storage corresponds to the respectively valid legal retention periods. Your data will be routinely deleted after the deadline, unless they are still required to fulfill or initiate the contract.
10. Rights of data subjects
a) Right to information
You have a right to know if a controller is processing your personal information. As far as this is the case, you continue to have a right to information about the circumstances of the data processing. This right to information extends to the particular data, the purposes of the processing, the categories of personal data being processed and the recipients to whom the data has been transferred or disclosed. In addition, on the planned duration of the storage, the origin of the data, as far as these were not collected from you and the existence of an automated decision-making including profiling. In addition, the right to information includes a right to information on the existence of a right to rectification or deletion of personal data and a right to information about the existence of a right to complain to a supervisory authority.
b) Right to erasure
You have the right of the person responsible to request the immediate deletion of your personal data, if the following reasons are present and the processing is not required:
- The purpose of collecting or processing the data has been eliminated or the data is no longer required.
- You have exercised your right to object to the data processing.
- You have revoked your consent to data processing and there is a lack of a legal basis for data processing now.
- The deletion was due to a legal obligation.
- The processing of the data was illegal.
c) Data transferability
You have the right to receive personal data relating to you provided to us as a controller in a structured, common and machine-readable format, and you have the right to transfer that data to another controller without hindrance to inform the controller to whom the data was provided. This right should exist if automated data processing was used to execute a contract or based on consent. The claim also includes the right to have the data transmitted directly from one controller to another controller for as far as technically feasible.
d) Right to object
The right of objection on the one hand includes the possibility of objecting to the processing of one’s own data for advertising purposes. In addition, if there are special reasons, an originally lawful data processing for other purposes may be objected to.
e) Right to restriction of processing
You may have the right to restrict processing if certain conditions exist that your personal data are blocked at the controller and thus not further processed. Thus, the blocking may be required for the duration of the investigation, if the correctness of the stored data is disputed.
f) Right to rectification
The right of rectification includes your right as an affected person to demand from us, as the person responsible without delay, the correction of any incorrect personal data concerning you.
11. Legal basis of processing
For most of the processing operations, we obtain your consent to them. Then Art. 6 I lit. a and Art. 7 GDPR as the basis for processing operations. In some cases, the processing may also be required to fulfill the contract or to initiate the contractual relationship, in particular the delivery of the information material requested by you and the application for a place to study. In this case the legal basis of the processing is Art. 6 I lit. b GDPR. If the processing of data is required due to legal obligations, for example in the case of tax information requests, the processing is based on Art. 6 I lit. c GDPR. The processing of data may also be necessary for the protection of vital interests of affected or other natural persons. The legal basis in this case would then be Art. 6 I lit. d GDPR. If none of these allowances are met, the processing may also be subject to Art. 6 I lit. f GDPR be supported. This may be the case if the processing is necessary to safeguard the legitimate interests of our company or third parties, and provided that the interests, fundamental rights and fundamental freedoms of us as the controller do not prevail. A legitimate interest is, for example, the performance of our business activities to protect the interests of our employees and shareholders. We also consider the tracking of user behavior by cookies in the context of advertising, which do not concern sensitive data and have no personal reference as a legitimate interest.
12. Transfers to third countries
When we process data in a third country (ie in a country outside the European Union or the European Economic Area), or in the context of the use of third party services or disclosure, or transmission of data to third parties, this is done exclusively for the purpose of fulfilling contractual obligations or the initiation of an agreement, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. We process, transmit or have data processed only in a third country if the requirements of Art. 44 et seq. GDPR are met. The processing is e.g. on the basis of specific guarantees, such as the establishment of a level comparable to the EU standard (eg “privacy shields”), the observance of officially recognized contractual obligations or the submission of test certificates that recognize another recognized (via the “safe harbor” commitment level of protection) (see also the extended requirements of the “Düsseldorfer Kreis“).
13. Cooperation with contract processors and third parties
If, during our processing, we disclose, transmit to, or otherwise provide access to other persons and companies (processors, affiliates of the COGNOS Group or third parties), this is always done on the basis of a legal permission (eg the transmission of the payment data to the responsible company within the group of companies for the fulfillment of the contract is necessary or if for the sending of the study material requested by you a passing on of the address data to the dispatching service takes place, in accordance with kind 6 paragraph 1 letter b GDPR), one Consent, a legal obligation, on the basis of a legitimate interest or a data processing on behalf in accordance with Art. 28 GDPR.
14. SSL encryption
To protect the security of your data during transmission, we use state-of-the-art encryption procedures over HTTPS.
The hosting services we use are designed to provide the following services: Platform Services, Computing Capacity, Storage Space, Database Services Security Settings and the technical service and maintenance required to operate the Online Service. We or our hosting provider process this on the basis of our legitimate interest in the provision of our online presence in accordance with Art. 6 para. 1 lit. f GDPR i.V.m. Art. 28 GDPR Inventory, contact, usage, contract data as well as meta and communication data of interested parties, applicants, students and visitors of our website.
16. Analyzes, market and opinion research
We analyze our database for business transactions, contracts, inquiries about market trends, to be able to recognize customer and user requirements and to make our operation economical. In doing so, we process inventory, contact, usage, contract data as well as meta and communication data of interested parties, applicants, students and visitors of our website on the basis of our legitimate interest in maintaining and optimizing our business according to Art. 6 para. 1 lit. f GDPR. Such analyzes are carried out for the purpose of business analysis, marketing and sales, as well as market research. These analyzes serve to optimize our offer, increase usability and optimize our business operations. The analyzes and profiles are carried out anonymously if possible and not passed on to third parties.
We use Google Analytics based on our legitimate interests in the analysis and optimization of our marketing activities and thus also economic interests within the meaning of Art. 6 para. 1 lit. f. GDPR. We consider the economic interest in the optimization of marketing activities to be a legitimate interest. We have taken measures to make weighing up the interests in favor of the person responsible as a less invasive measure. We believe that this can increase user-friendliness. For example, we have concluded a contract processing agreement with Google pursuant to Art. 28 GDPR. In the variant chosen by us the personal data of the users are deleted or anonymized after 14 months. In addition, we have activated the IP anonymization anonymize.ip. This truncates the last octet of your IP address from Google within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and then shortened there. Google is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European data protection standards.
Our websites use the online advertising program “Google AdWords”. This is an analysis service provided by Google Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. This internet advertising service allows ads to appear in the search engine results and in the Google advertising network. In this case, predefined keywords can be determined in advance and cause a display of a display in the search engine results as soon as a user enters this particular keyword. The advertisements are distributed by means of an automatic algorithm on the relevant internet pages. The purpose of this data processing is the placement of interest-relevant advertising on third-party websites and in Google’s search engine results. If you reach our website via a google ad, a conversion cookie will be stored on the person’s computer. However, this automatically expires after 30 days and does not serve to identify the person. Unless the cookie has expired, it will be tracked to see if certain subpages of our website have been accessed. Google uses the cookie to create visitor statistics that we can use to measure the success of certain AdWords ads. However, neither we nor any other person receives information that enables us to identify certain individuals.
You can permanently prevent the setting of cookies by means of a corresponding setting of your Internet browser. In this way, already set cookies can be deleted. You can make this deactivation, for example, via http://optout.aboutads.info/?c=2#!/.
Our sites use Google Tag Manager to manage web site tags through a single interface. The Google Tag Manager Tool does not collect any personally identifiable information, it’s a cookie-less domain that implements the tags. By measuring user behavior and traffic, social media and online reach, tags enable users to identify and target audiences, and to optimize content accordingly. We use the tags Google Analytics, Bing Ads and Double Click. If you have deactivated these domains and / or cookies, this deactivation remains unaffected by the Tag Manager.
We have integrated the social media buttons of the following companies on our website:
a) Facebook Like / Share
Social Network Operator: Facebook Inc., 1601 South California Avenue, Palo Alto, California 94304, United States
b) Google+ button
Social Network Operator: Google Inc., 1600 Amphitheater Parkway Mountain View, California 94043, USA
c) Twitter Tweet button
Social Network Operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, California 94107, United States
d) Instagram social plugin
Social Network Operator: Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA
e) YouTube social plugin
Social Network Operator: YouTube LLC, 901 Cherry Ave., San Bruno, California 94066, USA
f) LinkedIn social plugin
Social network operator: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, United States