Zuletzt aktualtisiert am: 16 Aug 2024
This privacy policy informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the associated websites, functions and content as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”). With regard to the terminology used, such as “processing” or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Controller Studeez GmbH, Papierfabrik 9, 57072 Siegen
represented by the Managing Director: Ahmad El-Ali
– Master data (e.g., names, addresses). – Contact data (e.g., email, telephone numbers). – Content data (e.g., text entries, photographs, videos). – Usage data (e.g. interest in content, access times, functions used). – Meta-/communication data (e.g., device information, IP addresses).
Visitors and users of the online offering (hereinafter we also refer to the affected persons collectively as “users”).
– Provision of the online offering, its functions and content. – Answering contact requests and communication with users. – Security measures. – Reach measurement/Marketing
“Personal data” means all information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
In accordance with Art. 13 GDPR, we inform you of the legal bases of our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual measures as well as answering inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, transmission, ensuring availability and their separation. Furthermore, we have established procedures that ensure the perception of data subject rights, deletion of data and responses to data threats. Furthermore, we take the protection of personal data into account already during the development or selection of hardware, software and procedures, according to the principle of data protection by design and by data protection-friendly default settings (Art. 25 GDPR).
If we disclose data to other persons and companies (processors or third parties), transmit them to these or otherwise grant access to the data within the scope of our processing, this is only done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, according to Art. 6 para. 1 lit. b GDPR is necessary for contract fulfillment), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “data processing agreement”, this is done on the basis of Art. 28 GDPR.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this happens within the framework of the use of third party services or disclosure, or transmission of data to third parties, this only happens if it is to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special requirements of Art. 44 ff. GDPR. That is, the processing takes place e.g. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
You have the right to request confirmation as to whether relevant data is being processed and to information about this data as well as to further information and copy of the data in accordance with Art. 15 GDPR.
You have in accordance with Art. 16 GDPR the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
You have in accordance with Art. 17 GDPR the right to request that relevant data be deleted immediately, or alternatively in accordance with Art. 18 GDPR a restriction of the processing of the data.
You have the right to request that the data concerning you, which you have provided to us in accordance with Art. 20 GDPR, and to demand their transmission to other controllers.
You also have in accordance with Art. 77 GDPR the right to file a complaint with the competent supervisory authority.
You have the right to withdraw consents given in accordance with Art. 7 para. 3 GDPR with effect for the future.
You can object to the future processing of the data concerning you in accordance with Art. 21 GDPR at any time. The objection can in particular be made against processing for direct marketing purposes.
We use external payment service providers, via whose platforms users and we can make payment transactions (e.g., each with link to the privacy policy, Google (https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), Apple (https://support.apple.com/en-us/HT203027)
Within the framework of contract fulfillment, we use the payment service providers on the basis of Art. 6 para. 1 lit. b. GDPR. For the rest, we use external payment service providers on the basis of our legitimate interests according to Art. 6 para. 1 lit. f. GDPR in order to offer our users effective and secure payment options.
The data processed by the payment service providers include master data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums as well as the contract, amount and recipient-related information. The information is necessary to carry out the transactions. However, the entered data is only processed by the payment service providers and stored with them. That is, we do not receive any account or credit card related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data is transmitted by the payment service providers to credit agencies. This transmission is intended for identity and credit checks. For this we refer to the terms and conditions and privacy notices of the payment service providers.
For payment transactions, the terms and conditions and the privacy notices of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of withdrawal, information and other data subject rights.
Furthermore, the user is free to provide us with an IBAN in order to pay out any winnings. These payments are made directly by Studeez and not by external payment service providers. The account information is stored encrypted on servers in the EU zone and can be permanently deleted via the Studeez platform at any time.
We process data in the context of administrative tasks as well as organization of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. The processing affects customers, prospects, business partners and website visitors. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information given in these processing activities.
We disclose or transmit data to the financial administration, advisors, such as tax advisors or auditors as well as other fee offices and payment service providers.
Furthermore, we store information about suppliers, organizers and other business partners based on our business interests, e.g. for the purpose of later contact. We generally store this mostly company-related data permanently.
In order to operate our business economically, to recognize market trends, wishes of contracting parties and users, we analyze the data available to us on business transactions, contracts, inquiries, etc. We process master data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. GDPR, whereby the affected persons include contracting parties, prospects, customers, visitors and users of our online offering.
The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we can take into account the profiles of registered users with information, e.g. on their services used. The analyses serve us to increase user-friendliness, optimize our offer and business efficiency. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarized values.
If these analyses or profiles are personal, they will be deleted or anonymized upon termination of the users, otherwise after two years from the conclusion of the contract. Furthermore, the overall business analyses and general trend determinations are created anonymously whenever possible.
We integrate payment services from third-party companies on our website. When you make a purchase with us, your payment data (e.g. name, payment amount, bank account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contractual and data protection provisions of the respective providers apply. The use of payment service providers is based on Art. 6 para. 1 lit. b GDPR (contract processing) as well as in the interest of a payment process that is as smooth, comfortable and secure as possible (Art. 6 para. 1 lit. f GDPR). If your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consents can be withdrawn at any time for the future.
We use the following payment services / payment service providers within this website:
Apple Pay The provider of the payment service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. You can find Apple’s privacy policy at: https://www.apple.com/legal/privacy/en-ww/.
Google Pay The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can find Google’s privacy policy here: https://policies.google.com/privacy.
We use Google Analytics, a web analytics service provided by Google LLC (“Google”) based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f. GDPR). Google uses cookies. The information generated by the cookie about users’ use of the online offering is usually transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offering and to provide us with other services connected with the use of this online offering and the internet usage. In doing so, pseudonymous usage profiles of the users can be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser will not be merged with other data from Google. Users can prevent the storage of cookies by a corresponding setting of their browser software; users can also prevent the collection of the data generated by the cookie and related to their use of the online offering to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
For more information on data usage by Google, settings and objection options, please see Google’s privacy policy (https://policies.google.com/technologies/ads) as well as the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
Users’ personal data will be deleted or anonymized after 14 months.
We use the Google “AdWords” online marketing method to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads for and within our online offering in a more targeted manner, to present users only with ads that potentially correspond to their interests. If a user is shown ads for products that he was interested in on other online offerings, for example, this is called “remarketing”. For these purposes, when our and other websites on which the Google advertising network is active are accessed, a code from Google is immediately executed by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file is stored on the user’s device (instead of cookies, comparable technologies can also be used). This file records which websites the user visited, what content he was interested in and what offers the user clicked on, as well as technical information about the browser and operating system, referring websites, visit time and other information about the use of the online offering.
We also receive an individual “conversion cookie”. The information obtained with the help of the cookie serves Google to create conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page provided with a conversion tracking tag. We do not receive any information that allows users to be personally identified.
Users’ data is processed pseudonymously within the Google advertising network. That is, Google does not store and process, for example, the name or email address of users, but processes the relevant data cookie-related within pseudonymous user profiles. That is, from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google’s servers in the USA.
For more information on data usage by Google, settings and objection options, please see Google’s privacy policy (https://policies.google.com/technologies/ads) as well as the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
We maintain online presences within social networks and platforms in order to communicate with customers, prospects and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.
We use content or service offerings from third-party providers within our online offering based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f GDPR) to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is thus required for the presentation of this content. We endeavour to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offering, as well as be linked with such information from other sources.
We embed videos from the platform “YouTube” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Within our online offering, functions and content of the service LinkedIn, offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, can be integrated. This can include, for example, content such as images, videos or texts and buttons with which users can share content of this online offering within LinkedIn. If the users are members of the platform LinkedIn, LinkedIn can assign the call of the above-mentioned contents and functions to the profiles of the users there. LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Studeez UG (limited liability), Edith-Feder-Str. 22 33611 Bielefeld (hereinafter Studeez), operates the learning platform Studeez in the form of an app that is available for both iOS and Android. Users can upload their individual learning materials on the learning platform and share self-created content, such as flashcards and videos, as well as information with other users. In addition, there is the possibility for users to inform themselves about potential employers and other offers from our advertising partners.
Studeez values your privacy very much and the collection, processing and utilization of user data is in accordance with German data protection guidelines, in particular the Federal Data Protection Act as well as the Telemedia Act and our data protection guidelines.
During registration on the Studeez platform, users must agree to the terms and conditions and the privacy policy. The consent can be withdrawn by anyone if Studeez UG (limited liability) is notified of this by mail to info@studeez.de.
We store the following data and process it on the Studeez platform.
Users are asked to provide personal data during the registration process. Users provide the following data during the registration process: username, email address, password, university, modules currently being learned.
The username and university may be visible to others as part of community features.
News and changes to Studeez policies are communicated to our users via email. In addition, users are informed via email about selected offers from advertising partners. Users have the opportunity at any time to unsubscribe from the Studeez newsletter and other offers by sending an email to info@studeez.de.
The following information may be recorded by your device:
The IP address of your device (collected and stored in an anonymized format) Your email address including your username, provided you have made it available to us via our app
Screen size of your device Device type and device ID Geographic location (only the country) The preferred language to display our app User interactions User interactions (movement, position and clicks) Keyboard inputs
Platform content describes uploaded documents, posts and comments on the Studeez platform. Studeez will pass on individual platform content to third parties for advertising purposes. Furthermore, these can be accessed by other users.
Studeez uses data to operate the platform and provide all functionalities. Data usage is carried out by Studeez UG (limited liability) a) Emails: Studeez uses the email addresses of its usage to send newsletters that contain offers from the Studeez platform and corresponding advertising partners. Users can unsubscribe from the newsletter at any time. b) Usage data: User data is used by Studeez to improve the Studeez platform. Studeez reserves the right to evaluate user data for comparison of learning time and progress. Users have the option to delete their user account at any time with a contact request via the in-app support chat. After deletion, there is the possibility that the user account continues to exist for several days for technical reasons. Studeez strives to delete as quickly as possible
There are external links on the Studeez platform over which Studeez has no influence. Studeez assumes no liability and no responsibility for links to third-party websites.
Studeez protects the privacy of its users. In principle, personal data is not passed on to third parties. If necessary for the operation of the platform, data is passed on to third-party providers, especially for the provision of the user experience. This could be the case, for example, if links are made to third-party platforms or content and services from third parties have been integrated into the Studeez platform.
Studeez reserves the right to change the privacy policy at any time without notice. The current version can be accessed via the platform and users are informed about changes by email. In addition, the user is automatically informed about the changes at the first login after the privacy change.
If the user does not object within 2 weeks after being informed of the change, this will be considered as consent to the changed privacy policy. Studeez will inform users about the consent periods. If new consents are required, Studeez will obtain permission beforehand.
