Emerald Global Education GmbH Privacy Notice for the website www.worldofstudents.org
For the privacy information for the Virtual Fair and Free Study Abroad Counseling, please scroll to the bottom of the document to our “Appendix to Specific Privacy Information”.
1. Name and address of the responsible person
The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
2. Name and address of the data protection officer
Currently, there is no obligation for the responsible party to appoint a data protection officer. If you have any questions regarding data protection, you can contact us at any time using the contact details provided above.
The data protection notice of Emerald Global Education GmbH is based on the defined terms of the General Data Protection Regulation (DSGVO). Our data protection notice should be easy to read and understand. To ensure this, we explain the terms used in advance:
3.1 Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3.2 Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3.4 Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
3.7 Controller or person responsible for processing
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive Personal Data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients.
3.10 Third Party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
Consent is any expression of will in the form of a statement or other unambiguous affirmative act, given voluntarily by the data subject for the specific case in an informed manner and in an unambiguous manner, by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
4. General information on data processing; legal basis, purposes of processing, duration of storage, objection and possibility of elimination
4.1 General information on the legal bases
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.
4.2 General information on data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the previously mentioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
4.3 General information on processing on our website
Data protection, data security and protection of secrets have a high priority for Emerald Global Education GmbH (hereinafter also referred to as EGEG). The permanent protection of your personal data, your company data and your company secrets is particularly important to us.
In principle, you can visit our website without providing any personal information. However, if you make use of our company’s services via our website, this makes it necessary to provide your personal data. As a rule, we use the data provided by you and collected by the website and stored during use exclusively for our own purposes, namely for the implementation and provision of our website and the initiation, implementation and processing of the services/offers offered via the website (contract fulfillment) and do not pass them on to outside third parties, unless there is an officially ordered obligation to do so. In all other cases, we obtain your separate consent.
Your personal data is processed in accordance with the requirements of the General Data Protection Regulation and in compliance with the country-specific data protection provisions applicable to Emerald Global Education GmbH. By means of this data protection notice, we would like to inform you about the type, scope and purpose of the personal data we process. Furthermore, we inform you about your rights by means of this data protection notice.
Emerald Global Education GmbH has implemented technical and organizational measures to ensure an adequate level of protection for the personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that no absolute protection can be guaranteed.
5. Collection of general data and information
The website of Emerald Global Education GmbH collects a series of general data and information with each call-up of the website by a data subject or automated system. This general data and information is stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
When using these general data and information, Emerald Global Education GmbH does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website and the advertising for these, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Therefore, the Emerald Global Education GmbH analyzes anonymously collected data and information on one hand, and on the other hand, with the aim of increasing the data protection and data security of our enterprise, and ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.
6. Contact form; e-mail contact, fax and telephone contact.
Our website contains a contact/information form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:
* Mandatory data
At the time of sending the message, the following data is also stored:
- The IP address of the user
- Date and time of sending
Contact information is also stored on our website. It is possible to contact us via the e-mail address, telephone or fax number provided. If you contact us via one of these options, the personal data you send to us will be stored automatically (e-mail, fax) or recorded by us and stored manually.
In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation or the processing of your request.
On our website you have the possibility to register for our newsletter. After successful registration, you will receive regular emails, e.g. with information on promotional products. The newsletter is sent based on your registration on the website by way of the double opt-in process. When you register for the newsletter, we use the following data from the input mask:
- Your name
- Your e-mail address
In addition, the following data is collected during registration:
- IP address of the calling computer
- Date and time of registration
For the processing of the data, your consent is obtained during the registration process by means of double opt-in and reference is made to this data protection notice.
8. Data protection for applications and in the application process at Emerald Global Education GmbH.
We collect and process personal data from applicants for the purpose of handling the application process. The processing may also take place electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail. If we conclude an employment contract with you as an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests of the data controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
Description and scope of data processing
The following data is stored and transmitted in the cookies:
- Language settings
- Log-in information
In this way, the following data can be transmitted:
- Search terms entered
- Frequency of page views
- Use of website functions
The user data collected in this way is pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users.
Under the following links you can find out how to deactivate cookies in the most important browsers:
- Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Chrome browser: https://support.google.com/accounts/answer/61416?hl=de
- Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
10. Use of Google Analytics
We have integrated the Google Analytics component (with anonymization function) on this website. The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google Analytics is a web analysis service. Web analytics is the collection, compilation and analysis of data about the behavior of visitors to websites. The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services related to the use of our website.
Google Analytics sets a cookie on the information technology system of the data subject. By setting the cookie, Google is enabled to analyze the use of our website. By each call of one of the individual pages of this website, which is operated by us and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission calculations.
By means of the cookie, personal information, for example the access time, the location from which an access originated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.
We use the addition “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this add-on, the IP address of the Internet connection of the person concerned is shortened and anonymized by Google if access to our website is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
We obtain your consent for the operation of Google Analytics on this website. You can revoke your consent at any time by changing your cookie settings. Please also refer to the information in the cookie consent mechanism as well as in section 9 of this privacy notice.
11. Social media fan pages
11.1 Instagram Fanpage
We, the EGEG, operate our own Instagram fan page at https://www.instagram.com/wos_world_of_students/. As the operator of this Instagram page, we are jointly responsible with the provider of the social network Facebook (Facebook Ireland Ltd.) within the meaning of Article 4 No. 7 of the General Data Protection Regulation (DSGVO). When visiting our Facebook page, personal data of the page visitors are processed by both controllers.
We have concluded a data protection joint responsibility agreement (Page Controller Addendum) with Instagram. With this agreement, Instagram recognizes the joint responsibility with regard to so-called insights data and assumes essential obligations under data protection law for informing data subjects, for data security or for reporting data protection breaches. In addition, the agreement stipulates that Instagram is the primary contact for the exercise of data subjects’ rights (Art. 15 – 22 DSGVO). This is because, as the provider of the social network, Facebook alone has direct access to the necessary information and can also immediately take any necessary measures and provide information. Should our support nevertheless be required, we can be contacted at any time.
- Use of Insights and Cookies
In connection with the operation of this Instagram fan page, we use the Insights function of Instagram to obtain anonymized statistical data on the users of our Instagram fan page. Information on Insights and Instagram fanpages is provided by Instagram, for example, via its privacy notice.
- Comments and messages; participation in competitions
On our Instagram fan page, you also have the option of commenting on our posts, rating them and contacting us via private messages or participating in competitions.
- Disclosure of data
It cannot be ruled out that some of the information collected will also be processed outside the European Union by Instagram Inc. based in the USA. Instagram Inc. has submitted to the standard contractual clauses adopted by the EU Commission and thus undertakes to comply with European data protection requirements.
We ourselves do not pass on any personal data that we receive via our Instagram page.
- Information on contact options and further rights as a data subject.
11.6 Facebook Fanpage
We, the EGEG, operate our own Facebook fan page at https://www.facebook.com/WOS.org. As the operator of this Facebook page, we are jointly responsible with the provider of the social network Facebook (Facebook Ireland Ltd.) within the meaning of Article 4 No. 7 of the General Data Protection Regulation (DSGVO). When visiting our Facebook page, personal data of the page visitors are processed by both controllers.
We have concluded a data protection joint responsibility agreement (Page Controller Addendum) with Facebook. With this agreement, Facebook recognizes the joint responsibility with regard to so-called insights data and assumes essential data protection obligations for informing data subjects, for data security or for reporting data protection breaches. The agreement also stipulates that Facebook is the primary contact for the exercise of data subjects’ rights (Art. 15 – 22 DSGVO). As the provider of the social network, Facebook alone has direct access to the necessary information and can also take any necessary measures and provide information immediately. However, if our support is required, we can be contacted at any time.
- Use of insights and cookies
In connection with the operation of this Facebook fan page, we use the Insights function of Facebook to obtain anonymized statistical data on the users of our Facebook fan page. Information about Insights and Facebook Fanpages is provided by Facebook, for example, via its privacy notices.
- Comments and messages; participation in competitions
On our Facebook fan page, you also have the option of commenting on our posts, rating them and contacting us via private messages or participating in competitions.
- Passing on of data
It cannot be ruled out that some of the information collected will also be processed outside the European Union by Facebook Inc. based in the USA. Facebook Inc. has submitted to the standard contractual clauses adopted by the EU Commission and thus undertakes to comply with European data protection requirements.
We ourselves do not pass on any personal data that we receive via our Facebook page.
- Information on contact options and further rights as a data subject
For further information on our contact details, including those of our data protection officer, the rights of data subjects vis-à-vis us and how incidentally personal data is processed by us, please refer to the relevant sections of this data protection declaration.
11.3 YouTube channel
- Data processed by YouTube
We have no influence on the type and scope of the data processed by Google, the type of processing and use or the transfer of this data to third parties. We also have no effective means of control in this respect. By using Google, your personal data will be collected, transferred, stored, disclosed and used by Google and transferred to, and stored and used in, the United States, Ireland and any other country in which Google does business, regardless of your country of residence. There is a transfer to Google affiliates and other trusted companies or individuals who process it on Google’s behalf.
Google processes on the one hand your voluntarily entered data such as name and username, email address, telephone number. Google also processes the content that you create, upload or receive from others when using the services. This includes, for example, photos and videos that you save, documents and spreadsheets that you create, and comments that you write on YouTube videos. On the other hand, Google also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages that you send directly to other users, and can determine your location based on GPS data, wireless network information, or your IP address in order to send you advertising or other content. For analysis, Google may use analytics tools such as Google Analytics. We have no influence on the use of such tools by Google and have not been informed about such potential use. If tools of this type are used by Google for our YouTube channel, we have neither commissioned this nor otherwise supported it in any way.
We are also not provided with the data obtained during the analysis. Moreover, we have no way to prevent or turn off the use of such tools on our YouTube channel. Finally, Google also receives information when you view content, for example, even if you have not created an account. This so-called “log data” may be the IP address, browser type, operating system, information about the website you visited previously and the pages you viewed, your location, your mobile provider, the terminal device you use (including device ID and application ID), the search terms you used and cookie information. Options to limit the processing of your data are available in the general settings of your Google account. In addition to these tools, Google also offers privacy settings specific to YouTube. You can learn more about this in Google’s guide to privacy in Google products: https://policies.google.com/technologies/product-privacy?hl=de&gl=de.
- Data processed by us
We also process your data when you communicate with us via YouTube. The processing is carried out for the purposes of customer loyalty, customer information and advertising (Art. 6 para. 1 lit. f DSGVO). The recipient of the data is initially Google, where it may be passed on to third parties for their own purposes and under the responsibility of Google. The recipient of publications is also the public, i.e. potentially anyone. Admittedly, we do not collect any data ourselves via our YouTube channel. Also, via the integration of YouTube videos on our website, the IP addresses of site visitors are not transmitted to Google.
In particular, no tracking of any kind takes place on the website. However, the data you enter on YouTube, in particular your username and the content published under your account, will be processed by us insofar as we may respond to your publications under “Discussions”. The data freely published and disseminated by you on YouTube will thus be included by us in our offer and made available to our followers.
12. links to other websites
12.1 EXPO-IP (https://expo-ip.com/)
We have links on our website to the trade fair platform we use, EXPO-IP https://expo-ip.com/. Please note the data protection notice available there: https://expo-ip.com/datenschutzhinweis/.
12.2 Third-party websites
In addition, we may have links to other websites on our website. It is possible that these websites process personal data from you when you access them. We, EGEG, are not responsible for the data processing on these websites. For more detailed information on the processing of your personal data, please refer to the data protection notices of the respective websites.
The controller is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 DSGVO to ensure lawful and secure processing of your personal data.
For more information, please see jQuery’s privacy information: https://openjsf.org/wp-content/uploads/sites/84/2019/11/OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf
On this website, we also use the reCAPTCHA function of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This function is primarily used to distinguish whether an entry is made by a natural person or is abused by machine and automated processing. The service includes the sending of the IP address and possibly further data required by Google for the reCAPTCHA service to Google.
ROLEGU is aware of the transfer of its personal data to a third country and has implemented appropriate safeguards in accordance with Article 46 of the GDPR to ensure lawful and secure processing of its personal data.
Within our website, the so-called “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used on the basis of your consent for the purposes of analysis, optimization and economic operation of our website.
With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine the visitors to our website as a target group for the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our web offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the web pages visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
- Order processing
The processing of data by Facebook takes place within the framework of Facebook’s data processing conditions. General information on the display of Facebook ads can be found in Facebook’s data usage policy: https://www.facebook.com/policy.php.
Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616.
For the processing of data where Facebook acts as a processor, we have concluded a processing agreement with Facebook, according to which Facebook is obliged to protect our customers’ data and not to pass it on to third parties.
- Data transfer
EGEG is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Article 46 of the GDPR to ensure lawful and secure processing of your personal data.
13.4 Google Fonts
Our website uses so-called web fonts provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
The web fonts are transferred to the browser’s cache when the page is called up so that they can be used for display. If the browser does not support Google web fonts or prevents access, the text is displayed in a standard font.
No cookies are set for this purpose when you call up the page. Personal data transmitted in connection with the page call (such as the IP address) are sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. The legal basis for this processing is Art. 6 (1) lit. f DSGVO. In the purpose of the uniform presentation is also our legitimate interest.
You can set your browser so that the fonts are not loaded from Google servers (for example, by installing add-ons such as NoScript or Ghostery for Firefox). If your browser does not support Google Fonts or you disable access to Google servers, the text will be displayed in the system’s default font. If you do not make any settings in your browser, your personal data will in any case be transmitted to Google servers in the USA.
EGEG is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 DSGVO to ensure lawful and secure processing of your personal data.
Information on the privacy terms of Google Webfonts is available at: https://developers.google.com/fonts/faqPrivacy.
General information on data protection is available in the Google Privacy Center at: http://www.google.com/intl/de-DE/privacy/.
13.5 Font Awesome
This site uses so-called web fonts provided by Fonticons, Inc. for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to the servers of Fonticons, Inc. This enables Fonticons, Inc. to know that our website has been accessed via your IP address. If your browser does not support web fonts, a standard font will be used by your computer. The legal basis for this processing is Art. 6 para. 1 lit. f DSGVO. In the purpose of the uniform presentation is also our legitimate interest.
EGEG is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 DSGVO to ensure lawful and secure processing of your personal data.
13.6 Google Tag Manager
Google Tag Manager is a solution that allows us to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager. If you do not want Google Tag Manager to be used, please change your settings in your browser.
13.7 Tidio Live Chat
14. Your rights
If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:
14.1 Right to information
You may request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing is taking place, you may request information from the controller about the following:
- The purposes for which the personal data are processed;
- the categories of personal data which are processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;
- the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- any available information about the origin of the data, if the personal data are not collected from the data subject;
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.
14.2 Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
14.3 Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
- if you contest the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the personal data;
- the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise or defense of legal claims; or
- if you have objected to the processing pursuant to Article 21 (1) DSGVO and it is not yet clear whether the legitimate grounds of the controller outweigh your grounds.
If the processing of personal data concerning you has been restricted, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
14.4 Right to deletion
14.4.1 Obligation to delete
You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay, if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a DSGVO and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO.
- The personal data concerning you has been processed unlawfully.
- The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
14.4.2 Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.
The right to erasure does not exist to the extent that the processing is necessary
- For the exercise of the right to freedom of expression and information;
- for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
- for the assertion, exercise or defense of legal claims.
Furthermore, the right to erasure does not exist insofar as the personal data must be stored by the controller due to statutory retention obligations and periods. In such a case, the personal data shall be blocked instead of deleted.
14.5 Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right against the controller to be informed about these recipients.
14.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable and interoperable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
- the processing is based on consent pursuant to Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO or on a contract pursuant to Art. 6 (1) b DSGVO and
- the processing is carried out with the help of automated procedures.
In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
14.7 Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to processing of the personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
14.8 Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time and without giving reasons. In the event of revocation, we will immediately delete your personal data and no longer process it. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
14.9 Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects vis-à-vis you or similarly significantly affects you. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between you and the controller,
- is permitted by legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests, or
- is carried out with your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases mentioned in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, which include, at a minimum, the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.
14.10 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
Person responsible: Emerald Global Education GmbH
Annex to specific data protection information
- Registration for virtual fair and data processing (visitors).
In order to visit our virtual trade fair, you need a user account, which you can create on our homepage. To create your user account, a processing of your personal data is necessary. Here are collected:
- First name
- Last name
- E-mail address
- Telephone number
- Type of person regarding the selection student, pupil, parent, teacher, family, young professional or other
- The interest regarding training opportunities or volunteer services
- The desired continent and country
Furthermore, your personal data will be transferred to participating educational institutions for commercial purposes, provided that you give us your consent to do so (only concerns data of visitors over 18 years of age). This consent is obtained from you by means of a double opt-in confirmation. When transmitting your personal data to the respective educational institutions, we take the greatest possible care to ensure that your data does not fall into the wrong hands. To this end, we take all necessary measures for secure data transmission. After a transfer has taken place, the respective recipient is responsible for the processing of your personal data. You can assert your rights as a person affected by the processing without prejudice against the respective recipient. Likewise, the recipient as the person responsible for the processing is also obliged to comply with the requirements of data protection law.
You are entitled to revoke your consent at any time and to request the deletion of your data. You are also entitled to assert your data subject rights at any time. The revocation of your consent, the deletion of your data and the assertion of your other data subject rights can be asserted both against us and the respective recipients of your data. In this case, you will be informed by the respective recipient how you can assert your data subject rights against them.
Your personal data is processed in accordance with the requirements of the General Data Protection Regulation and in compliance with the country-specific data protection provisions applicable to us. By means of this data protection notice, we would like to inform you about the type, scope and purpose of the personal data we process. Furthermore, we inform you about your rights by means of this data protection notice.
We have implemented technical and organizational measures to ensure an adequate level of protection for the personal data processed during the implementation of the virtual trade fair. Nevertheless, Internet-based data transmissions can have security gaps, so that no absolute protection can be guaranteed.
- Processing of personal data of children (from 16 years)
We exclusively process personal data of trade fair visitors from the age of 16. Against this background, we base the lawfulness of this processing on Art. 8 para. 1 p. 1 in conjunction with. Art. 6 para. 1 lit. a DSGVO.
- Registration for virtual trade fair and data processing (exhibitor)
In order to present your organization or business as an exhibitor in our virtual trade fair, you need a user account, which you can create on our homepage. For the creation of your user account a processing of your personal data is necessary. This requested data results from the input masks available there. The data collected is mainly non-personal data. The following data/input masks regularly have a personal reference or may have a personal reference:
- Contact person
- E-mail address
- Telephone number
- Contact person
- Invoice data
Free study abroad advice
On our website, we present international universities with the aim that website visitors apply there, e.g. for a semester abroad. In this context, we provide the following services (at the same time also purposes of processing):
- Telephone advice & emails
- Personal information events at trade fairs, etc.
- Provision of data from foreign universities
- Support during the application process
- Support until the student gets on the plane.
In this context, the various data processing operations can be described as follows:
First visit to the website:
No personal data is stored in the database, but cookies are set. The legal basis for this can be found in section 4 above and in section 9 in particular.
The data is processed and stored for the purpose of processing the inquiry. The legal basis for this is regularly Art. 6 para. 1 lit. b DSGVO.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the facts concerned have been conclusively clarified. The foregoing does not apply if the correspondence is subject to a retention obligation under commercial law.
If we are called by an interested party who would like to receive information from us, we send an e-mail for the double opt in procedure before sending the information and only when this link has been confirmed and the data is stored in the database do we send the e-mail with the information. In this respect, the legal basis in this case is Art. 6 para. 1 lit. a DSGVO (consent). If the interested party expresses his interest in applying to a university, he receives access and must enter his personal data or upload all documents for the application process in the database. The legal basis for this processing is Art. 6 para. 1 lit. b DSGVO.
Subscription to the newsletter:
See above under point 7.
Signing in a pad at personal events:
Here, the interested party personally signs on the pad that he/she agrees to the data storage, and the personal data is fed into the database. Legal basis in this case Art. 6 para. 1 lit. a DSGVO (consent).
Entry via individual contact form for virtual event:
Here, a link is created via which interested parties can be directly assigned to a specific event or presentation. The data requested are those already requested via the general contact form on the website.
Direct student from a partner university:
We cooperate closely with some universities. Here, the student’s data is entered directly into our database. This process works as follows:
A German university sends an email to their students with a link from us that leads directly to our database. The students enter general personal data and receive the double opt in email from us. When the students confirm this, they are registered in our database. The next step is to initiate the application process. The specific personal data is only stored here. Legal basis in this case Art. 6 para. 1 lit. a DSGVO (consent).
Data protection when participating in a sweepstake
Furthermore, we collect and process your personal data if you wish to participate in our sweepstakes offered at the virtual trade fair. In order to participate in our sweepstakes, the participant must have reached the age of 18. The data processing associated with participation therefore only takes place for persons who are at least 18 years old.
The personal data processed in this context are:
- First name
- Last name
- Telephone number
- e-mail address
This data is processed by Emerald Global Education GmbH for the purpose of determining the winners of the competition and the associated contact. In the event of a win, the announcement of the win will be made to the respective winners by e-mail. For this purpose, the winners must report back by e-mail within 72 hours. The name of the winner may then be published by Emerald Global Education GmbH.
In addition, the personal data collected in the course of participation in our competition will be transmitted to the sponsors of the competition on the basis of your consent. This transmission serves the purpose of determining and contacting the respective winners, tendering the prize to the person of the respective winner as well as the prevention of fraud.
The legal basis for these processing operations is a previously obtained consent of the data subject pursuant to Art. 6 (1) lit. a DSGVO. The consent is voluntary and can be revoked at any time in accordance with section 14.8 of this data protection notice. To revoke consent, it is sufficient to contact you (e.g. by e-mail) via the contact options specified in section 1.
Furthermore, the sponsors may contact you in order to provide you with information and consulting offers regarding stays abroad. The sponsors are responsible for the lawfulness of this processing. For more information regarding the processing of your personal data by the sponsors Organization for Worldwide Education Ltd, acting as the International Student Office, and Inflexyon), please refer to the privacy statements of the sponsors:
The transfer of your personal data to the sponsors of the competition takes place both within and outside the EU. Emerald Global Education GmbH is aware of the transfers and provides appropriate safeguards in accordance with Art. 46 DS-GVO to ensure lawful and secure processing of your personal data outside the EU. In particular, Emerald Global Education GmbH concludes standard data protection clauses with the sponsors (educational institutions) in the USA as well as in Australia. In each case, it is ensured beforehand that a transfer to the respective third country is harmless for the security of your personal data. Should a transfer turn out to be questionable due to the prevailing legal situation in the respective third country, we will only transfer your personal data if the recipient can guarantee that your personal data enjoys the same protection as within the European Union. In case of doubt, we will obtain your consent for the transfer of your personal data.