Information on data protection and data security at the ESMT European School of Management and Technology GmbH
February 18, 2020
Data privacy is of utmost importance to ESMT Berlin and we have taken the appropriate technical and organizational measures to guarantee the utmost security of your data. This enables us to ensure compliance with the legal regulations in Germany. Data protection regulations require that we handle user data properly and for a specific purpose. We will not use user data for purposes other than those stated. We would like to inform you here how we handle your personal data when using our website.
ESMT Berlin is subject to the provisions of the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telemedia Act (TMG). We have taken appropriate technical and organizational measures to ensure that the regulations on data protection are followed.
ESMT European School of Management and Technology GmbH
Tel.: +49 30 212 31 0
Further details can be found in the imprint.
3. Data protection officer
PwC Cyber Security Services GmbH
Kapelle-Ufer 4, 10117 Berlin
4. Handling of personal data
Personal data is any information relating to an identified or identifiable person; identifiable is an individual person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identification or one or more special characteristics.
5. Collected data, purposes of data processing, and legal basis
a) Visiting our website
Each time a user accesses an ESMT Berlin page and each time a file is retrieved, data about this process is temporarily stored in a log file until their automatic erasure after three months. Depending on the access protocol used, the log data record contains information with the following contents:
- IP address of the requesting computer
- Name of the requested file
- Date and time of the request
- Access methods/functions requested by the requesting computer
- Access status of the webserver
- URL from which the file was requested
- Operating system and browser type or settings.
No user profiles are created, in which IP addresses and personal data are linked. Anything to the contrary shall only apply insofar as this is stated separately in this data protection declaration.
The stored log data is used exclusively for purposes of identification and tracking of unauthorized access attempts/access to the webserver, as well as for statistical evaluations such as visitor numbers and page popularity. Only authorized employees of ESMT Berlin carry out the evaluation.
The lawfulness of the data processing results from Art. 6 paragraph. 1 sentence 1 lit. f) GDPR. Our legitimate interest is explained above.
b) Registration for special services
If you have given explicit consent in accordance with Art. 6 paragraph. 1 sentence 1 lit. a) GDPR, we will store your email address and, depending on the requested service (e.g. newsletter dispatch, activation of test accesses, registration for events and programs, application for study programs), other data also and use it to provide the requested services. Additionally, we may also use your personal information for marketing purposes, such as to inquire about your interest in a particular ESMT program or to generally promote our programs or events. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR.
The use of some of our offers, especially the online application procedure for students of the graduate programs, requires a personal password assignment. You must keep this password secret and protect it from access by unauthorized third parties.
You can withdraw your previous consent for the processing of personal data at any time or object to any processing carried out within the scope of our legitimate interests (Art. 1 para. 1 sentence 1 lit. f GDPR) (email@example.com).
As part of your visit to our website, we use so-called “cookies”.
These are small text files our web application stores on your computer so that we can identify your Internet browser when you visit.
The popular Internet browsers are set so that they automatically accept cookies. You can de-activate the setting or set your Internet browser so that it informs you if cookies are used and you will be notified as soon as cookies are to be placed.
The data retrieved by cookies is not used to identify you personally.
Permanent cookies are stored on your computer for 100 days and are used to enable you to use our website as comfortably as possible even after your current visit. We use them for displaying individual content to you.
If you do not wish to permit permanent cookies you can de-activate them in your browser. Please refer to the help function in the menu bar of your browser for details on how to proceed. The deactivation of permanent cookies has no influence on the general usability of our website.
Session cookies are stored only until you close your current browser session on your system. They serve to enable you to use our services without restriction for your current visit to our site. This data is anonymized so that you cannot be identified personally. If you do not wish to allow session cookies, you can deactivate them in your browser.
Please find further information on this process in the help function of the menu bar of your browser.
By deactivating session cookies, we cannot guarantee that you will be able to use all of our services without restriction.
Social Media Plug-ins
We use social media plug-ins from the providers listed below to customize content and advertising, to improve the services on our website, to optimize our marketing activities and to analyze traffic on our website.
- Facebook (operated by: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
- Google+ (operated by: Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Linkedin (operated by: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Placa, Dublin 2)
- Twitter (operated by: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
The plug-ins normally collect information about your use of our website by default and transmit it to the servers of the respective provider.
For more information on the scope, type and purpose of data processing and on rights and setting options for protecting your privacy, please refer to the data protection information of the respective social network provider. These are available at the following addresses:
- Facebook: https://www.facebook.com/policy.php
- Google: https://policies.google.com/privacy
- Linkedin: https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.link…)
- Twitter: https://twitter.com/privacy/
The lawfulness of the use of Social Media Plug-ins is Art. 6 para. 1 sentence 1 lit. f) GDPR.
7. Web analysis / Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC., Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
This web analysis tool helps us, within the scope of our legitimate interests, to ensure that our website functions as required and to constantly improve it. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f) GDPR).
The data about your use of this website is processed by Google on behalf of ESMT and is usually transferred to a Google server in the USA and stored there.
We would like to point out that on our website Google Analytics has been extended by the code "anonymizeIp" in order to guarantee an anonymized collection of IP addresses (so-called IP-Masking). This means Google will reduce your IP address within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area beforehand.
Full IP addresses are transmitted to a Google server in the USA and shortened there only in exceptional cases. Google will use this information on behalf of ESMT Berlin in order to evaluate visitors’ use of the website, compile reports on website activities, and provide other services related to the use of the website and the Internet to ESMT Berlin. The IP address provided by your browser in the context of Google Analytics is not combined with other data of Google. You may prevent cookies from being stored on your computer by changing the relevant setting in your browser software. You may prevent cookies from being stored on your computer by changing the relevant setting in your browser software.
According to Google's own statement, they comply with the terms of the Privacy Shield Agreement between the EU and the USA and between Switzerland and the USA.
Google Data Studio
On the legal basis of Art. 6 paragraph. 1 f) GDPR (legitimate interest in the aggregated analysis of the use and continuous optimization of this website) we use an additional data management tool from Google Analytics - Google Data Studio - for the visual creation of user-defined reports and interactive dynamic dashboards for internal purposes. We use data from Google Analytics and no other data sources. The data is processed by Google on behalf of ESMT. The web-based tool is accessed via a browser and Google Analytics is directly connected to the Google Data Studio via an interface. Further information about Google Data Studio can be found here.
This website uses Matomo, a web analysis tool for the statistical evaluation of visitor access, to ensure that our website functions as required within the framework of our legitimate interests and to constantly improve it. The legal basis for the processing of your data is art. 6 para. 1 sentence 1 lit. f) GDPR.
The data collected by Matomo is processed on a server operated by ESMT Berlin.
We support “Do Not Track”
The "Do Not Track" function (abbreviated "DNT") is a privacy setting that can be set in most web browsers. Our website supports this function. If you have DNT turned on, your use of the site will not be used for usage analysis. Functional cookies, which we need for the provision of our services (e.g. registration), will continue to be set.
8. Google Maps
This website uses the "Google Maps API" of the Google Group ("Google"). Via this API, the map material of the Google Maps service is displayed together with the localization of ESMT Berlin. The display of this content in your browser requires Google to collect your IP address. We would like to point out that on this website Google Maps API has been extended by the code "anonymizeIp" in order to ensure anonymous collection of IP addresses (so-called IP-Masking).
The data collected by the Service may be transferred to the United States and processed on servers of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google claims to comply with the terms of the Privacy Shield Agreement between the EU and the USA and between Switzerland and the USA.
The legal basis for this data processing is our legitimate interest (Art. 6 paragraph.1 lit. f) DSGVO) in making it easier for you to contact us. Google and we process your data as independent data controllers, on the basis of the agreement which can be accessed here.
If you're signed in to a Google Account, the information collected by the service can be associated directly with your account. If you want to prevent Google from processing your information and associating it with your Google Account, please contact Google Ireland Limited.
9. Links to other websites and social networks
Hyperlinks to various offers by third-party providers, such as social networks, may be integrated in our website in order to allow our users to quickly access the latest information and communicate easily. If you follow these hyperlinks and use social networks, data may be collected by these third-party providers.
10. Data security
Personal data provided to us by you will be transmitted to us via a secure connection in encrypted form. The security procedure used (SSL - Secure Sockets Layer) adheres to current technical standards. We use encryption with a 256-bit key. SSL encryption (recognizable by https:// in the address bar of the browser and by a lock symbol in the status bar at the bottom of the browser) is a protocol for encrypting data in the transmission from the web server to the browser. During transmission, the personal data between the user's computer and our SSL server is encrypted using the SSL protocol.
11. Automated decision-making / profiling
Automated decision-making / profiling does not take place.
12. Affected rights and the right of appeal to a supervisory authority
Each user has the right to receive free information about the data stored about them by ESMT Berlin. In addition, the user has the right to:
- Correction of incorrect data
- Restriction of processing
- Data portability
- Withdraw a given consent, Art. 7, paragraph. 3 GDPR.
If your personal data are processed on the legal basis of legitimate interests in accordance with Art. 6 paragraph. 1 sentence 1 letter f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, if there are reasons for doing so arising from your particular situation or if the objection is directed to advertising. In the last case, you have a general right of objection which we will implement without indicating a special situation.
There is also a right of appeal to the supervisory authority responsible for ESMT Berlin. The contact details are:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Tel.: +49 30 13889-0
Fax: +49 30 2155050