Privacy Policy

 

General information

Collection of personal data and why it is collected

Security measures

Data transfer and third-party providers

Processing user data

Access data and log files

Provisions on the use of cookies in internet advertising

Third-party services and content

User rights

Deletion of data

Right to revoke consent

Contact



General information

FORUM • Institut für Management GmbH (hereinafter ‘FORUM Institut’) implements training for specialists and managers.

Responsible:
Attorney Prof. Dr. jur. Ulrich Zeitel
Vangerowstraße 18
69115 Heidelberg
Germany

This Privacy Policy informs you about the nature, extent and purpose of the processing of personal data within the scope of data processing procedures and of the FORUM Institut online services and the associated websites, features and content (hereinafter jointly ‘Online Service’ or ‘Website’). The Privacy Policy shall apply regardless of the domains, systems, platforms and devices (for example, desktop or mobile, apps, chat, etc.) used to provide the Online Service.


Collection of personal data and why it is collected

FORUM Institut collects, processes and uses personal data within the scope of data processing procedures and of its Online Service for the purpose of optimising its customer communication and services, providing training formats and enabling optimal access to products and services.

A change in the purpose of the advertising activities for professional training shall be permitted for the purpose of informing our customers/users about our services.

User personal data processed within the scope of its services shall include user-related data (such as name, company name and address of customers and prospective customers, and interest profiles) contract data (such as services used and payment information), usage data (such as web pages of our Online Service that have been visited and interest in our services) and content data (such as information provided in the contact form, booking process and chats).

The term ‘user’ shall include all categories of the data subjects. These shall include our commercial partners, customers, prospective customers and visitors of our Online Service.


Legal basis

We shall only process user personal data in accordance with the relevant provisions of the Privacy Policy. This means that user data shall only be processed if it is legally permissible, that is, in particular if the data processing is required for the provision of our contractual services (for example, processing orders) as well as our Online Service, or is required by law; if the user has given their consent; and for the purpose of our legitimate interests (that is, interest in the analysis, optimisation, economic operation and security of our Online Service as set in Art. 6 [1] lit. f of the EU General Data Protection Regulation [GDPR], in particular for audience reach measurement, the creation of profiles for advertising and marketing purposes, the collection of access data and the use of services of third-party providers).

We would like to indicate that the legal basis for consent shall be Art. 6 (1) lit. a and Art. 7 of the GDPR, the legal basis for processing for the fulfilment of our services and the implementation of contractual measures shall be Art. 6 (1) lit. b of the GDPR, the legal basis for processing to fulfil our legal obligations shall be Art. 6 (1) lit. c of the GDPR and the legal basis for processing to safeguard our legitimate interests shall be Art. 6 (1) lit. f of the GDPR.


Security measures

We shall apply organisational, contractual and technical security measures to the latest technological standards to ensure compliance with the provisions of data protection law and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorised parties.

The security measures shall include in particular the encrypted transmission of data between your browser and our server. We use the ‘GeoTrust Primary Certification Authority – G3’ certificate for this purpose.


Data transfer and third-party providers

Data shall only be transferred to third parties within the scope of legal provisions. We shall only transfer user data to third parties if this is required for contractual purposes in accordance with Art. 6 (1) lit. b of the GDPR or if it is for the purpose of our legitimate interests in the economic and effective operation of our business in accordance with Art. 6 (1) lit. f of the GDPR, for example.

Insofar as we shall use subcontractors to provide our services, we shall resort to the appropriate legal measures and relevant technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal provisions. For the above purposes, we may transfer your data to the following companies:

1&1 IONOS SE, Elgendorfer Straße 57, 56410 Montabaur; abcdruck, Waldhofer Str. 19, 69123 Heidelberg; Bingmann Pflüger International GmbH, Uhlandstraße 175, 10719 Berlin; Bisnode Deutschland GmbH, Robert-Bosch-Straße 11, 64293 Darmstadt; camgula UG, Von-Kirn-Straße 11, 56182 Urbar; choin!, Multring 26, 69469 Weinheim; Cisco Systems International BV Amsterdam, Haarlerbergweg 13-19, 1101 CH Amsterdam-Zuidoost (Netherlands); CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede; clickandlearn GmbH, Petrinumstr. 12/3, 4040 Linz (Austria); DATEV eG, Paumgartnerstraße 6-14, 90429 Nürnberg; DER Deutsches Reisebüro GmbH & Co. OHG, 60439 Frankfurt; Deutsche Post AG, Friedrich-Ebert-Allee 45, 53113 Bonn; Deutsches Institut für angewandtes Insolvenzrecht (DIAI), Rheinstraße 50, 53179 Bonn; Druckpress GmbH, Hamburger Straße 12, 69181 Leimen; Optimizely GmbH, Wallstr. 59, 10179 Berlin; EPM-Service GmbH, Nepperberg 2, 73525 Schwäbisch Gmünd; GFN AG, Kurfürsten-Anlage 64 - 68, 69115 Heidelberg; Giebel oHG, Hansastraße 5, 69181 Leimen; Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (USA); Horváth Akademie GmbH, Phoenixbau, Königstr. 5, 70173 Stuttgart; i42 Informationsmanagement GmbH, N4 13-14, 68161 Mannheim; IHK Rhein-Necker, L1,2, 68161 Mannheim; IQVIA, Via Fabio Filzi 29, 20124 Milano (Italia); kursfinder GmbH, P3, 1-3, 68161 Mannheim; Mapp Digital Germany GmbH, Dachauer Straße 63, 80335 Munich; MX1 GmbH, Beta-Str. 1-10, 85774 Unterföhring; Omikron Data Quality GmbH, Habermehlstr. 17, 75172 Pforzheim; Peepz GmbH, Waldhofer Str. 102, 69123 Heidelberg; Personeco GmbH, Grullbadstraße 90a, 45661 Recklinghausen; PLATOW Medien GmbH, Stuttgarter Str. 25, 60329 Frankfurt; Southeast Asia Competence Network Co. Ltd., 1/48 Lanna Villa, Changpuek, Muang Chiang Mai, 50300 (Thailand); SIPS, P.O.Box: 836, 11821, Amman (Jordan); sli.do s. r. o., Vajnorská 100/A, 831 04 Bratislava (Slowakei); SRH Holding (SdbR), Bonhoefferstraße 1, 69123 Heidelberg; Steinbeis School of International Business and Entrepreneurship GmbH, Kalkofenstraße 53, 71083 Herrenberg; t.o.p. dialog GmbH, Am Hambuch 18, 53340 Meckenheim; Techcast GmbH, Heßstraße 48b, 80798 München; tye GmbH, Kurfürsten-Anlage 52, 69115 Heidelberg; Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne; vidivent GmbH, Wiebestr. 42-45, 10553 Berlin; WIRmachenDRUCK GmbH, Mühlbachstr. 7, 71522 Backnang, Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113 (USA)

Insofar as content, tools or other resources shall be used by any other provider (hereinafter jointly ‘Third-party Provider’) within the scope of this Privacy Policy, and their named registered office is in a third country, it shall be assumed that data shall be transferred to the country in which the Third-party Provider has their registered office. A third country shall be understood as a country in which the GDPR is no directly applicable legislation, that is, in principle, any country outside the EU or the European Economic Area (EEA). Data shall be transferred to a third country if there is either an adequate level of data protection or user consent, or else if it is otherwise legally permissible.

In the broadest sense, shortened customer/participant personal data (first name, surname, position, company, location) is transferred to the other participants/speakers of the respective event in the form of a list of participants in the event documentation.


Processing user data

We process user-related data (such as user names, addresses and contact details), contract data (such as services used, names of contact persons and payment information) in order to fulfil our contractual obligations and services in accordance with Art. 6 (1) lit. b of the GDPR.

A user account shall provide users with further opportunities to make better use of our Online Service, for example, newsletter administration. Users shall be informed about the mandatory information required during registration. User accounts shall not be public and cannot be indexed by search engines. If users have terminated their account, their data in terms of the user account shall be deleted unless its storage is necessary for commercial or fiscal purposes in accordance with Art. 6 (1) lit. c of the GDPR. It shall be incumbent on the users to back up their data in the event of termination before expiry of the contract. We shall be entitled to irretrievably delete all user data stored during the term of the contract.

The IP address and the time of the respective user activity shall be stored during registration and re-registration, as well as during use of our Online Service. The data shall be stored for the purpose of our legitimate interests as well as for the user’s protection against misuse and any other unauthorised use. In principle, this data shall not be transferred to third parties unless it is necessary in pursuance of our claims or there is a legal obligation in accordance with Art. 6 (1) lit. c of the GDPR.

We shall process usage data (such as web pages of our Online Service that have been visited and interest in our products) and content data (such as information provided in the contact form or the user profile) for advertising purposes in a user profile, for example, to display product information based on the services previously used by the user.


Contacting us

Each time the user contacts us, we shall process the information provided by the user for the purpose of processing the request in accordance with Art. 6 (1) lit. b of the GDPR.

The information provided by the user may be stored in our customer relationship management system (‘CRM System’) or a similar enquiry management system.

We use ‘EMS’, our own corporate CRM System.


Access data and log files

We shall collect data every time the server on which this service resides is accessed (in server log files) for the purpose of our legitimate interests as set in Art. 6 (1) lit. f of the GDPR. Access data shall include the name of the visited web page, the filename, the date and time of the visit, the transmitted volume of data, notification of successful retrieval, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.

Log files shall be stored for security purposes (such as the clarification of misuse or fraud) for a period of no more than seven days and then deleted. Data that must be stored further for evidential purposes shall be excluded from deletion until the respective incident has been finally clarified.


Information about cookies

A cookie is a small piece of data that is transmitted from our web server or a third-party web server to the user’s browser and stored there for later retrieval. A cookie may be a small file or any other form of data storage that is downloaded to a computer or mobile device. The Online Service recognises a subsequent visit and the related visited pages in order to facilitate use of the pages and to personalise them.

We use the following cookies:

Session cookies, which are only stored for the duration of your current visit to our Online Service (for example, to enable storage of your login status or the booking feature, and consequently the use of our Online Service). Session cookies store a session ID—a randomly generated unique identification number. In addition, a cookie contains information about its origin and an expiry date. Such cookies cannot store any other data. Session cookies are deleted when you stop using our Online Service and log out or close your browser.

Persistent cookies, which are stored on devices even after the browser has been closed. Each subsequent visit to a web page re-enables them, making it possible to identify recurring visits.

Third-party Provider cookies, such as those stored by companies to analyse web pages in order to provide information about the number of visits to the Online Service and their duration.

Flash cookies, which are stored by web pages serving media content (such as video clips and movies). Adobe Flash software enables the faster download of services and the storage of information, for example, that the content was accessed from your device.

Social media cookies enable the sharing of our Online Service through social media channels such as Twitter and Facebook. Detailed information is available in their respective guidelines.


Cookies and their settings

Cookies enable the efficient and personalised use of all features of our Online Service. Without cookies, some functionalities and services would not be available.

Most browsers provide various options for the protection of your privacy. Disabling cookies makes the storage of new cookies no longer possible: it does not prevent previously stored cookies on the device from working until they have all been deleted through the browser settings. The browser’s help feature or the device’s user manual specifically describe how to manage the cookie settings. In addition, a company-specific policy may regulate such settings.


Google Analytics

We use Google Analytics, a web analytics service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’), for the purpose of our legitimate interests (that is, interest in the analysis, optimisation and economic operation of our Online Service as set in Art. 6 [1] lit. f of the GDPR). Google uses cookies. The information generated by the cookie concerning users’ use of the Online Service is generally transmitted to and stored on a Google server in the USA.

Google shall use this information on our behalf to evaluate users’ use of our Online Service, to compile reports about activity within this Online Service and to provide us with further services related to the use of this Online Service and the Internet. For this purpose, pseudonymous profiles may be created from the processed data.

We use Google Analytics to serve ads, which we provide to Google and serve through the advertising services of Google and its partner sites, only to users who have shown an interest in our Online Service or who exhibit certain characteristics, such as interest in specific topics or products determined as a result of the web pages the user has visited (called a ‘remarketing audience’ or ‘Google Analytics audience’). With the help of remarketing audiences, we would also like to ensure that our ads are based on the potential interests of the users and are not considered a nuisance.

We only use Google Analytics with enabled IP anonymisation. This means that Google will truncate the IP address of a user within a member state of the European Union or any other state that is a party to the EEA Agreement. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there.

The IP address provided by the user’s browser is not merged with other Google data. Users may prevent the storage of cookies by selecting an appropriate setting in their browser software.
This will store an opt-out cookie on your computer, which will prevent Google from collecting your data when you visit this website in future.

For this purpose, please click the following link
Disable Google Analytics

In addition, users may prevent Google from collecting and processing data obtained from a cookie and related to their use of the Online Service by downloading and installing the browser add-on available at http://tools.google.com/dlpage/gaoptout?hl=en.

Further information on Google’s data use, settings and opt-out options is available on Google’s web pages: https://policies.google.com/technologies/partner-sites?hl=en (‘How Google uses information from sites or apps that use our services’); https://policies.google.com/technologies/ads?hl=en (‘Advertising’); and https://adssettings.google.com (‘Make the ads that you see more useful to you’).


Google marketing and remarketing services

We use Google’s marketing and remarketing services (‘Google Marketing Services’) for the purpose of our legitimate interests (that is, interest in the analysis, optimisation and economic operation of our Online Service as set in Art. 6 [1] lit. f of the GDPR).

Google Marketing Services allow us to target ads for and on our Website in order to serve only ads that are potentially based on users’ interests. For example, if ads that a user has shown interest in on other websites are served to the user, this is known as ‘remarketing’. For these purposes, when our and other web pages for which Google Marketing Services has been enabled are visited, Google directly executes a piece of code that embeds (re)marketing tags (invisible graphics or pieces of code, also known as ‘web beacons’) in the web page. With their help, an individual cookie, that is, a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). Cookies may be stored by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. This file will contain the websites the user has visited, the content the user has shown interest in, the ads the user has clicked on, additional technical information about the browser and operating system, referring web pages, the time of the visit and other information related to the use of the Online Service. The user’s IP address is also recorded. In the context of Google Analytics, we would like to inform you that Google will truncate the IP address of a user within a member state of the European Union or any other state that is a party to the EEA Agreement, and only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. The IP address is not merged with user data from other Google services. Google may also link the above information to such information from other sources. If the user subsequently visits another web page, ads based on the user’s interests may be served.

User data is processed pseudonymously within the scope of Google Marketing Services, that is, Google does not store and process data such as the user’s name or email address but processes the relevant data obtained from the cookie within pseudonymous profiles. Hence, from Google’s point of view, ads are not managed and served to a specific, identified person but rather to the cookie holder, regardless of who this cookie holder is. This does not apply if a user has explicitly permitted Google to process the data without the data having been pseudonymised. The user data collected by Google Marketing Services is transferred to Google and stored on Google servers in the USA.

The Google Marketing Services we use include the online advertising service ‘Google AdWords’. In the case of Google AdWords, each AdWords customer receives a different ‘conversion cookie’, which prevents cookies from being tracked through AdWords customer websites. The information collected with the help of the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that could be used to personally identify the users.

We may integrate third-party ads based on ‘DoubleClick’, one of the Google Marketing Services. DoubleClick uses cookies that enable Google and its partner sites to serve ads based on users’ visits to this Website or to other websites on the Internet.

We may integrate third-party ads based on ‘AdSense’, one of the Google Marketing Services. AdSense uses cookies that enable Google and its partner sites to serve ads based on users’ visits to this Website or to other websites on the Internet.

We may also use the ‘Google Optimizer’ service. Google optimizer allows us to track the effects of various changes to a website (such as changes in input fields, design, etc.) within the scope of ‘A/B testing’. Cookies are stored on users’ devices for the purpose of this test. In this case, only pseudonymous user data is processed.

Moreover, we may use the ‘Google Tag Manager’ to integrate and manage Google analytics and marketing services on our Website.

Further information about the use of data for marketing purposes by Google is available at https://policies.google.com/technologies/ads?hl=en. Google's privacy policy is available at https://policies.google.com/privacy?hl=en.

If you would like to opt out of interest-based advertising by Google Marketing Services, you may use the settings and opt-out options available at https://adssettings.google.com.

Hubspot

We use Hubspot for the purpose of our legitimate interests (that is, interest in the analysis, optimisation and economic operation of our Online Service as set in Art. 6 [1] lit. f of the GDPR). Hubspot is an american software company with an office in Ireland. Hubspot Inc., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland,
We use Hubspot for an exit intent pop-up layer. Hubspot uses cookies.
1. to provide functions for the website
2. to analyze how visitors use the website.
 
Learn more about HubSpot's privacy policy
More information from HubSpot regarding EU data protection regulations
More information about the cookies used by HubSpot can be found here & here.


Facebook social plug-ins

We use the social plug-ins (‘plug-ins’) of facebook.com, a social network, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland (‘Facebook’), for the purpose of our legitimate interests (that is, interest in the analysis, optimisation and economic operation of our Online Service as set in Art. 6 [1] lit. f of the GDPR). The plug-ins may constitute interactive elements or content (such as videos, graphics or text) identified by one of the Facebook logos (white ‘f’ on a blue tile, the term ‘Like’ or a ‘thumbs up’ icon) or by the text ‘Facebook Social Plugin’. An exhaustive list of the Facebook social plug-ins is available at https://developers.facebook.com/docs/plugins.

If a user calls a feature of this Online Service that contains such a plug-in, the user’s device establishes a direct connection to the Facebook servers. Facebook transfers the plug-in content directly to the user’s device and subsequently integrates it into the Online Service. For this purpose, user profiles may be created from the processed data. Hence, we have no influence on the amount of data Facebook collects with the help of this plug-in. We therefore inform users according to the information available to us.

Through the integrated plug-ins, Facebook is notified that a user has visited the respective page on the Online Service. If the user is logged in to Facebook, Facebook allocates the visit to the user’s Facebook account. If the user interacts with the plug-ins, such as clicking the ‘Like’ button or leaving a comment, the respective information is transferred directly from the user’s device to Facebook and stored there. If a user is not a member of Facebook, it is still possible that Facebook obtains the user’s IP address and stores it. According to Facebook, it only stores anonymised IP addresses from Germany.

The purpose and extent of the data collected, its further processing and use by Facebook, and the relevant rights and options for users to protect their privacy are available in Facebook’s data policy: https://www.facebook.com/about/privacy.

If a user is a member of Facebook and does not want Facebook to collect data about this Online Service and allocate it to the user’s Facebook account, the user must log out of Facebook and delete the cookies before using the Online Service. Further settings and the option to opt out of the use of data for advertising purposes are available in the Facebook profile settings:
https://www.facebook.com/ads/preferences; on the US page for advertising choices: http://www.aboutads.info/choices; or on the EU page for advertising choices: http://www.youronlinechoices.com. The settings are platform-independent, that is, they apply to all devices such as desktop computers and mobile devices.


Facebook marketing services

We use the ‘Facebook pixel’ of Facebook, a social network, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, if you are resident in the EU, for the purpose of our legitimate interests in the analysis, optimisation and economic operation of our Online Service, and for the pursuance of these activities.

The Facebook pixel helps make it possible for Facebook to identify the visitors of our Online Service as a target group for serving ads (called ‘Facebook ads’). Accordingly, we use Facebook pixel to serve Facebook ads, which we provide to Facebook, only to Facebook users who have shown an interest in our Online Service or who exhibit certain characteristics, such as interest in specific topics or products determined as a result of the web pages the user has visited (called a ‘Custom Audience’). With the help of the Facebook pixel, we would also like to ensure that our Facebook ads are based on the potential interests of the users and are not considered a nuisance. Moreover, the Facebook pixel helps us understand the effectiveness of Facebook ads for statistical and market research purposes by indicating whether users have been redirected to our Website after clicking a Facebook ad (called a ‘conversion’).

Facebook directly embeds the Facebook pixel when our web pages are visited and may store a cookie, that is, a small data file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, the visit to our Online Service will be recorded in your profile. The data collected about you is anonymous and gives us no indication of the user’s identity. However, the data is stored and processed by Facebook, making its allocation to the respective user profile possible, and may be used for Facebook and for Facebook’s own market research and advertising purposes. Insofar as we shall transfer data to Facebook for matching purposes, this shall be encrypted locally in the browser and then sent to Facebook over a secure https connection. This shall be solely for the purpose of matching the data with data similarly encrypted by Facebook.

Furthermore, when using the Facebook pixel, we use the additional ‘advanced matching’ feature whereby (encrypted) data (such as users’ telephone numbers, email addresses and Facebook IDs) is transferred to Facebook in order to form target groups (‘Custom Audiences’ or ‘Lookalike Audiences’). Further information on ‘advanced matching’ is available at https://www.facebook.com/business/help/611774685654668.

Data is processed by Facebook in terms of Facebook’s Data Policy. General information about displaying Facebook ads is available in Facebook’s Data Policy at https://www.facebook.com/policy.php. Specific information and details about the Facebook pixel and how it works is available in Facebook’s Help Center at https://www.facebook.com/business/help/651294705016616.

You may opt out of the collection of your data through the Facebook pixel and its use to display Facebook ads. To determine the types of ads that will appear within Facebook, you may follow Facebook’s instructions on how to change the settings for usage-based advertising at https://www.facebook.com/ads/preferences. The settings are platform-independent, that is, they apply to all devices such as desktop computers and mobile devices.




Newsletter

The following information shall explain the content and the subscription, mailing and statistical evaluation procedures of our newsletter, as well as your right to opt out. By subscribing to our newsletter, you shall consent to receiving it and to the described procedures.

Content of the newsletter: We shall only send newsletters, emails and other electronic notifications containing advertising information (hereinafter ‘Newsletter’) with the consent of the recipient or if it is legally permissible. Insofar as the content of a Newsletter is specifically described in the subscription process, it shall be relevant for the user’s consent. In addition, Newsletters shall include information about our products, services, promotions and company.

Double opt-in and logging: A double opt-in process is used for subscription to our Newsletter, that is, when you subscribe, we shall send you an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one subscribes with someone else’s email address. Subscription to a Newsletter is logged, to serve as evidence of the subscription process in accordance with legal requirements. This shall include records of the subscription and confirmation times, as well as of the IP address. Changes to your data stored at the mailing service provider shall also be logged.

Mailing service provider: Our Newsletters are sent by Mapp Digital Germany GmbH, Dachauer Straße 63, 80335 Munich, Germany (hereinafter ‘Mailing Service Provider’). The Mailing Service Provider’s privacy policy is available at https://mapp.com/privacy.

Our Newsletters are also sent by Optimizely GmbH, Wallstraße 59, 10179 Berlin, Germany (hereinafter ‘Mailing Service Provider’). The Mailing Service Provider’s privacy policy is available at https://www.optimizely.com/legal/privacy-notice/.

Furthermore, the Mailing Service Provider may use this data in pseudonymous form, that is, without allocating it to a user, to optimise or improve their own services—such as the optimisation of the delivery process and Newsletter design—or to identify recipients’ countries for statistical purposes. However, the Mailing Service Provider shall not use Newsletter recipient data to contact the users themselves or disclose it to third parties.

Statistical collection and analysis: Newsletters contain a ‘web beacon’, that is, an image file that is one pixel large, which is retrieved from the Mailing Service Provider’s server when the Newsletter is opened. This will result in technical data, such as information about your browser and your operating system, as well as your IP address and the time of your visit being collected. The technical data is used to improve the technology on which the service is based, while the browsing location (identified from the IP address) and the times of the visits are used to determine the target groups and their reading habits. In addition, response data (such as when an email is opened and the clicks in the email) is collected and stored for the purpose of tracking.

The use of a Mailing Service Provider, collection and analysis of statistical data, logging of the subscription process and tracking are for the purpose of our legitimate interests in accordance with Art. 6 (1) lit. f of the GDPR. Our interest is the use of a user-friendly and secure Newsletter system that both serves our commercial interests and fulfils user expectations.

Cancellation/withdrawal: You may cancel the Newsletter, that is, withdraw your consent, at any time. Your consent for the delivery of the Newsletter by the Mailing Service Provider shall be withdrawn at the same time. It is not possible to withdraw separately from delivery by the Mailing Service Provider or from statistical evaluation. A link to cancel the Newsletter may be found at the end of each Newsletter.


Consent to being contacted by telephone

FORUM Institut also solicits your consent to being contacted by telephone with regard to events and relevant technical content in online forms and print media.


Third-party services and content

We use the content and services of Third-party Providers, such as videos and fonts (hereinafter jointly ‘Content’), in our Online Service for the purpose of our legitimate interests (that is, interest in the analysis, optimisation and economic operation of our Online Service as set in Art. 6 [1] lit. f of the GDPR). This always implies that Third-party Providers of such content identify the user IP address, since they could otherwise not send the content to their browser. The IP address is required to serve this content. We make every effort to use only such content whose respective provider uses the IP address solely to deliver the content. Moreover, Third-party Providers may also use pixel tags (invisible graphics, also called ‘web beacons’) for statistical or marketing purposes. Information such as visitor traffic on the pages of this Website may be evaluated through the ‘pixel tags’. Moreover, the pseudonymous data may be stored in cookies on the user’s device, may include technical information about the browser and operating system, referring web pages, the time of the visit and other information related to the use of our Online Service, and may also be linked to such data from other sources.

The following list provides an overview of Third-party Providers and their content, together with links to their privacy policies, which contain further information on their processing of data and, as already mentioned in some cases, opt-out options:

‘YouTube’ videos of the Third-party Provider Google. Privacy policy: https://policies.google.com/privacy?hl=en; opt-out: https://adssettings.google.com.

Features of the Google+ service are incorporated in our Online Service. These features are provided by the Third-party Provider Google. If you are logged in to your Google+ account, you may link the content of our pages with your Google+ profile by clicking the Google+ button. Thus, Google can allocate your visit to our pages to your user account. We would like to indicate that we, the provider of the pages, are not informed about the content that is transferred and its use by Google+. Privacy policy: https://policies.google.com/privacy?hl=en; opt-out: https://adssettings.google.com.

Features of the Instagram service are incorporated in our Online Service. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged in to your Instagram account, you may link the content of our pages with your Instagram profile by clicking the Instagram button. Thus, Instagram can allocate your visit to our pages to your user account. We would like to indicate that we, the provider of the pages, are not informed about the content that is transferred and its use by Instagram. Privacy policy: http://instagram.com/about/legal/privacy.

Our Online Service uses features of the LinkedIn network, provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you visit one of our pages that contains LinkedIn features, a connection to LinkedIn’s servers is established. LinkedIn will be informed that you have visited our web pages with your IP address. If you click on LinkedIn’s ‘recommend’ button and are logged in to your LinkedIn account, it is possible for LinkedIn to allocate your visit on our web page to you and your user account. We would like to indicate that we, the provider of the pages, are not informed about the content that is transferred and its use by LinkedIn. Privacy policy: https://www.linkedin.com/legal/privacy-policy; opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Features of the Twitter service may be incorporated in our Online Service. These features are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the ‘Retweet’ feature, the web pages you visit are linked with your Twitter account and made known to other users. In the process, data is also transmitted to Twitter. We would like to indicate that we, the provider of the pages, are not informed about the content that is transferred and its use by Twitter. Twitter’s privacy policy is available at https://twitter.com/privacy. You may change your Twitter privacy settings in your account settings at http://twitter.com/account/settings.

We use features of the XING network, provided by XING SE, Dammtorstraße 29–32, 20354 Hamburg, Germany. Every time you visit one of our pages that contains XING features, a connection to XING’s servers is established. According to the information available to us no personal data is stored. In particular, no IP addresses are stored and no usage behaviour is evaluated. If you are logged in to your XING account, you may link the content of our pages with your XING profile by clicking the XING button. Privacy policy: https://www.xing.com/app/share?op=data_protection.

We use the services of XOVI GmbH, Hohenzollernring 72, 50672 Cologne, Germany, for web analytics. XOVI is used to reproduce user streams and to perform keyword and link analyses, which provide valuable information to make our Websites even faster and more customer-friendly. Privacy policy: https://www.xovi.de/datenschutz.

We use Userlike, live chat software provided by Userlike UG (limited liability), Probsteigasse 44–46, 50670 Cologne, Germany, for optimal customer communication. Users may communicate directly with us by typing in a browser window. If this service is not required, the pop-up window may be closed, disabling the chat feature. In the event of a recurring visit, the service restarts, taking the stored IP address of any previous use of the chat feature into account. Userlike uses ‘cookies’, text files that are stored on your computer to enable a conversation in the form of a real-time chat on the web page. The data thus collected is used to personally identify visitors to this web page and to provide them with the best possible advice. Furthermore, this data is merged with personal data on our system. Privacy policy: https://www.userlike.com/de/terms.

Our Online Service (Website) is hosted by i42 Informationsmanagement GmbH, N4 13–14, 68161 Mannheim, an Internet service provider. For hosting purposes, log files and cookies are created and processed, and tracking data is stored. The functionalities include the checkout process, Newsletter, user accounts and lead management. In addition, i42 provides the iOS app for our service. Privacy policy: www.i42.com.

Our online products (online forums) are partly implemented by camgula UG, Von Kirnstraße 11, 56182 Urbar. The services include in particular live transmission, user management and technical support. Privacy policy: https://camgula.de/datenschutz/

Our Mail Service Provider and IT security partner is choin! GmbH, Multring 26, 69469 Weinheim, Germany. Privacy policy: http://www.choin.net/impressum.


User rights

Users have the right, upon request and free of charge, to be informed about their personal data that we store.

In addition, users have the right to rectify incorrect data, to restrict its processing and to delete their personal data if applicable, to assert their rights to data portability and, in the event of the presumption of unlawful data processing, to file a complaint with the competent supervisory authority.

In principle, users may also revoke consent with future effect.


Deletion of data

The data we store shall be deleted as soon as it is no longer required for its intended purpose, provided that there are no legal obligations to retain it. Insofar as user data is not deleted because it is required for other and legally permissible purposes, its processing shall be restricted, that is, the data shall be blocked and not processed for any other purpose. For example, this shall apply to user data that must be retained for commercial or fiscal reasons.

Subject to legal guidelines, retention shall be for a period of six years in accordance with Section 257, Subsection 1 of the German Commercial Code (HGB – books of account, inventories, opening balance sheets, financial statements, commercial letters, posting documents, etc.) and for a period of 10 years in accordance with Section 147 Subsection 1 of the German Fiscal Code (AO – books, accounting records, financial reports, posting documents, commercial and business letters, tax-related documents, etc.).

The data shall be deleted entirely after no more than 30 years, the standard customer development cycle. Should a customer relationship exist or have existed, the personal customer data shall be pseudonymised and stored solely for the purpose of illustrating the customer company’s development history.


Right to revoke consent

You may revoke your declared consent at any time with future effect. You may revoke your consent by email to datenschutz@forum-institut.de or by post in German to:

FORUM • Institut für Management GmbH
Data Protection
Vangerowstr. 18
69115 Heidelberg
Germany.


Right to access

You may request access to your data stored by FORUM Institut, and that it be rectified, deleted or blocked, at any time in German in the manners set above.


Changes to the Privacy Policy

We reserve the right to change the Privacy Policy in order to adapt it to changes in the legal situation, service and data processing. However, this shall only apply to explanatory notes on data processing. Insofar as user consent is required or elements of the Privacy Policy contain provisions for the contractual relationship with the user, the changes shall only apply with the user’s consent.

Users are asked to keep regularly informed about the content of the Privacy Policy.


Contact

For further information, suggestions and requests concerning the collection, processing and use of your data, please contact us at datenschutz@forum-institut.de.