Data Protection Policy

Data Protection Policy according to the GDPR

In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled under data protection regulations, in particular the European General Data Protection Regulation (GDPR).

This Privacy Notice informs you about the type, scope and purpose of the processing of personal data on our website (hereinafter "website"). The Privacy Notice applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).

Personal data within the meaning of the GDPR are all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. Which data is processed in detail and how it is used depends largely on the services you use with us.

In our Privacy Notice, we use various other terms within the meaning of the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymization, controller, processor, recipient, third party, consent, supervisory authority and international organization. You can find the corresponding definitions for these terms in Art. 4 GDPR.

1. Who is controller of the data processing and who can I contact?

Controller is:

artop GmbH
Institute at the Humboldt University of Berlin
Christburger Str. 4
10405 Berlin

Phone 030 44 012 99-0
Fax 030 44 012 99-21

Email kontakt@artop.de

You can reach our data protection officer at:

mip Consult GmbH
Cindy Thomas
Wilhelm-Kabus-Str. 9
10829 Berlin

datenschutz@artop.de
www.sofortdatenschutz.de

2. What sources and data do we use?

We process personal data that we receive from you as part of the use of our website and, if applicable, our business relationship.

If you use the website for purely informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version and type of browser software, notification of successful access.

We also receive your personal data if you contact us, e.g. via the contact form, telephone or e-mail. Personal data here includes, for example, your name, address, e-mail address, telephone number and, if applicable, the data that you send us as a message (hereinafter referred to as "contact data"). Depending on the type of inquiry, it may be necessary to provide further data.

When you register for a training course, seminar or postgraduate program, we may collect further information about your current position and professional background in addition to master, contact and payment data.

For orders via our store, we process master data, contact data, order data and payment data.

The data you need to provide can be found on the relevant registration or order form.

Please note that when communicating by e-mail, we cannot guarantee complete data security for this transmission method, so we recommend that you send information that requires a high level of confidentiality by post.

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for the following purposes and on the following legal bases:

3.1 Data processing on the basis of your consent

If you have given us your consent to process personal data for specific purposes, in particular to contact you (e.g. via our web forms or by e-mail to process and handle your request), to send newsletters or for the purpose of advertising by telephone, e-mail, SMS (direct advertising), the lawfulness of this processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Any consent given can be revoked at any time.

Please note that the revocation is only effective for the future. Processing that took place before the revocation is therefore not affected by the revocation. You can revoke your consent at any time by contacting us using the contact details above.

3.2 Data processing for the implementation of pre-contractual measures at the request of the person

When you contact us (e.g. via web form, telephone or e-mail), your details will be processed to process the contact request and its handling, Art. 6 para. 1 sentence 1 lit. b GDPR.

3.3 Data processing for the fulfillment of legal obligations

Insofar as the processing of your personal data is necessary to fulfill a legal obligation to which we are subject, the data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. c GDPR.

3.4 Processing to protect our legitimate interests or those of third parties

We may process your personal data to protect our legitimate interests or those of third parties. We pursue the following legitimate interests in particular:

  • Ensuring IT security, in particular the security of the website;
  • Improvement of the website in terms of structure and content;
  • Assertion of legal claims and defense in legal disputes.

3.5 Implementation of application procedures

When you contact us (via contact form or e-mail) in connection with your application, we process your data in order to check your suitability for the position (or any other open positions in our company) and to carry out the application process, Art. 6 para. 1 sentence 1 lit. b GDPR. Your applicant data will be reviewed by the HR department after receipt of your application. Suitable applications will then be forwarded internally to the department managers responsible for the respective open position. They will then decide on the next steps. Within the company, only those persons have access to your data who need it for the proper conduct of our application process.

For data processing that is not absolutely necessary for the application process, we obtain your consent, Art. 6 para. 1 sentence 1 lit. a GDPR.

3.6 Storage of data on your end device or access to data located on your end device

We use cookies and similar technologies on the website. We store information on your end device because this is absolutely necessary in order to make our website available to you, Section 25 para. 2 No. 2 TDDDG. Data processing is carried out to safeguard our legitimate interest in the best possible functionality of the website in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Further information on the use of cookies and similar technologies can be found under "Cookies and similar technologies".

4. Who receives my data?

Within our company, those departments that require your data to fulfill our contractual and legal obligations will have access to it.

Processors employed by us (Art. 28 GDPR) may also receive data for the above-mentioned purposes. These are companies in the categories of IT services, telecommunications, debt collection, sales and marketing. If we pass on data to our service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects, guarantee an appropriate level of data protection and are carefully monitored by us.

Data will only be passed on to third parties who are not processors within the framework of the legal requirements. We only pass on user data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in the economic and effective operation of our business operations or if you have consented to the transfer of data. When using the website for purely informational purposes, we do not pass on any data to third parties.

5. How long will my data be stored?

5.1 Access data

For security reasons (e.g. to investigate misuse or fraud), log file information is stored for a maximum of seven days and then deleted (see point 2 above). Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

5.2 (Pre-)contractual measures

Where necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of a contract via the contact form or by e-mail.

5.3 Applicant data

Applicant data will be deleted after 6 months in the event of a rejection. If you are not hired but your application is still of interest to us, we will continue to keep your application for future job advertisements, provided we have your express written consent. The data will be deleted after two years at the latest or if you withdraw your consent. If we fill the advertised position with you, your data will be stored in our personnel management system.

5.4 Statutory retention obligations

In addition, we are subject to various retention and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are six to ten years.

5.5 Limitation periods

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years, whereby the regular limitation period is three years.

If you assert your rights as a data subject, we will store the information provided to you in this regard until expiry of the statutory limitation period in accordance with Section 31 para. 2 No. 1 OWiG, Section 41 para. 1 BDSG, Art. 83 para. Lit. b GDPR for 3 years. This period may be extended if the statutory limitation period is extended due to interruptions of the limitation period (e.g. in the context of inquiries by the supervisory authorities).

5.6 Further retention periods

Information on further retention periods can be found in the following paragraphs.

6. Is data transferred to a third country or to an international organization?

The data provided will be processed within the European Union and in the USA. When transferring data to the USA, we ensure that the recipients of the data are certified in accordance with the EU-U.S. Data Privacy Framework or that we agree EU standard data protection clauses with recipients without certification. If we base the data transfer on the EU standard data protection clauses, we will take additional security measures in order to protect your data and to achieve an appropriate level of protection for your personal data. You have the possibility to obtain or view a copy of the EU standard data protection clauses. If necessary, we will obtain your express consent for the transfer of data to the USA.

7. What data protection rights do I have?

Each person concerned has

  • the right to information in accordance with Art. 15 GDPR (i.e. you have the right to request information about your personal data stored by us at any time),
  • the right to rectification in accordance with Art. 16 GDPR (i.e. if your personal data is incorrect or incomplete, you can request the rectification of this data),
  • the right to erasure pursuant to Art. 17 GDPR and the right to restriction of processing pursuant to Art. 18 GDPR (i.e. you may have the right to request the erasure or restriction of processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and statutory retention obligations do not require further storage),
  • the right to data portability under Art. 20 GDPR (i.e. you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance).

Furthermore, you can revoke your consent with effect for the future.

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html . We would appreciate it if we could resolve your concerns before you contact the supervisory authority and therefore ask you to contact us first with your complaint.

We would also like to draw your attention to your right to object in accordance with Art. 21 GDPR:

___

Information about your right to object in accordance with Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 sentence 1 lit. e GDPR (data processing in the public interest) and Art. 6 para. 1 sentence 1 lit. f GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. 

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be sent to us in any form using the contact details above and no costs other than the transmission costs according to the basic rates will be incurred.

___

8. To what extent is there automated decision-making in individual cases, including profiling?

When you access our website or contact us by form or email, we generally do not use fully automated decision-making in accordance with Article 22 GDPR. If we use these procedures in individual cases, we will inform you of this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

9. Do I have an obligation to provide data?

When you visit our website, you must provide the personal data that is required for technical or IT security reasons in order to use our website. If you do not provide this data, you will not be able to use our website.

When contacting us by form or e-mail, you only need to provide the personal data required to process your request. Otherwise we will not be able to process your request.

If your request is aimed at concluding a contract or if the provision of data is necessary in the context of initiating a contract, failure to provide data may mean that we are unable to provide the intended service.

10. Cookies and similar technologies

We ourselves and the service providers we use process personal data on the website and use cookies and similar technologies in this context, such as web storage or web beacons. These technologies can store information on your device or access information that is stored on your device.

We currently only use cookies and similar technologies that are technically necessary for the provision of our website.

Cookies are stored in the browser on the user's end device. They contain information that is stored about a visited page. The cookie is either sent to the browser by the web server or generated in the browser by a script (JavaScript). The web server can read this cookie information directly on subsequent visits to this page or transmit the cookie information to the server via a script on the website. If cookies are set, they generally collect and process certain user information such as browser and location data and IP address values to an individual extent. Some of these cookies are essential for the functioning of our website, while other cookies help us to improve our website by providing us with insights into how you use the website.

With web storage, information is stored locally in the cache of your browser. The stored information is either automatically deleted again after the browser window is closed ("session storage") or remains there so that it can be read again when you visit the website again ("local storage"), unless you delete your browser cache ("browser data").

Web beacons are 1×1 pixel-sized graphics that are implemented in various ways on the website or in emails (newsletters) and are also used to collect and analyze user data.

You can prohibit the storage of cookies individually via the settings of your browser (you can find out how to set the cookie handling on the browser's help page). You can find help on cookie management in the most common browsers at the following addresses:

Please note that deactivating cookies can lead to functional restrictions on this website.

We will inform you about the specific use of the above-mentioned technologies and the scope of the information collected in each case in the following sections.

11. Bot and spam protection - Google reCAPTCHA

We use the anti-bot solution "reCAPTCHA" from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on the website to protect our forms and other user interaction points from bots and spam.

Google reCAPTCHA is a security mechanism that aims to ensure that the interaction between a user and a website originates from a human user. Depending on the result of the review, we can process or reject requests via our website.

Google uses advanced risk analysis methods to detect bots without the need for a user-interrupting puzzle process. In this context, Google places cookies on the end device and stores information in web storage.

On our behalf, Google processes the IP address, browser and device information, as well as the referrer URL. In addition, mouse movements and time intervals of keyboard strokes are recorded. Keyboard or form entries are not processed.

The above data is processed exclusively to protect against bots and spam.

The data is collected in accordance with Section 25 para. 1 TDDDG, the following data processing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of our legitimate interest in protecting our website from abusive access by bots, i.e. spam protection and protection against attacks (e.g. mass requests).

The Privacy Notice can be found at https://policies.google.com/technologies/partner-sites.

12. Orders via our store

For each order placed through our shop, we collect data for the purpose of fulfilling the contract and services associated with the contract, such as delivering the purchased goods, processing payments, providing customer service and providing receipts and invoices for the orders you have placed.

In particular, first and last names, billing and shipping addresses, your e-mail address and information about your order (e.g. date and time of the order, products purchased, order number) are processed. In addition, we process information about the delivery and payment status as well as messages and communication data (e.g. declarations of revocation, complaints and other messages to customer service).

The data processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the purpose of the performance of a contract. After the perfomance of the contract, your data will be deleted after expiry of retention and documentation obligations, unless you have expressly consented to further use of your data or another legal basis exists that allows or requires further data use, about which we will inform you.

13. Our AI assistant (chatbot)

We provide you with a chatbot (hereinafter also referred to as "AI assistant") on our website, which enables automated responses to user inquiries. The service is provided by Poll the People, Inc, 16192 Coastal Highway, Lewes, Delaware 19958, USA ("CustomGPT").

Our AI assistant is based on OpenAI technology and uses artificial intelligence to understand and respond to user requests. The automated responses that the chatbot generates are based on information that we provide to the service. The chatbot is trained exclusively with selected, internal knowledge from artop GmbH.

CustomGPT processes the following data on our behalf: IP address, browser and device information, as well as session history and chat content.

CustomGPT also sets cookies on your end device and stores information in web storage to the extent necessary for the provision of the service. For example, CustomGPT stores the session history to ensure that conversations with the chatbot are maintained.

The processing of the above-mentioned data takes place in the USA.

As our chatbot only passes on internal knowledge, you do not need to provide any personal data for further use of the chatbot. Please note that it is not possible for us to check the text you enter into the chatbot. If you enter personal data when using the chatbot, this will be processed as a result of the user input. All user entries are deleted after four weeks.

As a user, you have the possibility to give feedback (thumbs up or down) on whether the information provided by the chatbot was helpful to you. Your feedback helps us to train our AI assistant with further relevant knowledge and improve the user experience. Machine learning of the AI based on user conversations does not take place.

The data is collected in accordance with Section 25 para. 2 No. 1 TDDDG, the following data processing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of our legitimate interest in effectively responding to general inquiries and improving customer experience and satisfaction.

CustomGPT has taken appropriate technical and organizational measures to protect personal data. Further information can be found in CustomGPT's security principles at https://customgpt.ai/security/.

Further information on Privacy Notice can be found at https://customgpt.ai/security-privacy-guide/.

14. Newsletter

If you subscribe to our e-mail newsletter, we will inform you regularly (approx. five times a year) about news, events, training opportunities and many other relevant topics relating to our services.

The only mandatory information for sending the newsletter is your e-mail address. When you register for the newsletter, we store your IP address entered by the Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any possible misuse of your e-mail address at a later date.

Our email newsletters are sent via CleverReach GmbH & Co KG, Schafjückenweg 2, 26180 Rastede, Germany ("CleverReach"). CleverReach processes the information provided when registering for the newsletter to send and statistically analyze the newsletter on our behalf. For statistical analysis, the emails sent contain so-called web beacons. This makes it possible to determine whether a newsletter message has been opened and which links have been clicked on. Technical information is also recorded (e.g. the time of access, the IP address and browser and device information (e.g. the operating system). This data is used exclusively for the statistical analysis of newsletter campaigns and is not used to personalize the newsletter.

If you wish to withdraw your consent to data processing for statistical analysis purposes, you must unsubscribe from the newsletter. Data collection is carried out in accordance with Section 25 para. 1 TDDDG, the following data processing in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, provided that you have expressly consented to the delivery of our newsletter via the double opt-in procedure (DOI). This means that we will only send you an email newsletter if you have expressly confirmed to us that you consent to the sending of newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive future newsletters by clicking on a corresponding link. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending us a corresponding message via our contact options mentioned above. Once you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list immediately.

Further information on data processing can be found in CleverReach's Privacy Notice at https://www.cleverreach.com/de-de/datenschutz/.

15. Our social media presences

You can find us on social networks and platforms so that we can also communicate with you there and inform you about our services.

We would like to point out that your data may also be processed outside the European Union when using social media networks or platforms and that the providers of the social networks generally process the data for market research and advertising purposes. Usage profiles can be created from the usage behavior and resulting interests of the users. These usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies and similar technologies may be stored on the user's end device, in which the user's usage behavior and interests are stored. Other data may also be stored in these user profiles, in particular if the users are members of the respective platforms and are logged in to them.

On our website, we only link to our company profiles on the respective social networks. Please note, however, that when you click on a link to the social networks, data is transferred to their servers. If you are logged in to the respective social network with your user name and password at this time, the information that you have visited our company profile on the respective social network from our website will be transmitted there and the respective provider can save this information in your user account.

In principle, we have no significant influence on the data processing of social networks. However, we receive statistics from the providers about the use of and visits to our company profiles in the social networks (e.g. information about the number of views, interactions such as likes and comments as well as summarized demographic and other information or statistics). You can find more information on the data used by the providers in the providers' Privacy Notices linked below.

If we receive personal data from you via the social networks (e.g. as part of a message) and process it exclusively ourselves, we are the controller for the data processing. In this case, you are entitled to the rights set out above in this Privacy Notice. You can address your inquiries regarding data processing in the context of our company profiles to us using the contact details above. Please check carefully which personal data you share with us via social networks.

Insofar as the data transmitted by you via the social network is also or exclusively processed by the provider of the social network (Insights data), the respective provider is also the controller for data processing within the meaning of the GDPR in addition to us. In this respect, data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR.

If you wish to assert rights against the provider of the social network in this regard, the easiest way to do so is to contact the respective provider directly. The provider knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing. The contact details can be found in the Privacy Notices linked below. We are also happy to support you in asserting your rights, insofar as this is possible for us.

The processing of users' personal data is generally based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. The legal basis is also Art. 6 para. 1 sentence 1 lit. b GDPR if we receive and process your data as part of a contract-related request via our social media presence. The legal basis for the linking and operation of our company profiles in social networks, including the receipt of statistics on the use of our company profiles, is Art. 6 para. 1 sentence 1 lit. f GDPR based on our legitimate interest in our corporate communication in the respective social networks.

For information about the respective processing and the respective objection options, please refer to the providers' Privacy Notices linked below:

16. Overview: Cookies and similar technologies used

Below you will find more detailed information on the cookies and similar technologies used on the website according to the scheme [name of the service]: [name of the cookie] ([description, function duration, type]).

Google reCAPTCHA

  • rc::a (Set to differentiate between humans and bots, session, HTML session storage)

AI assistant (chatbot)

• customgpt_session (Used to maintain the session, session, HTTP cookie)
• cgpts-37507 (This cookie is required to determine whether or not the user can access certain conversations via the application, 7 days, HTTP cookie)
• customgpt-session-sharelink-37507 (This cookie is required to determine whether or not the user can access certain conversations via the application, persistent, HTML Local Storage)
• iconify-count (used for the icon library, permanent, HTML Local Storage)
• iconify-version (used for the icon library, permanent, HTML Local Storage)
• iconify0 (Used for the icon library, Permanent, HTML Local Storage)
• iconify-count (used for the icon library, session, HTML session storage)
• iconify-version (used for the icon library, session, HTML session storage)

17. Updates and changes to this Privacy Notice

This Privacy Notice is currently valid and was last updated in October, 2024.

It may be necessary to change this Privacy Notice as a result of further development of our website and offers on it or due to changes in legal requirements.

18. zoom / blink.it / basecam

Declaration of consent to the processing of my personal data in the context of using the online conferencing system zoom, the platform blink.it and the platform basecamp (and other web-based visualization tools)

 

Artop ChatBot