General information

Compliance with data protection laws is not only a legal obligation for cpc baulogistik GmbH, but also an important factor of trust. With the following data protection provisions, we would therefore like to inform you transparently about the type, scope and purpose of the personal data collected and processed by you within this website, as well as your rights.

Responsibility for data processing

cpc baulogistik GmbH, Hauptstraße 65, 12159 Berlin, Germany (hereinafter referred to as "we") is the operator of the website https://learning.cpc-baulogistik.de, controller pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR). If you have any questions, please contact info@cpc-baulogistik.de turn.

Data Protection Officer

The responsible data protection officer is

Süddeutsche Datenschutzgesellschaft mbH
Contact Maximilian Mayer
Von-Brettreich-Straße 4
93049 Regensburg
Tel: +49 (0) 941 - 38177070
Mail: verwaltung@sddsg.de

Rights of data subjects

Your rights as a data subject

As a data subject, you have the following rights with regard to your personal data. You have:

• A Right to information including the categories of data processed, the purposes of processing, the storage period and any recipients, in accordance with Art. 15 GDPR and Section 34 BDSG.
• A Right to rectification or erasure of incorrect or incomplete data, in accordance with Art. 16 and 17 GDPR and Section 35 BDSG.
• Under the conditions of Art. 18 GDPR or Section 35 (1) sentence 2 BDSG, a Right to restriction of processing.
• A Right to object against the processing pursuant to Art. 21 (1) GDPR, insofar as the data processing is based on a legitimate interest.
• A Right of revocation a given consent with effect for the future in accordance with Art. 7 para. 3 GDPR.
• A Right to data portability in a commonly used format in accordance with Art. 20 GDPR.
• In accordance with Art. 22 GDPR, you have a Right not to be subject to a decision based solely on automated processingwhich produces legal effects concerning you or similarly significantly affects you. This also includes profiling within the meaning of Art. 4 No. 4 GDPR.
• You also have the right, pursuant to Art. 77 GDPR, to lodge a complaint with a Data protection supervisory authority to lodge a complaint about the processing of your personal data by us, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

Procedure

If you assert your rights under the GDPR and the BDSG against us, we will process the data you provide to us in order to fulfill your claim.

We will then store the data you have transmitted to us and the data we have transmitted to you in return for the purpose of documentation until the expiry of the statute of limitations under regulatory offense law (3 years).

The legal basis for the processing and storage of data is Article 6(1)(1)(f) GDPR (legitimate interest in data processing). The legitimate interest arises from our obligation to comply with your request and the need to be able to exonerate ourselves in possible fine proceedings by proving that we have duly complied with your request.

You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice. However, we would like to point out that the processing of your data to prove compliance with the rights of the data subject is mandatory within the meaning of Art. 21 para. 1 GDPR, as other means of proof do not exist or are not equally suitable.

Data protection measures

We use technical and organizational measures to protect our website and other systems - and therefore also your data - against loss, destruction, access, modification or dissemination by unauthorized persons. In particular, your personal data is transmitted in encrypted form via the Internet. We use the TLS (Transport Layer Security) coding system.

However, the transmission of information via the Internet is never completely secure, which is why we cannot 100% guarantee the security of the data transmitted from our website.

Modalities of data processing

Sources and categories of personal data

We process your personal data insofar as it is necessary for the establishment, content or amendment of a contractual relationship between us and you (inventory data). Inventory data can be in particular Name, title, contact details (postal address, telephone, e-mail address), date of birth, etc.

We also process your usage data. Usage data is data that is generated by your behavior when using our website and our services, in particular your IP address, the start and end of your visit to our website and information about what content you have accessed on our website.

We collect the aforementioned data either directly from you (e.g. by visiting the website) or, to the extent permitted by data protection laws, from third parties or publicly accessible sources (e.g. commercial and association registers, press, media, Internet).

Data transfer to third countries outside the EU

All information that we receive from you or about you is generally processed on servers within the European Union. Your data will only be transferred to or processed in third countries without your express consent if this is provided for or permitted by law, if an adequate level of data protection is ensured in the third country or if contractual obligations exist through so-called standard data protection clauses of the EU.

With regard to data transfers to the USA, the European Commission has issued an adequacy decision called the EU-U.S. Data Privacy Framework, which ensures an adequate level of protection for the transfer of personal data by companies participating in the EU-U.S. Data Privacy Framework. If we use services that transfer personal data to the USA, the respective service will indicate whether the company is certified by the EU-U.S. Data Privacy Framework.

Forwarding of data, order processing

We never pass on your personal data to third parties without authorization. However, we may disclose your data to third parties in particular if you have consented to the disclosure of data, if the disclosure is necessary to fulfill our legal obligations or if we are entitled or obliged to disclose data due to legal provisions or official or court orders. In particular, this may involve the disclosure of information for the purposes of criminal prosecution, averting danger or enforcing intellectual property rights.

Under certain circumstances, we may also transfer your data to external service providers who process data on our behalf and in accordance with our instructions (processors) in order to simplify or relieve our own data processing. Each processor is bound by a contract in accordance with Art. 28 GDPR. This means in particular that the processor must provide sufficient guarantees that suitable technical and organizational measures are implemented by the processor in such a way that the processing is carried out in accordance with the requirements of the GDPR and the protection of your rights as a data subject is guaranteed. Despite commissioning processors, we remain the controller for the processing of your personal data within the meaning of data protection laws.

Purpose of data processing

We only use the data for the purpose for which it was collected from you. We may further process the data for another purpose unless this other purpose is incompatible with the original purpose (Art. 5 para. 1 lit. c) GDPR).

Storage duration

Unless otherwise specified in detail, we will only store the data collected from you for as long as is necessary for the respective purpose, unless statutory retention obligations prevent deletion, e.g. under commercial law or tax law.

Individual processing activities

In the following, we would like to show you as transparently as possible which of your data we process, on what occasion, on what basis and for what purpose.

Server log files

Each time a website is accessed and each time data is retrieved from a server, general information is automatically transmitted to the server providing it. This data transmission takes place automatically and is a fundamental component of communication between devices on the Internet.

The data transmitted by default includes the following information: Your IP address, product and version information about the browser and operating system used (so-called user agent), the website from which your access took place (so-called referer), date and time of the request (so-called timestamp). In addition, the http status and the amount of data transferred are recorded as part of this request.

This information is logged by the server, stored in a table and saved there for a short time (so-called server log files). By analyzing these log files, we can detect and subsequently eliminate errors on the website, determine the utilization of the website at certain times and, based on this, make adjustments or improvements and ensure the security of the server by being able to trace the IP address from which attacks on our server were carried out.

Your IP address is only stored for the duration of your use of the website and is then immediately deleted or made partially unrecognizable by shortening it. The remaining data is stored for a limited period of time (usually 7 days).

The legal basis for the use of server log files is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing). The legitimate interest arises from the necessity for the operation and maintenance of our website, as we have explained above. You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice. However, we would like to point out in advance that the processing of your data in server log files is mandatory within the meaning of Art. 21 para. 1 GDPR, as otherwise the website cannot be operated at all.

Cookies and web storage

We use so-called "cookies" or the "web storage" of your browser to improve the user-friendliness of our website.

Cookies

What cookies are

Put very simply, a cookie is a small text file that stores data about websites visited. Cookies can be used in many different ways. For example, they can store a kind of "user profile", i.e. things like your preferred language and other page settings that are required by our website in order to offer you certain services. The cookie file is stored on your end device and can also help to recognize you when you return to our website.

We may also be able to use cookies to obtain information about your preferred activities on our website and thus tailor our website to your individual interests or even increase the speed of navigation on our website.

How you can avoid cookies

You can delete cookies manually at any time in the security settings of your browser.

However, you can also prevent the storage of cookies from the outset by setting your browser accordingly. Please note, however, that you may then not be able to use all the functions of our website to their full extent or that errors may occur in the presentation and use of the website.

Cookies from third-party providers

It is possible that third-party providers, with the help of which we design and operate our website, in particular through so-called plugins (see below in the section "Third-party services"), may independently store their own cookies on your end device. If you only wish to accept our own cookies, but not cookies from these third parties, you can prevent the storage of these cookies by selecting the appropriate browser setting "Block third-party cookies".

Which cookies are used

Specifically, our website uses the following cookies:

Legal basis

The legal basis for the use of cookies that are absolutely necessary for the function of the website (e.g. shopping cart cookie, session cookie) is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing) and § 25 para. 2 no. 2 TDDDG (absolute necessity for the provision of a telemedia service expressly requested by the user). The legitimate interest arises from our need to be able to offer you a functioning website. Cookies are necessary for this because they are an integral part of current Internet technology and many functions of current websites would not be available without cookies. We therefore need cookies in order to be able to provide you with the website at your request.

You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice.

However, we would like to point out that the processing of your data in certain cookies is mandatory within the meaning of Art. 21 para. 1 GDPR, as otherwise the website cannot be operated at all and we do not have the technical possibility to prevent the setting of cookies on certain individual end devices. However, you may be able to do this yourself in your browser. For more information, please refer to the instructions for your browser.

Web Storage

What is Web Storage

Web storage is a technology for web applications that is used to store data in a web browser. In simple terms, web storage can be seen as a further development of cookies, but differs from them in a number of ways.

In contrast to cookies, which can be accessed by both server and client, web storage is controlled entirely by the client. This means that data is not transferred to the server each time the website is accessed. Access takes place exclusively locally via scripts on the website. In concrete terms, this means that third parties cannot access the stored information via the website. Only you and we can access the locally stored data.

Legal basis

The legal basis for the use of web storage, which is absolutely necessary for the functioning of the website, is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing) and Section 25 para. 2 no. 2 TDDDG (absolute necessity for the provision of a telemedia service expressly requested by the user). The legitimate interest arises from our need to be able to offer you a functioning website. Web storage is necessary for this because it is an integral part of current Internet technology and many functions of current websites would not be available without it. We therefore need web storage in order to be able to provide you with the website at your request.

You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice.

However, we would like to point out that the processing of your data in web storage may be mandatory within the meaning of Art. 21 para. 1 GDPR, as otherwise the website cannot be operated at all and we do not have the technical possibility to prevent its use on certain individual end devices. However, you may be able to do this yourself in your browser. For more information, please refer to the instructions for your browser.

Contact us

Our website offers opportunities to contact us directly.

We process the data you transmit to us exclusively until the respective purpose of your contact has been achieved, unless statutory retention periods prevent this. If the purpose of your contact is the assertion of data subject rights, the information in the section "Your rights as a data subject" applies.

The following data is processed as part of the contact form:

Name, e-mail address, telephone number if applicable, company and the content of the message.

The legal basis for the use of the data you provide to us by contacting us in the context of contractual or pre-contractual relationships or for answering (pre)contractual inquiries is Art. 6 para. 1 sentence 1 letter b) GDPR (data processing for the performance of a contract).

The legal basis for processing the data you transmit to us by contacting us in cases other than for contractual or pre-contractual purposes or inquiries is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing). Our legitimate interest in processing arises from our interest in responding to inquiries and maintaining user relationships.

You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice.

Registration area

Our website offers you the opportunity to register for additional, personalized functions of the site, in particular to gain access to our learning offer. During registration, personal data (e.g. e-mail address and name) is collected and processed for the purpose of providing personalized services.

For the Provide of our courses we use in the registration area may use third-party services, in particular the video service "Youtube" of Google Ireland Limited ("Google EU"), Gordon House, Barrow Street, Dublin 4, Ireland, and the video service "Vimeo" of the company Vimeo Inc. ("Vimeo"), 555 West 18th Street, New York, New York 10011, USA. These services are absolutely necessary for the completeness of the course offer, as it is not technically possible to provide the video content in an equivalent manner without the use of these services. You can find more information on these services below under "Third-party services".

You can provide the following information voluntarily:

Building project.

The legal basis for the data you voluntarily provide in the registration form is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing). Our legitimate interest arises from our need to offer users the opportunity to personalize their customer account by providing voluntary information and to receive suggestions for learning content tailored to you. You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice.

We require the following information from you in order to create a customer account:

First name, last name, profession, company name, user name, e-mail address, password.

The legal basis for the processing of mandatory data is Art. 6 para. 1 lit. b) GDPR (data processing for the performance of a contract and for the implementation of pre-contractual measures). Without this data, we cannot create a customer account for you, which you need in order to attend the courses.

You also have the option of changing or completely deleting the data provided during the registration process at any time.

Profile picture in the registration area

You can enter and save a profile picture of yourself directly on the website in your profile area. To do this, you must first register. Please refer to the information above on the "Registration area".

Learning.cpc-baulogistik.de requires access to your camera for this profile picture to function. The creation of a profile picture is not mandatory for the use of our website or the registration area. You can also use all the functions of our platform without a profile picture. It is also possible to create a profile picture by uploading a file from your end device.

The legal basis for the processing of profile picture data is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing). Our legitimate interest arises from our need to offer users an easy way to personalize their profile, to give a factual impression and to network. You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice.

You can also change or delete your profile picture yourself at any time.

Hosting services

Our website is hosted on servers of external providers in order to ensure the efficient and secure provision of the website.

Each time you visit the website, general information is automatically transmitted from your browser to the server (so-called server log files). For more information on this, see "Server log files" above.

The legal basis for the use of hosting services and the associated processing of your data is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing), unless otherwise stated for the respective service. The legitimate interest arises from our need for a technically flawless presentation of our website without requiring in-depth knowledge of website programming and IT system maintenance. You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice.

Third party services

We use third-party services/resources, such as plugins, external content, software or other external service providers (services), to simplify our data processing and to expand the functionality of our website. Personal data may also be transmitted to the service provider. In order to protect your data, we have contractually obliged the service providers, if necessary in accordance with Art. 28 GDPR, to process your data only in accordance with our instructions.

We expressly point out that we are regularly only responsible for the data collection and transmission by the service within the meaning of the GDPR, but not for any subsequent processing by the respective service provider.

Specifically, we use the following services:

Google services

Our website uses the following services of Google Ireland Limited ("Google EU"), Gordon House, Barrow Street, Dublin 4, Ireland. In the EU, this company represents Google LLC ("Google US"), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

By using the services, data is transmitted to Google EU and, under certain circumstances, from Google EU to Google US. The Google Group may process the transmitted data in order to create anonymized user profiles for statistical purposes. If you also have a Google account and are logged into it, Google can assign the transmitted data to your account - even across devices. In principle, we have no influence on this data processing. Google EU is therefore responsible for this data processing.

The company Google LLC fulfills the requirements of the "EU-U.S. Data Privacy Framework". The Privacy Framework Agreement regulates the protection of personal data that is transferred from a member state of the European Union to the USA. It ensures that the data transferred there is also subject to a level of data protection comparable to that of the European Union. You can access the list of certified companies here: https://www.dataprivacyframework.gov/s/participant-search.

You can find more information on the handling of user data in Google's privacy policy: https://policies.google.com/privacy.

The details of the concluded standard contractual clauses (guaranteeing the level of data protection in third countries) can be found here: https://support.google.com/adspolicy/answer/10042247?hl=de

You can manage your Google advertising settings on the following website: https://adssettings.google.com/?hl=de (This setting will be deleted when you delete your cookies)

We use:

YouTube with Google Fonts

Our website uses the video service "YouTube" from Google. YouTube is only used by us in the registration area, which you must register to use.

YouTube is used to integrate videos into our website at various points. This is necessary in order to fully convey our learning content and to make the course offering attractive. We require an external provider to provide videos in the learning area of the website, as local hosting on our servers is not efficient enough to offer all interested parties error-free and functioning videos.

In connection with YouTube, the external font service "Google Fonts" from Google. Google Fonts makes it possible to display our website in a uniform and appealing way, even with very differently configured user devices, by loading fonts from an external server instead of from the user's device.

When videos are played, the following information is generally transmitted to a Google server in the USA and stored there for several months: Your IP address, product and version information about the browser and operating system used (so-called user agent), the website from which your access took place (so-called referrer), the date and time of the request and possibly your internet service provider. YouTube uses this data, among other things, to collect statistics and to improve the service.

The service stores and analyzes cookies (see above under "Cookies") on your end device.

This service uses your browser's web storage. You can find more information on this in the "Web storage" section above.

In order to ensure an adequate level of data protection when transferring data to the USA, we have concluded EU standard contractual clauses in the "Controller to Processor" variant with Google Ireland Limited.

The legal basis for the use of YouTube is Art. 6 para. 1 sentence 1 letter b) GDPR (data processing for the performance of a contract and for the implementation of pre-contractual measures).

Content Delivery Networks

Our website uses so-called Content Delivery Networks (CDN). A CDN is a network of powerful servers that cache content at various locations around the world. A CDN essentially has two tasks: firstly, to provide content in the shortest possible time and secondly, to relieve the web host by distributing the data traffic.

CDNs transmit two types of content: Static and dynamic content. Static content is received by all website visitors in the same form, such as video content from streaming services or code frameworks (e.g. Javascript, jQuery). Dynamic content is first adapted to the user and only created at the moment of the request. This includes content that takes place via web applications, e-mail or online stores and is personalized. In order to be able to use the latter, information about the website visitor must first be transmitted to the CDN. This may also involve the transmission of your personal data.

Each time you access the application, general information is automatically transmitted from your browser to the server (so-called server log files). For more information, see "Server log files" above.

The legal basis for the use of CDNs and the transfer of your data to them is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing), unless otherwise stated for the respective service. The legitimate interest arises from our need for a technically flawless and fast presentation of our website and the relief of our IT infrastructure. You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice.

We use:

Cloudflare

We use the CDN service of the company Cloudflare Inc. ("Cloudflare"), 101 Townsend St., San Francisco, California 94107, USA.

The company Cloudflare Inc. fulfills the requirements of the "EU-U.S. Data Privacy Framework". The Privacy Framework Agreement regulates the protection of personal data that is transferred from a member state of the European Union to the USA. It ensures that the data transferred there is also subject to a level of data protection comparable to that of the European Union. You can access the list of certified companies here: https://www.dataprivacyframework.gov/s/participant-search.

You can find more information on the handling of user data in Cloudflare's privacy policy: https://www.cloudflare.com/security-policy/.

Media services

We use certain services to fill and supplement our website with digital content. For this purpose, we generally use the integration functions of external platforms. When the content is retrieved from the provider's server, data is transmitted to the provider and usually stored there, e.g. your IP address, product and version information about the browser and operating system used (so-called user agent), the website from which you accessed the website (so-called referrer), the date and time of the request and, if applicable, your Internet service provider. For more information, see above under "Server log files".

We use:

Vimeo

Our website uses the video service "Vimeo" from Vimeo Inc. ("Vimeo"), 555 West 18th Street, New York, New York 10011, USA. Vimeo is used to integrate videos into our website in various places. When you visit our website, which is equipped with a Vimeo plugin, a connection to the Vimeo servers is established. Information, e.g. your IP address, product and version information about the browser and operating system used (so-called user agent), the website from which you accessed our website (so-called referrer), the date and time of the request and, if applicable, your Internet service provider, is transmitted to Vimeo. Vimeo can also track your interactions with the plugin. If you have a Vimeo user account and are logged into it on the same device, your visit to our website will be assigned to your user account. If you wish to avoid this, you can log out of your user account before visiting our website and delete the cookies set by Vimeo.

The company Vimeo, Inc. fulfills the requirements of the "EU-U.S. Data Privacy Framework". The Privacy Framework Agreement regulates the protection of personal data that is transferred from a member state of the European Union to the USA. It ensures that the data transferred there is also subject to a level of data protection comparable to that of the European Union. You can access the list of certified companies here: https://www.dataprivacyframework.gov/s/participant-search.

You can object to the use of non-essential cookies by Vimeo by unchecking the box at the bottom of the following page (opt-out): https://vimeo.com/cookie_policy.

You can find more information on the handling of user data in Vimeo's privacy policy at https://vimeo.com/privacy.

Youtube

Our website uses the "Youtube" service provided by Google. See the data protection information above.

Status of the privacy policy: 14.11.2023
Source: Süddeutsche Datenschutzgesellschaft mbH