1. Collection and processing of personal data when you visit our website
The subject of data protection is personal data. This is all information related to an identified or identifiable natural person (so-called data subject). This includes, for example, details such as name, postal address, email address, or telephone number, but also information that necessarily arises during the use of our website, such as details about the beginning, end, and extent of service and your IP address.
We process personal data in compliance with the relevant data protection regulations. This means that your data will only be processed by us if you have given your consent or if we are legally permitted to do so, e.g., if data processing is necessary to provide our contractual services (e.g., processing of bookings) or is required by law, or based on our legitimate interests as defined in Art. 6 (1) f) DSGVO (e.g., our interest in analyzing, optimizing and securely operating our online offering).
We take appropriate technical and organizational security measures following the state of the Art to ensure that the data protection regulations are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. These security measures also include that your data is transmitted to us via a secure connection in encrypted form.
2. Collection and processing of personal data when you visit our website
When you visit our website, you are generally not required to provide any personal information, i.e., all information is voluntary. When you visit the website, and each time you retrieve a file, our web server collects log information about these processes (browser type, date and time of retrieval, referrer URL, operating system used, IP address of the requesting computer, domain name, type of event, amount of data sent, functions used). We cannot assign this data to a specific natural person.
We only collect and evaluate the data for statistical purposes. We process this data based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) DSGVO, namely to provide and display the website, to ensure and maintain technical operation, to identify and eliminate malfunctions, and for security reasons (e.g., to investigate cases of abuse or fraud). We do not use this data to conclude your identity. The collected information is usually deleted after a few days unless we need it longer for the abovementioned purposes. We delete the data immediately after the purpose ceases to apply in such a case.
In addition to the purely informational use of our website, we offer various offers and functions that you can use if you are interested. For this purpose, you usually have to provide further personal data, which we use to provide the respective service as described in more detail below.
3. Account for the training portal and booking of training
You can log in to the training portal via our website or book training courses directly online. It is not necessary for you to have an account for the training portal and/or to be logged in there to book a training. We will send you the corresponding certificates via the training portal, especially after the training courses you have completed. As a rule, you will receive your individual access data for the training portal when or after attending a training course you have booked. We use the data processed within the framework of the training portal based on Art. 6 Para. 1 lit. b) and f) DSGVO to create your profile, to identify you each time you log in, and to be able to provide you with the services offered on our website requiring registration. We delete this data as soon as the purpose for which it was collected no longer applies, particularly if you delete your account with us again and no other legal basis requires us to store it for longer.
If you would like to register for a training course on our website, it is necessary to conclude the contract that you provide your data, which we need to process your booking.
This involves the following data:
- Surname, first and last name
- Address and email address
- Company name and billing address
We process the data you provide to process your booking and carry out the training you have booked. Accordingly, the data processing is carried out to fulfill the contract based on Art. 6 Para. 1 lit. b) DSGVO. Further details, such as date of birth, telephone number, etc., are optional or voluntary. We may also process the contact details you provide in the context of a booking to inform you about other training or other services from our portfolio that may be of interest based on your previous bookings. In this respect, the data processing is based on our legitimate interests within the meaning of Art. 6 (1) f) DSGVO in maintaining and expanding our customer relationships. You can object to using your contact data for this purpose at any time, as described below. Your data will only be passed on to third parties if necessary to process the contract or if you have previously consented to the transfer.
4. Contact form
You can contact us by email or via a contact form, e.g., to arrange a consultation with us. The mandatory information on our contact form is marked with an “*”. We will process your details to process your contact inquiry and handle it by Art. 6 Para. 1 lit. b) DSGVO and may also be passed on to affiliated companies or third parties in this context. In this respect, we may also store the information in our Customer Relationship Management (CRM) system. We delete the data you have provided as soon as the purpose for which it was collected ceases to apply entirely, and no other legal basis intervenes (e.g., further processing of the data is or becomes necessary for the performance of a concluded contract). If there are legal retention obligations, we will only delete the data after the relevant periods have expired.
5. Blog posts
In our blog section, you have the option to leave comments on individual posts. Please note that comments and posts are visible to everyone when using this function. Therefore, you should check your posts carefully before publishing them to ensure that they do not contain information that is not intended for the public. Please also avoid sharing any personal data that concerns you or third parties in your comments. You must expect your contributions to be recorded in search engines and retrieved worldwide even without specifically calling up our website.
Based on our legitimate interests in efficient, secure, and user-friendly comment management following Art. 6 para. 1 lit. f) DSGVO, we use the DISQUS service, which is offered by DISQUS Inc, 301 Howard St, Floor 3 San Francisco, California- 94105, USA. DISQUS is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection law. To use the DISQUS comment function, users can register via their DISQUS user account or an existing social media account (e.g., Facebook, Twitter). In this case, the user’s login data is obtained by DISQUS from the platforms. It is also possible to use the DISQUS comment function as a guest without creating or using a user account with DISQUS or one of the specified social media providers.
Users enter into a direct contractual relationship with DISQUS, in which DISQUS processes the users’ comments and is the direct contact for any deletion of the users’ data. In this regard, we refer to the data protection declaration of DISQUS at https://help.disqus.com/terms-and-policies/disqus-privacy-policy.Neben. As far as we are aware, DISQUS also stores the IP addresses of the users and the time of the comment.
When users leave comments or other contributions, their IP addresses may be stored by us based on our legitimate interests within the meaning of Art. 6 (1) lit. f. DSGVO. This is done for our security if someone leaves unlawful content in comments and posts (insults, etc.). In this case, we can be prosecuted for the comment or post and are therefore interested in the author’s identity.
To register for our newsletter, you must enter your name and email address. We only send newsletters after corresponding registration, i.e., with your consent based on Art. 6 para. 1 lit. a) DSGVO. Our newsletter contains information about our offers and services and our company.
To prevent misuse of your email address, registration for the newsletter is carried out through the so-called double-opt-in procedure, i.e., after your registration, you will receive an email in which you are asked to confirm your registration. We log the signup for the newsletter to prove the registration process following the legal requirements and to be able to prevent or clarify any misuse of your personal data. Accordingly, the logging of the registration process is based on our legitimate interests according to Art. 6 para. 1 lit. f) DSGVO. You can revoke your consent to receive our newsletter at any time, by unsubscribing from the newsletter. You will find an unsubscribe link to exercise this right at the end of each newsletter. If you have only subscribed to our newsletter, your personal data will be deleted again if you unsubscribe.
The newsletter is sent using the MailChimp dispatch service provider, a newsletter dispatch platform of the US provider Rocket Science Group LLC. You can view the data protection provisions of the dispatch service provider here: https://mailchimp.com/legal/privacy/. Rocket Science Group LLC is certified under the Privacy Shield agreement and thus guarantees compliance with European data protection law. We use the shipping service provider on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f) DSGVO and an order processing agreement.
Our internet pages use so-called cookies. These serve to make our offer more user-friendly. Cookies are small text files stored on your computer and saved by your browser on your hard drive. Cookies make it possible to evaluate the use of the website in anonymized or pseudonymized form, e.g., for needs-based advertising and market research. It is impossible to conclude a specific person when evaluating the cookie data because the usage profiles are not merged with the data of the bearer of a pseudonym. Cookies do not cause any damage to your computer and do not contain viruses. You have the option of preventing cookies from being stored on your computer by making the appropriate browser settings, although this may restrict the range of functions offered by our website. You can delete cookies that have already been set on your end device at any time using the browser functions provided for this purpose. You can find details on this in the individual instructions for your browser.
8. Use of Google Analytics
9. Use of Google DoubleClick
We use the Google DoubleClick service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website. We use this online marketing method to place ads in the Google advertising network (e.g., in search results). DoubleClick is characterized by the fact that ads are displayed in real-time based on the presumed interests of the users. When our website and other websites on which the Google advertising network is active are called up, a code is executed by Google, and so-called (re)marketing tags are integrated into the website. With their help, an individual cookie is stored on the user’s device, in which it is noted which web pages the user has visited, as well as technical information on the browser and operating system, referring web pages, time of visit and other information on the use of the online offer. The user’s IP address is also recorded, whereby this is shortened within the Member States of the European Union or another contractual state of the agreement on the European Economic Area and only in exceptional cases is transferred in total to a Google server in the USA and only shortened there. The user data is processed pseudonymously within the Google advertising network, i.e., Google does not store and process the name or email address of the user but processes the relevant data on a cookie basis within pseudonymous user profiles. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization.
10. Integration of YouTube videos
We have integrated YouTube videos on our website, which are hosted by YouTube but can be played directly from our website. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The videos are all integrated into “extended data protection mode, i.e., that – at least according to YouTube or Google – no data about you as a user is transmitted to YouTube or Google if you do not play the videos. Data is only transmitted when you play the videos; we do not influence this data transmission. If you do not wish the information collected and transferred to be associated with your YouTube or Google profile, you must log out before playing the video. YouTube or Google stores your data as user profiles and uses them for advertising, market research and/or tailoring their offers to suit your needs.
Further information on data processing and notes on data protection by YouTube and Google can be found at http://www.google.de/intl/de/policies/privacy/.
11. Google reCAPTCHA
12. Use of Google Adwords
13. Storage period
The storage period of personal data can be found in the respective description of the corresponding offer or service. In addition, or unless otherwise stated in the respective description of the offer or service, the following applies in general: We store your data only if this is necessary for the fulfillment of the processing purposes or – in the case of consent – as long as you have not revoked your consent. In the event of an objection, we will delete your data unless its further processing is permitted under the relevant legal provisions. We also delete your data if we are obliged to do so for legal reasons. If and as long as there are legal obligations to retain data, we will delete the data only after the relevant periods have expired.
14. Transfer of personal data
Only those persons have access to personal data that require this for our company’s individual stated purposes. We will only pass on your data to external third parties if this is necessary for the processing or handling your request if another legal permission exists or if we have your consent for this. External recipients can be, in particular, affiliated companies or external service providers that we use as our order processors for the provision of services, for example, in the areas of technical infrastructure and maintenance of our website. These processors are carefully selected and regularly audited by us. They may only use the data for the purposes specified by us and following our instructions. Furthermore, it is possible that we have to transmit personal data to authorities and state institutions, such as public prosecutors, courts, or tax authorities, for legally compelling reasons. In this respect, the transmission takes place based on Art. 6 para. 1 lit. c) DSGVO.
If data is transferred to bodies whose registered office or place of data processing is not located in a member state of the European Union or another state party to the agreement on the European Economic Area, we will ensure prior to the transfer that, outside of exceptional cases permitted by law, either an adequate level of data protection exists at the recipient’s premises (e.g., by means of an adequacy decision) or that the recipient’s data is processed in an adequate manner. (e.g., through an adequacy decision of the European Commission, through suitable guarantees such as self-certification of the recipient for the EU-US Privacy Shield or the agreement of so-called EU standard contractual clauses with the recipient) or your consent to the data transfer has been given.
15. Data subject rights
As a data subject, you have numerous rights available to you. In detail, these are:
- Right to information: You have the right to obtain information about the data we your data stored by us.
- Right to rectification and deletion: You can demand that we correct incorrect data and delete your data.
- Restriction of processing: You can demand that we restrict the processing of your data.
- Data portability: If you have provided us with data based on a contract or consent, you can request that you receive the data you have provided in a structured, common, and machine-readable format or that we transfer it to another controller.
- If we process your data based on legitimate interests (Art. 6(1)(f) DSGVO) or for the performance of a public task (Art. 6(1)(e) DSGVO), you may object to the processing of your data on grounds relating to your particular situation. You also have the right to object to data processing for direct marketing purposes.
- Revocation of consent: If you have given us consent to process your data, you can revoke this consent at any time with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected.
- Right to complain with the supervisory authority: You can also complain with the competent supervisory authority if you believe that the processing of your data violates applicable law. You can do this by contacting the data protection authority responsible for your residence or country or the data protection authority responsible for us.
The rights described above are only available to you on the condition that the applicable legal requirements are met, even if this is not explicitly mentioned in the above description. If you have any questions about the processing of your data, your data subject rights, and any consent you may have given, you can contact us free of charge. To exercise any of your rights mentioned above, please contact us at firstname.lastname@example.org or by post at the address given above. Please ensure that we can clearly identify you.
From time to time, it may be necessary to amend the content of this privacy notice. We, therefore, reserve the right to amend it at any time. We will also publish the amended version of the data protection information here. The current version of our data protection statement.
Please address your concerns to the following address:
QLab Think Tank GmbH
c/o Casino Futur UG
Auf den Häfen 6
28203 Bremen / Deutschland D-60327
Telefon: +49 (0)179 149 6880
CEOs: Boris Gloger, Andrea Kuhfuss
Trade Register/HRB 169914 – Amtsgericht Hamburg
7. February 2022