1. Who is responsible for personal data processing and who can I contact?
Contact Details- Data Protection Officer:
Berlin Metropolitan School gGmbH
Linienstraße 122, 10115 Berlin
Tel: +49 30 2196 4390
2. To whom does the Data Protection Policy apply?
This data protection policy is for visitors of our website, in particular for those interested in our programs and offers, as well as those who use our programs and offers, or those parties interested in learning more about Berlin Metropolitan School gGmbH.
3. What personal data does BMS use?
Our website can be visited without providing an identity or personal information. If you send us an email or submit a contact form to us, we will use your email address exclusively for this correspondence with you.
Job Applications and Job Advertisements
Berlin Metropolitan School gGmbH collects and processes personal data from applicants in order to carry out the application process and the ensuing steps for employment justification (according to paragraph 26 of BDSG). Processing can take place either via post or via electronic communication. If application documentation is sent to us, either via email or via a contact form from the website, we will send this information to the responsible point person for further processing.
If an employment contract is issued by the responsible point person with an applicant, this provided data will be used and saved for the completion of the employment process, in line with the lawful regulations. In the event that no employment contract is issued to the applicant, the application documentation will be automatically erased two months after the decision of employment has been communicated, in the event that a deletion works against a legitimate interest of the responsible point person, or if we agree to saving the data long-term, for future job advertisements as an example, with the applicant. A valid interest case would be in this sense and as an example, a burden of proof in a proceeding in line with the General Equal Treatment Act (Allgemeinen Gleichbehandlungsgesetz (AGG)).https://schroleconnect.com.
4. What is your data used for and on what legal basis do we use your data?
We process your personal data in accordance with the EU General Data Protection Regulation (DS-GVO) and the Federal Data Protection Law (BDSG). Please be aware of the information regarding your right to lodge a claim against an issue, in line with Article 21 DS-GVO.
a) For the fulfillment of contractual obligations (Art. 6 Abs. 1b EU DS-GVO)
The processing of personal data occurs for the realization of our offers, as well as the realization of pre-contract measures, that apply to your inquiry.
b) Due to your consent (Art. 6 Abs. 1a EU DS-GVO)
Insofar as you have submitted your consent to process personal data for specific reasons (e.g. use of your photos, etc.), the legality of this personal data processing happens on the basis of your consent. A granting of consent can be retracted at any time. Please be advised that the retraction ist valid only for the future. Processing, which occurred before the retraction, does not fall under that claim.
c) In the context of the protection of our legitimate interests (Art. 6 Abs. 1f EU DS-GVO)
Where required, we process your personal data from the actual completion of the contract to the protection of our legitimate interests or third parties. Examples:
- Claim of a lawful right and defence of lawful disputes
- Guarantee of a IT Safety and Security Measures
- Statistical purposes
5. Who has access to your data?
Within BMS, only those positions that require your data for the protection of our legitimate interests or for the fulfillment of our contractual and legal obligations receive access to your data. Service providers used by us can also use data for the fulfillment of the described reasons when they fulfill the legal data protection confidentiality requirements.
6. Is data sent to third-party countries?
A data transfer to countries outside of the European Union, as well as to countries in the European Economic Area, does not take place.
7. How long is my data stored?
We process and save your personal data as long as needed for the fulfillment of our contractual and legal obligations. In the event that the data is no longer required for the fulfillment of legal or contractual requirements, this data will be deleted regularly, unless the continued use of this data-with a time limit-is for the fulfillment of a legally-required retention period, as for example, with the Code of Commercial Law or the General Tax Code.
8. What data protection rights do I have?
You have the right to information based on Article 15 DS-GVO, the right to correction pursuant to Article 16 DS-GVO, the right to deletion as per Article 17 DS-GVO, the right to the restriction of processing under Article 18 DS-GVO, the right to objection from Article 21 DS-GVO as well as the right to data portability from Article 20 DS-GVO. Furthermore, there is the right to appeal to the data protection supervisory authorities (Article 77 DS-GVO in conjunction with § 19 BDSG [a federal data protection act]). A list of data protection supervisory authorities as well as their contact information is available at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
The data protection supervisory authority responsible for BMS is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragter für Datenschutz und Informationsfreiheit), Friedrichstr. 219, 10969 Berlin, Tel.: 030/13889-319, mailbox(at)datenschutz-berlin.de.
A granting of consent for the processing of personal data can be retracted at any time. Please be advised that the retraction applies only to future cases. Data processing which occurred before the retraction does not apply in this case. Please contact our data protection officer at the aforementioned contact to exercise your rights and to pose questions related to data protection.
10. Is there an automated decision-making including profiling?
As a general rule we do not use automated decision-making including profiling, according to Article 22 EU DS-GVO. In the specific case that we would use profiling for specific marketing in the context of our public relations work, we will inform you separately.
11. Information regarding your right of objection, according to Article 21 EU DS-GVO
a. Individual Right of Objection
You have the right, for reasons which stem from your particular situation, to lodge a claim against the processing of your personal data. A prerequisite for this case is that the data processing is in the public interest or on the basis of legitimate interests. This is also applies to profiling.
In the case of a claim lodge against the use of personal data, we will no longer process your personal data, unless we can prove compelling, protection-worthy reasons for the processing of this data that outweigh your interests, rights or freedoms. Or your personal data serves to enforce, exercise, or in thte defense of lawful claims.
b) Lodging a claim in objection of the use of your data for public relations work
In individual cases we use your personal data for our public relations work. You have the right to lodge a claim against this use at any time; this is also valid for profiling when it has a connection with direct advertising. In the event that a claim is lodged, we will not longer process your personal data for this use. The claim of objection can happen without a standard form and should be sent to the aforementioned address of our data protection officer as soon as possible.
12. Which data is processed when using the web page?
a) User related information
When our web pages are accessed, we obtain usage data. This includes, for example, information regarding screen resolution, browser version, internet access, operating system, language, used plugins, origin in terms of country/region and search engines. The stored data is only evaluated for statistical purposes. The data will not be shared with third parties and no user-related evaluation will be carried out.
To some extent, the internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve the purpose of making our services more user-friendly, more effective and safer. Cookies are small text files that are placed on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies.” These are automatically deleted at the end of your visit. Other cookies remain on your computing device until you delete them. These cookies enable us to recognize your browser at your next visit. You can configure your browser in such a way that you will be notified about the placement of cookies and to only allow cookies on an individual basis, to exclude the acceptance of cookies either for specific cases or on a general basis, and to activate the automatic deletion of cookies when closing the browser. The deactivation of cookies may restrict the functionality of this website. Cookies that are necessary for the electronic execution of the communication process or to provide specific functions you request are stored on the basis of Article 6, paragraph 1(f) of the GDPR [General Data Protection Regulation]. The website owner has a legitimate interest in the storing of cookies in order to offer services that are free of technical errors and are optimized. Provided that other cookies (e.g. cookies that analyze your surfing behaviour) are stored, these are handled separately in this data protection statement.
13. How safe is my data?
In order to protect the personal data of our customers and prospects, we use a safe online transfer method, the so-called “Secure Socket Layer” (SSL) transfer. All information transferred with this safe method is encrypted before it is sent. Your personal data is only processed on computer centres and computers that are security technology protected and are in accordance with industry standard (e.g. firewalls, password protection, access control, etc.).
14. Third-party modules and analysis tools
14.1 Plugins and tools
This website uses plugins from the Vimeo video portal. The provider is Vimeo Inc., West 18th Street, New York, New York 10011, USA. When you visit one of our pages equipped with a Vimeo plugin, a connection to Vimeo’s servers is established. In the process, the Vimeo server is told which of our pages you visited. In addition, Vimeo acquires your IP address. This also applies when you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the USA. If you are logged in to your Vimeo account, you enable Vimeo to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your Vimeo account. Further information about the handling of user data can be found in Vimeo’s data privacy statement: https://vimeo.com/privacy.
So that you can better find us, we have integrated maps from Google Maps. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the features of Google Maps, it is necessary to save your IP address. This information is generally transmitted to and saved on a Google server in the USA. The provider of this page has no influence on this data transfer. The use of Google Maps is in the interest of providing an attractive presentation of our online offerings and an easy findability of the places we have identified on the website. This constitutes a legitimate interest within the meaning of Article 6, paragraph 1 (f) of the EU GDPR (General Data Protection Regulation). Further information about the handling of user data can be found in Google’s data privacy statement: https://www.google.de/intl/de/policies/privacy/.
14.2. Analysis Tools
This website uses features of the web analysis service Google Analytics. The provider of this feature is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies.” These are text files that are stored on your computer and allow for an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics cookies are stored on the basis of Article 6, paragraph 1 (f) GDPR. The website operator has a legitimate interest in analyzing user behaviour in order to optimize both its website as well as its advertising.
We have activated the IP anonymization feature on this website. Therefore, Google will shorten your IP address within the member states of the European Union or in other contracting states of the European Economic Area Agreement before it is transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google Server in the USA and shortened there. On behalf of the operators of this website, Google will use this information to evaluate your use of the website, to compile reports about website activities, and to deliver further services related to website and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by selecting the appropriate settings on your browser software; please note that by doing so, you may not be able to make full use of several functions of this website. Furthermore, you may prevent Google from collecting the data generated by the cookie and data based on your use of the website (including your IP address) as well as the processing of this information by Google by downloading and installing the browser plugin available at the following: https://tools.google.com/dlpage/gaoptout?hl=de.
Opposition to data collection
You can prevent the collection of data by Google Analytics by clicking on the following link. This will set an opt-out cookie, which will prevent the collection of your data during future visits to this website: deactivate Google Analytics. More information about the handling of user data by Google Analytics is available in Google’s data privacy statement: https://support.google.com/analytics/answer/6004245?hl=de.
Contract data processing
We have concluded a contract with Google for contract data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic characteristics with Google Analytics
This website uses the “demographic characteristics” function of Google Analytics. Through this feature, reports can be generated that include statements with regard to the age, gender and interests of page visitors. This data is generated from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be matched to any particular person. You can deactivate this function at any time through the display settings in your Google account, or you can generally prohibit the collection of your data by Google Analytics in the same way as described in the above point, “Opposition to data collection.”
14.3. Sharing content through plugins (Facebook, Google +1, Twitter & Co.)
Our internet pages may contain so-called social plugins (“plugins”) of the social networks facebook.com, twitter.com, xing.com, linkedin.com, pinterest.com, addthis.com, reddit.com and plus.google.com.
To increase the protection of your data when visiting a one of our websites online, the plugins are integrated into the site through so-called “2-click” or “Shariff” solutions. This integration ensures that a connection is not immediately established with the servers of Facebook, Twitter, Xing, LinkedIn, Pinterest, AddThis, Reddit and Google+ when a web page is called up that includes such plugins. Only when you activate the plugins and thereby give consent for data transmission does your browser establish a connection with the servers of Facebook, Twitter, Xing, LinkedIn, Pinterest, AddThis, Reddit and Google+. The content of each particular plugin will be directly transmitted to your browser and integrated into the page. The plugin then transmits data (including your IP address) to the operators of the named social networks.
We have no influence over the scope of the data that the social networks gather with the help of the plugin. As far as we know, Facebook, Twitter, Xing, LinkedIn, Pinterest, AddThis, Reddit and Google+ obtain, in any case, information about which of our web pages you are currently using and which pages you accessed previously.
By calling up the plugins, Facebook, Twitter, Xing, LinkedIn, Pinterest, AddThis, Reddit and Google+ also obtain the information that your browser has visited the relative page of our website if you do not have a profile with the respective social media network or are not currently logged in. This information (including your IP address) will be directly transmitted from your browser to a server of the operators of Facebook, Twitter, LinkedIn, Pinterest, AddThis, Reddit and Google+ in the USA and stored there. With Xing, the data is stored in Germany. The information may possibly be made public in the respective social network and displayed there to your contacts.
To learn more about the purpose and extent of data collection and the further processing and use of data by the mentioned social networks as well as your therewith related rights and setting options for the protection of your personal privacy, please refer to the data protection information available at
http://www.facebook.com/policy.php, https://twitter.com/privacy, http://www.google.com/intl/de/+/policy/+1button.html, https://www.xing.com/privacy, https://www.linkedin.com/legal/privacy-policy, https://about.pinterest.com/de/privacy-policy, https://www.addthis.com/privacy/privacy-policy, https://www.reddit.com/help/privacypolicy
If you are a member of one of the social networks and would like to limit the collection of data through our web pages as well as the merging of your user information with the data stored about you in the respective social network, you should log out of the social network before visiting our website.