Fellowship Privacy Policy

The protection of your data is of particular concern to us. With this privacy policy, we want to inform you about the processing of your personal data and how we comply with the requirements of the EU General Data Protection Regulation ("GDPR"), the German Federal Data Protection Act ("BDSG") and the German Telecommunications Telemedia Data Protection Act ("TTDSG") on our fellowship hub.

"Personal data" within the meaning of this Privacy Notice is all information that can be used to establish a connection to a person. For example, on the basis of certain characteristics that allow conclusions to be drawn about the identity (e.g. the assignment of an IP address to a specific person by querying the connection with an Internet service provider). We use the term "personal data" in this Privacy Notice as it is defined in Art. 4 No. 1 GDPR.

ada Learning GmbH
Graf-Adolf-Platz 15
40213 Düsseldorf
Deutschland
E-Mail: hello@join-ada.com

Our Data Protection Officer,

Clandestine GmbH
Dornberger Straße 27
33615 Bielefeld
www.clandestine.de

can be reached via post under the above address or via email under privacy@join-ada.com.

In order for our fellowship hub to work, some data must necessarily be transmitted to us, such as your IP address. Without this, the provision of websites would not work. In addition, there are a number of optional processing operations, especially if you voluntarily allow us to collect pseudonymized statistics via cookies.

In detail:
‍

We collect data that is necessarily collected when you visit our fellowship hub (see a.). We also process data after you have given your consent (see b.).

‍

a) Data that is necessarily collected when you visit our fellowship hub

When you visit our fellowship hub, the following data is collected for technical reasons in order to enable its functionality. Some of this data is personal data. These are then stored for a short time in a server log file:

• IP address of the request;
• Name of the retrieved file;
• Name/type of your web browser;
• The operating system you are using;
• if applicable, a referrer URL (this is the URL of the website from which you reached our fellowship hub when you clicked on a link); and
• Timestamp of the retrieval.

‍

b. Data that is processed when consent is given

Like many other website operators, we would like to compile pseudonymized statistics primarily to measure the access figures and usage time of our fellowship hub so that we can improve the attractiveness of it and make the content interesting for our target group. However, we only use the tools used for this if you give us your consent to do so. For reasons of clarity, we have regulated the topic of cookies and other technologies in a separate section of this Privacy Notice. You can find this below under point 6.

For all data processing that allows our fellowship hub to work properly in the first place, we can process the necessary data without asking for your consent. If you are an individual fellow (i.e. you are not participating in the Fellowship via an organization), we are fulfilling a contract with you by making the Fellowship Hub available to you; for fellows sent by their organization, we can rely on our legitimate interest. For all other data processing beyond this, we must obtain your prior consent.

‍

In detail:

According to the applicable data protection laws, we may only process personal data if there is a legal basis for doing so. In the following, we describe the purposes for which we process the data mentioned in section 2:

‍

a. Data processing based on your consent (Art. 6 (1) (a), Art. 7 GDPR)

If you give your consent to all or certain data processing via our Consent Management Tool: for example, if you consent to pseudonymized tracking measures being carried out or third-party technologies being displayed (e.g. a video on a third-party platform), you expressly consent to the processing of your personal data. For details, please refer to Section 6 of this Privacy Notice.

‍

b. Data processing based on the fulfillment of a contract (Art. 6 (1) (b) GDPR)

We provide our contractual services to individual fellows, i.e. our customers who enter into fellowship contracts with us themselves - for example student fellows - by making our Fellowship Hub available. We can therefore rely on the fulfillment of this contract for all data processing that is necessary for this purpose.

‍

c. Data processing based on legitimate interests (Art. 6 (1) (f) GDPR)

For all Fellows who have not entered into a contract with us themselves, but were sent by their organization, for example, we provide the Fellowship Hub primarily to fulfill the contract with your company. The data processing that is carried out when using the Fellowship Hub is based on our legitimate interest. Otherwise, we would not be able to properly fulfill our contract with your companies.

The fundamental rights and freedoms of website visitors as data subjects do not prevail here, as the personal data processed are those that are inevitably collected for technical reasons when any website is accessed. It would only be necessary to draw conclusions about specific persons with additional knowledge that is not readily available (e.g. to draw conclusions about a possible user from a specific IP address via an Internet service provider).

We also use service providers as data processors, e.g. our web host and our content delivery network provider. As these are data processors (see section 5 for more details), no separate legal basis is required for this.

Our fellowship hub is stored on a server of a professional web hosting provider. We also use the services of a content delivery network (CDN) to deliver content more efficiently and to protect our fellowship hub from DDoS attacks. As a result, data is also transmitted to these service providers each time it is accessed and delivered by these service providers. Your data will also be transferred to other countries outside the European Union, but we have ensured that it is still adequately protected.

‍

In detail:

a. Web hosting provider

We do not host our fellowship hub on our own server, but use a web hosting service provider. This is Hostzero GmbH, Möhnestr. 55, 59755 Arnsberg, Germany.

b. Content delivery network

We use a so-called content delivery network to deliver the content of our fellowship hub more efficiently and to protect it from so-called distributed denial of service attacks (DDoS). This means that parts of the content are stored on other servers and retrieved from there, usually from geographically nearby servers. We use Cloudinary Ltd, 3400 Central Expressway, Suite 110, Santa Clara, USA, as our provider. This is a data processor with whom we have entered into a data processing agreement in accordance with Art. 28 GDPR. Parts of the data processing take place in the USA. The USA is a third country within the meaning of the GDPR, as it is located outside the European Union and the European Economic Area. The provider Cloudinary is certified under the EU-U.S. Data Privacy Framework, so there are suitable guarantees for data transfer to this provider in the USA.

Like many other website providers, we use various third-party services, e.g. to collect pseudonymized statistics or to integrate content from these third-party providers on our fellowship hub. For the most part, these are Cookies and Pixels, which we only use with your consent. Some of it is content that is loaded from other sites (e.g. fonts). Information on this can be found in the overview in this section and, with regard to individual Cookies and Pixels, in the settings of our Consent Management Tool.

During the fellowship, we will also interact with you outside the fellowship hub via software providers (e.g. digital whiteboards). These providers may then also receive personal data from you.

‍

In detail:

Cookies are files that are stored in the browser environment on your terminal device (e.g. PC, Mac, Android smartphone, iOS smartphone) and in which information about you and the use of the fellowship hub is stored.

‍

We use cookies and pixels for the following purposes

• Improving user-friendliness ("performance cookies"): These cookies store user preferences (e.g. language settings) in order to display the fellowship hub as usual when you use it again;
• Statistics: We want to collect pseudonymized statistics (i.e. statistics that cannot easily be traced back to the person behind them) about the use of the fellowship hub so that we can draw conclusions about usability and attractiveness;
• Marketing: Marketing cookies can be used to record user preferences across websites. This allows us, for example, to display targeted advertising on other websites that are connected to the same advertising network
• We use a cookie consent management tool with the help of which we obtain consent for tracking measures
• We also use the following types of other third-party technologies that embed data from other sources on our fellowship hub:
• Map services: We use the map service Maps from Google Inc ("Google"). The use of Google's map service results in some of Google's services being loaded via our fellowship hub after activation.
• Fonts: We use Google's Fonts service to integrate fonts on our fellowship hub that are not stored locally on the web space.
• Videos: We use the service Brightcove from Brightcove, Inc. and YouTube from Google to embed videos on our Fellowship Hub.
• Audio/Podcast: To integrate audio files such as podcasts, we use the audio hosting service provider Podigee from Podigee GmbH.

The above-mentioned third-party services are also either controlled by the consent management tool (i.e. only loaded when you give your consent there), or you must confirm that the service is loaded by clicking at the place of integration (e.g. at the place where the Google Maps are to be integrated).

During the fellowship, we will also collaborate in other formats, leaving the Fellowship Hub platform. We will use a number of tools from different providers. Depending on the type and scope of use, these providers may receive personal data from you. Some of this may only be metadata (e.g. IP addresses), but some may also be content data, e.g. your posts, your photo (e.g. profile picture), your voice (e.g. audio recordings), etc. If you would like further information about these tools, feel free to contact us or take a look at the Privacy Notice of the respective tool that we use for our interaction.

How long your data is retained depends on the legal basis of the data processing.

‍

In detail:

We generally retain data that we process on the basis of your consent for as long as the consent exists. After this, we may retain the documentation of consent for a further period of up to three years in order to be able to defend ourselves against possible claims; during this time, however, consent will of course not be used. However, this does not apply without exception. If we do not make use of the data that we have obtained on the basis of consent for a longer period of time or discontinue the underlying service, we will delete the data without you having to revoke your consent.

Data that is retained on a contractual basis will be retained for three years from the end of the year in which the contract was fulfilled or completed due to the exchange of services.

Data that is necessarily collected when visiting the fellowship hub is deleted 7 days after the log file is created.

Data that we process on the basis of our legitimate interest is generally processed for as long as the legitimate interest exists. This depends on the specific individual case. If you would like more information on this, you are welcome to contact us. As it is unreasonable to check every day for each stored date whether the purpose for storage still exists, we may check this at regular intervals. Therefore, data may be retained for a limited period of time (deletion period), even if the legitimate interest has already ceased to exist. The data will not be processed for other purposes within the deletion period.

As a data subject, you have various rights, which we explain in detail in this section. In particular, you can withdraw your consent at any time with effect for the future (i.e. all past data processing based on consent remains lawful) and you can simply object to data processing that we only carry out on the basis of our legitimate interest (e.g. marketing measures that are permitted without consent in exceptional cases). Please note that in this section we describe all the rights to which you may be entitled as a data subject. This does not definitively determine whether you are actually entitled to a right.

In detail:

According to the GDPR, you are entitled to the following rights as soon as the conditions for exercising the respective right are met in detail:

• You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, the details of the data processing (Art. 15 GDPR: Right of access by the data subject);
• You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement (Art. 16 GDPR: right to rectification);
• You have the right to obtain from us the erasure of personal data concerning you without undue delay (Art. 17 GDPR: right to erasure/to be forgotten)
• You have the right to obtain from us restriction of processing of personal data concerning you (Art. 18 GDPR: right to restriction of processing)
• In the case of processing based on consent or for the performance of a contract, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us or to have the data transmitted directly to another controller, where technically feasible (Art. 20 GDPR: Right to data portability);
• You have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable law (Art. 77 GDPR in conjunction with Section 19 BDSG: Right to lodge a complaint with a supervisory authority).

You also have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you which is (i) necessary for the performance of a task carried out in the public interest, (ii) in the exercise of official authority vested in us, or (iii) which we process on the basis of our legitimate interest (Art. 21 GDPR: right to object). In this case, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If personal data is processed for the purpose of direct marketing (marketing and business development), you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. In this case, the personal data will no longer be processed for direct marketing purposes.

If you have given us your consent, you can withdraw this consent at any time. All data processing that we have carried out up to your revocation remains lawful.

You can assert the above-mentioned rights against us using the contact details provided in section 1.

In principle, you are not obliged to provide us with your personal data. However, without the personal data, we will not be able to provide certain services or contact you.

If you browse our fellowship hub, however, you cannot avoid providing the data mentioned under point 3. a), as the operation of the fellowship hub would otherwise not be technically possible. If you take technical precautions to prevent the transmission of this data, you may not be able to access the fellowship hub. However, you are free to disguise this data (e.g. by using a VPN service or masking) so that we cannot draw any conclusions from this technically necessary data (e.g. by using your real IP address to determine your approximate location).

We do not use automated decision-making or profiling.

We have implemented technical and organizational measures to ensure a high standard of data security, data availability and data integrity. All employees are subject to contractual confidentiality obligations and have been informed and instructed accordingly about the confidential handling of personal data.