Business Partners
Privacy Policy

The protection of your personal data and that of your employees is of particular concern to us. With this Privacy Notice, we would like to inform you about how and to what extent we process personal data as part of the application process in accordance with Regulation (EU) 679/2016 - General Data Protection Regulation ("GDPR"), the Federal Data Protection Act ("BDSG") and other applicable data protection regulations when we enter into contractual relationships with business partners.

This Privacy Notice applies to all business partners of ada Learning GmbH (hereinafter also referred to as "us", "we"). It applies to business partners if the contractual partners are natural persons or to employees of business partners if our contractual partners are legal persons.

‍

"Personal data" in this sense is all information that can be used to establish a connection to a person. For example, on the basis of certain characteristics that allow conclusions to be drawn about the identity (e.g. the assignment of an IP address to a specific person by querying the connection with an Internet service provider). We use the term "personal data" in this Privacy Notice as defined in Art. 4 No. 1 GDPR.

The current version of this Privacy Notice is also available at https://www.join-ada.com/about-us/privacy-policy.

The data controller is us, the

ada Learning GmbH
Graf-Adolf-Platz 15
40213 Düsseldorf
Deutschland
E-Mail: hello@join-ada.com

‍

You can reach our Data Protection Officer, the

Clandestine GmbH
Dornberger Straße 27
33615 Bielefeld
www.clandestine.de

can be reached via post under the above address or via email under privacy@join-ada.com.

During the cooperation, we generally process the following personal data:

• Core data of our contact persons, such as first name, surname, name affixes;
• Professional contact details (business address, (mobile) telephone number, e-mail address);
• Your bank details, commercial register number and VAT ID (if you are a natural person).

The personal data is usually collected directly from you - or one of your employees - as part of the screening process. In certain constellations, your personal data will also be collected from other bodies due to legal regulations.

We may process personal data from publicly accessible sources (e.g. social media).

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable laws.

We mainly need the data to establish, perform and terminate a contractual relationship. We base the processing on Article 6(1)(b) GDPR. If we would like to use photographs of you, we will obtain your separate consent for this.

We also use the data to fulfill our obligations - in particular in the area of tax law. This is done on the basis of Article 6(1)(c) GDPR. Where necessary, we also process your data on the basis of Article 6(1)(f) GDPR in order to protect our legitimate interests or those of third parties (e.g. authorities).

We generally receive the data we collect from you, the service provider. We may receive your data from third parties, e.g. from publicly accessible sources such as social media profiles. If you are an employee in a company with which we work, we may have received the personal data from other people in your company (e.g. colleagues, management).

There is no obligation to provide us with the personal data. Without the provision of personal data, a service relationship may not be established.

In course of the contractual relationship, personal data may be passed on to internal and external third parties. Internal recipients are usually your direct contacts at our company and our accounting department.

We also use several external IT service providers to operate our IT infrastructure. These are mostly processors. We have concluded corresponding order processing contracts to ensure that personal data is only processed on our behalf and in accordance with our instructions.

Parts of the data processing may take place in countries outside the European Union and the European Economic Area (so-called "third countries"). Personal data will only be processed in third countries if one of the following conditions is met:

• There is an adequacy decision for the respective third country.
• We have concluded EU standard contractual clauses with the respective partner.
• There is another suitable guarantee (e.g. certification under the EU US Data Privacy Framework for data recipients in the USA).

In this way, we ensure that an appropriate level of data protection is ensured during processing.

We only store your personal data for as long as is absolutely necessary. As soon as this is no longer the case, personal data will be anonymized or deleted.

We will retain the data in our system for the duration of the service relationship. Subsequently, we may retain the data on the basis of our legitimate interest for as long as it is possible to defend against or assert legal claims. This depends, among other things, on contractually regulated limitation periods in individual cases.

Insofar as personal data are part of so-called commercial and business letters (e.g. mention as contact person on invoices), we will retain the data for the duration of the statutory retention periods.

You have the right under the GDPR,

• To request information about which personal data (e.g. name, address, etc.) is stored about you (Art. 15 GDPR: Right of access by the data subject).
• If you notice any errors, you have the right to have the data corrected. (Art. 16 GDPR: Right to rectification).
• If you do not want us to continue storing your data, you can request that we erase it (Art. 17 GDPR: Right to erasure).
• If you do not want us to continue using your data, you can request that we restrict processing (Art. 18 GDPR: Right to restriction of processing).
• To receive your data from us in a commonly used format so that you can pass it on to a third party of your choice. (Art. 20 GDPR: right to data portability),
• lodge a complaint with a supervisory authority at any time (Art. 77 GDPR in conjunction with Section 19 BDSG: Right to lodge a complaint with a supervisory authority).

If we process your data on the basis of a legitimate interest, you have the right to object to the use of your data at any time (Art. 21 GDPR: Right to object). In this case, we will no longer process your personal data.
‍

Exception:

We have grounds that override your rights or need to use your data to pursue legal claims.
‍

Direct advertising:

If your data is used for direct advertising, you can also object to this at any time.
‍

Right to withdraw consent:

If you have given us your consent, you have the right to withdraw your consent at any time. In this case, all data processing that we have carried out up to your revocation remains lawful. You can withdraw your consent via any communication channel, e.g. by sending an email to privacy@join-ada.com. If you inform us in this message that you no longer wish to receive emails, we will no longer send any messages to the email address you have provided.