Data protection

Information on data processing in accordance with Art. 13, 14 GDPR

This information on data processing applies to the Quirito Academy GmbH website, which can be accessed under the domain quirito-academy.de and the various subdomains (“our website”). We would also like to inform you about how we store and use personal data that we have received via other channels as part of our training and further education program.

In particular, Quirito Academy GmbH complies with the EU General Data Protection Regulation and the current German Federal Data Protection Act (BDSG). When using the Internet, we are guided by the Telecommunications and Telemedia Data Protection Act (TTDSG) of the Federal Republic of Germany to protect your personal data. Below we explain what information we collect during your visit to our website and how it is used.

Person responsible

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

Quirito Academy GmbH

Potsdamer Strasse 1-2 15234 Frankfurt (Oder) DE

Phone: +49 (0)335 5569-404

Mail: [email protected]

Data Protection Officer

Data Solution LUD GmbH DE Andreas Thurmann

Mail: [email protected]

What is it about?

This data protection notice fulfills the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your date of birth, your e-mail address, your IP address or the user behavior when visiting a website. Information for which we cannot (or only with disproportionate effort) establish a reference to your person, e.g. through anonymization, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transfer) always requires a legal basis and a defined purpose.

Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the specific storage periods and criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defense of legal claims and in the event of statutory retention obligations.

General information on data processing

We collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users only takes place regularly with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR as the legal basis.

In the processing of personal data necessary for theperformance of a contract to which the data subject is party, Art. 6 para. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation (statutory provisions) to which our company is subject (e.g. federal registration laws), Art. 6 para. 1 lit. c GDPR as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR as the legal basis for processing.

Data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Who receives my data?

We only pass on your personal data that we process on our website to third parties if this is necessary for the fulfillment of the purposes and is covered by the legal basis (e.g. consent or protection of legitimate interests) in individual cases. Furthermore, in individual cases we pass on personal data to third parties if this serves the assertion, exercise or defense of legal claims. Possible recipients may then be, for example, law enforcement authorities, lawyers, auditors, courts, etc.

Insofar as we use service providers for the operation of our website who process personal data on our behalf in the context of order processing in accordance with Art. 6 para. 1 lit. f GDPR. Art. 28 GDPR, these may be recipients of your personal data. Further information on the use of processors and web services can be found in the overview of the individual processing operations.

Inquiries about educational offers

You can register for Quirito Academy training courses on our website. If you make use of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

First name, last name
E-mail address
Telephone
Educational offer
Message

Legal basis and purpose of data processing

The legal basis for the processing of data is the conclusion of a contract. The processing of the personal data from the input mask serves us solely to process the request and for communication.

Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements have been fulfilled.

Possibility of objection

You have the option to object to the processing of your data at any time. We have set up the e-mail address [email protected] for this purpose.

Advice and qualification

The Quirito Academy primarily carries out training and further education measures as well as EU-funded measures (ESF). To this end, it processes and uses the following categories of personal data:

Participant data (in particular first and last name, address data, contact data, date and place of birth, nationality, data on qualifications and personal circumstances, examination data, CVs, attendance lists, billing and performance data, payment data)

Lecturers, project partners, external service providers (in particular first and last name, address and contact details, qualifications, planning, billing and performance data, payment data)

Data on contractual partners (in particular contact person, position, address and contact data, billing, service and function data, payment data)

Data on clients (in particular contact person, position, address and contact details)

Legal basis and purpose of data processing

The legal basis for the processing of the data is the conclusion of a training contract with the participants and the fulfillment of contracts with lecturers and other contractual partners.

The main purpose of the collection, processing or use of personal data is the administration and support of participants and contractual partners as part of the implementation of the training program from the first contact as an interested party, the application phase through to the completion of the training.

Training measures to be carried out
Activation and placement projects
Further training/retraining
Seminars

We are happy to accompany our participants on their educational journey. For this reason, we would like to use the contact details (company contacts or private individuals) to offer additional training and further education opportunities and seminars at a later date. These contacts preferably include mailings and telephone calls. The use of the e-mail address requires the consent of the recipient.

Your data will only be processed for purposes other than those mentioned if this is in accordance with the GDPR. Art. 6 para. 4 GDPR and are compatible with the purposes of the data processing. We will inform you or obtain your consent before processing your data for any other purpose.

Recipients to whom the data may be disclosed

Data may be communicated to the following recipients:

Public bodies in the case of overriding legal provisions (e.g. social insurance institutions, authorities)

Internal departments involved in the execution and fulfilment of the respective business processes (e.g. accounting, IT organization, marketing)

Client, e.g. employment agency or JobCenter, as part of subsidized measures

External training providers as part of a change of training provider by the participant

External contractors in accordance with Art. 28 GDPR (service providers)

Lecturers

Parent or guardian of participants

Other external bodies (e.g. credit institutions, debt collection companies, commercial enterprises insofar as the data subjects have given their written consent or transmission is permitted due to an overriding legitimate interest)

Deletion of data

The legislator has issued a wide range of retention obligations and deadlines. After these periods have expired, the corresponding data and data records are routinely deleted if they are no longer required to fulfill the contract. The commercial or financial data of a completed financial year is deleted after a further ten years in accordance with legal regulations, unless longer retention periods are prescribed or required for legitimate reasons.

The retention periods for subsidized measures are based on the statutory provisions of the SGBs, EU directives and the requirements of the respective client. For example, participant data that is not relevant to billing is deleted or destroyed after 2 years for measures funded under SGB II or SGB III. In the case of EU-funded ESF measures, the retention period is 12 years after the end of the funding period.

Possibility of objection

You have the option to object to the processing of your data at any time. We have set up the e-mail address [email protected] for this purpose.

Your application for a job advertisement

You can apply for advertised positions via our website or internet portals. If you make use of this option as an applicant, the data transmitted to us may be stored and used. These data are:

Title, first name, surname
Contact details (e-mail address, telephone)
Cover letter
File attachment with the detailed application

In this context, the data will not initially be passed on to third parties. However, if an applicant matches the profile of another job advertisement published by a company associated with us, we will be happy to forward the application documents. We will obtain the applicant’s prior consent for this. Otherwise, the data will be used exclusively for processing the application by the specialist department and for communication.

Legal basis for data processing

The legal basis for the processing of the data is the contract initiation relationship or the conclusion of a contract with the user. We will obtain prior consent for the forwarding of application documents to an affiliated company.

Purpose of data processing

The processing of personal data serves us solely to process the application.

Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected, at the latest 6 months after rejection. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements have been fulfilled.

Possibility of objection

You have the option to object to the processing of your data at any time. To do this, please send an e-mail to the office where you sent your application.

Advice and support for company contacts

For the support, advice and advertising of corporate customers, we collect and use the contact person, telephone number and postal address in addition to the business partner or potential business partner. We receive the information from various sources, either through an inquiry (e-mail or telephone), but also via events, trade fairs, business cards received by our sales staff, etc.

Legal basis for data processing

The legal basis for processing the data is our legitimate interest in data processing. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is the contractual relationship.

Purpose of data processing

We use this contact data exclusively for our own purposes and for the needs-based design of our own sales activities.

Duration of storage

In principle, there is no deletion period. However, if our sales department has had no contact with the company contact within 3 years, the sales department will decide whether the contact person of the company contact will be deleted.

If the contact is a pre-contractual relationship (offer, booking or reservation request), the transmitted data will also be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we will delete the data after one year at the end of the year.

Possibility of objection

As a company contact, you have the option to object to the processing of your data at any time. We have set up the e-mail address [email protected] for this purpose. All personal data of the contact person stored for the business partner will be deleted in this case.

Contact form/e-mail contact

There are contact forms on our website which you can use to contact us electronically. If you make use of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

First and last name
E-mail address
Subject
Request/your message

Alternatively, you can contact us via the e-mail addresses provided. In this case, the personal data transmitted with the e-mail will be stored.

Legal basis and purpose of data processing

The legal basis for the processing of the data is initially our legitimate interest in data processing in the context of contacting the inquirer. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is in the context of a business initiation relationship or contractual relationship.

The data is used exclusively for processing the conversation. The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

When contacting us via the contact form, the data transmitted will be stored in our CRM system. If there is no contractual relationship, we will delete the data after three years at the end of the year.

Possibility of objection

You have the option to object to the processing of your data at any time. We have set up the e-mail address [email protected] for this purpose. We would like to point out that in the event of an objection, the conversation cannot be continued or we cannot create any offers etc. All personal data stored in the course of contacting us will be deleted in this case.

What rights do I have?

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

You have a right to information about the personal data stored about you, about the purposes of processing, about any transfers to other bodies and about the duration of storage.

If data is incorrect or no longer required for the purposes for which it was collected, you can request that it be rectified, erased or processing restricted. If provided for in the processing procedures, you can also view your data yourself and correct it if necessary.

If your particular personal situation gives rise to reasons against the processing of your personal data, you can object to this if the processing is based on a legitimate interest. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for the purposes of direct marketing or profiling, the personal data concerning you will no longer be processed for these purposes.

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

If you have any questions about your rights and how to exercise them, please contact the management or the data protection officer.

Your right to lodge a complaint with a supervisory authority

As a data subject, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority for data protection, in particular in the Member State of your habitual residence or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection law.

The supervisory authority to which the complaint is submitted will inform you of the status and outcome of your complaint, including the possibility of a judicial remedy.

Competent supervisory authority for data protection

The State Commissioner for Data Protection and the Right of Access to Files

Stahnsdorfer Damm 77, D-14532 Kleinmachnow

Phone: +49 (0)33203.356-0

Mail: [email protected]

Protection of minors

This service is mainly aimed at adults. We do not currently market any special areas for children. As a result, we do not knowingly collect information to determine age, nor do we knowingly collect personal data from children under the age of 16. However, we advise all visitors to our website under the age of 16 not to disclose or provide any personal data via our service. In the event that we discover that a child under the age of 16 has provided us with personal data, we will delete the child’s personal data from our files as far as this is technically possible.

Data processing outside the European Union

Insofar as personal data is processed outside the European Union, you can see this in the previous explanations.

Security

We use technical and organizational security measures in accordance with Art. 32 GDPR to protect your data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments. Access to this data is only possible for a few authorized persons and persons with a special data protection obligation who are involved in the technical, administrative or editorial management of data.

Amendment of this data protection notice

We will revise this data protection notice in the event of changes to this website or other occasions that make this necessary. The current version can always be found on this website.

Version: September 2023

How is my data processed in detail when I use the website?

Below we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.

Provision of the website

Type and scope of processing

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
Website from which the access is made (referrer URL)
Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Our website is not hosted by us, but by a service provider who is responsible for the purpose of processing the aforementioned data on our behalf in accordance with Art. 6 para. 1 lit. f GDPR. Art. 28 GDPR processed.

Purpose and legal basis

The processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6 para. 1 lit. a GDPR. lit. f GDPR. The collection of data and storage in log files is absolutely necessary for the operation of the website. There is a right to object to the processing on the basis of the exception under Art. 21 para. 1 GDPR does not apply. Insofar as further storage of the log files is required by law, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is not technically possible to access our website without providing the data.

Storage duration

The aforementioned data is stored for the duration of the display of the website and, for technical reasons, for a maximum of 7 days.

Presence on social media platforms

We maintain so-called fan pages or accounts or channels on the networks listed below in order to provide you with information and offers within social networks and to offer you further ways to contact us and find out about our offers. In the following, we will inform you about which data we or the respective social network process from you in connection with the access and use of our fan pages/accounts.

Data that we process from you

If you wish to contact us via Messenger or via Direct Message via the respective social network, we generally process your user name, which you use to contact us, and may store other data provided by you insofar as this is necessary to process/answer your request.

The legal basis is Art. 6 para. 1 sentence 1 f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller).

(Static) usage data that we receive from the social networks

We receive automated statistics about our accounts via Insights functionalities. The statistics include the total number of page views, likes, information on page activity and post interactions, reach, video views/views and information on the proportion of men/women among our fans/followers.

The statistics only contain aggregated data and cannot be linked to individual persons. You are not identifiable to us through this.

What data the social networks process from you

In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and therefore no user account is required for the respective social network.

Please note, however, that the social networks also collect and store data from website visitors without a user account when the respective social network is accessed (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies, over which we have no influence whatsoever. Details on this can be found in the privacy policy of the respective social network (see the corresponding links above)

If you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our posts/contributions and/or wish to contact us via messenger functions, you must first register with the respective social network and provide personal data.

We have no influence on the data processing by the social networks in the context of your use. To the best of our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behavior (using cookies, pixels/web beacons and similar technologies) on the basis of which advertising based on your interests is displayed both within and outside the respective social network. It cannot be ruled out that your data will also be stored by the social networks outside the EU/EEA and passed on to third parties.

Information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use of the social networks can be found in the data protection provisions/cookie guidelines of the social networks. There you will also find information on your rights and how to object.

Facebook page

On our Facebook fan page at: www.facebook.com/Quirito we use plugins from the provider Facebook.com, which are provided by the company Facebook Inc, 1601 S. California Avenue, Palo Alto, CA 94304 in the USA. By using the fan page, data is forwarded to the Facebook servers, which contain information about your visits to our fan page. For logged-in Facebook users, this means that the usage data is assigned to their personal Facebook account. As soon as you actively use the Facebook plugin as a logged-in Facebook user (e.g. by clicking on the “Like” button or using the comment function), this data is transferred to your Facebook account and published. You can only avoid this by logging out of your Facebook account beforehand. We do not know exactly what data Facebook stores and uses. As a user of the fan page, you must therefore expect that Facebook will also store your actions on the fan page in full.

The processing of your personal data for the above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 f) GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the legal basis for the processing extends to Art. 6 para. 1 a), Art. 7 GDPR.

Every person depicted as well as other third parties have the possibility to object to the publication of their personal data (photos) at any time. For this we have the e-mail address [email protected] set up. The right to object applies in particular to the publication of images for the future.It can always happen that we inadvertently publish images of people without their consent. If publication is not desired, we will immediately do everything in our power to comply with your right. In the case of group pictures, we reserve the right to distort faces.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access options to your data are limited. Only the provider of the social network is authorized to have full access to your data. As a result, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, request for deletion, objection, etc.). The most effective way to assert such rights is therefore directly against the respective provider.

We are jointly responsible with Facebook for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.

The primary responsibility for the processing of Insights data lies with Facebook in accordance with the GDPR and Facebook states that it fulfills all obligations under the GDPR with regard to the processing of Insights data, Meta Platforms Ireland Ltd. provides the essentials of the Page Insights Supplement to the data subjects.

We do not make any decisions regarding the processing of Insights data and the storage duration of cookies on user end devices.

In addition, the General Terms of Use of Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland apply. With regard to data protection on Facebook, please note the following data protection information from Facebook Ireland Limited.

Instagram page

When you visit our Instagram page www.instagram.com/quirito/, Instagram (Meta) collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides more information on this under the following link (note: clicking on the following link will take you to the website of the social network Facebook, also part of the Meta Group. However, the information provided via the link applies equally to the social network Instagram): https://facebook.com/help/pages/insights.

It is not possible for us to draw conclusions about individual users based on the statistical information transmitted. We only use them to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We only collect your data via our fan page in order to realize a possible provision for communication and interaction with us. This collection generally includes your name, message content, comment content and the profile information you have made “publicly” available.

The processing of your personal data for the purposes mentioned above is based on our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 f) GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the legal basis for the processing extends to Art. 6 para. 1 a), Art. 7 GDPR.

We are jointly responsible with Instagram for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.

The primary responsibility for the processing of Insights data lies with Instagram in accordance with the GDPR and Instagram states that it fulfills all obligations under the GDPR with regard to the processing of Insights data, Meta Platforms Ireland Ltd. provides the essence of the Page Insights Supplement to the data subjects.

Further information can be found directly on Instagram (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

For more information, including the exact scope and purposes of the processing of your personal data, the storage period/deletion and guidelines on the use of cookies and similar technologies in the context of registration and use, please refer to Instagram’s privacy policy/cookie policy (note: clicking on the following link will take you to the website of the social network Facebook): https://help.instagram.com/519522125107875/?helpref=uf_share.

Do we use cookies?

Cookies are small text files that are sent by us to the browser of your end device and stored there when you visit our website. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to carry out various analyses so that we are able, for example, to recognize the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot run programs or contain viruses.

We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or in the Consent Manager of this website.

No cookies set

Use of analysis, advertising and tracking tools and other services on our website

In order to make our website as pleasant and convenient as possible for you as a user, we occasionally use the services of external service providers. Below you have the opportunity to find out about the data protection provisions on the use and application of the services and functions used in order to exercise your rights with these service providers.

Google Fonts

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering.

The use of Google Fonts is based on our legitimate interests, i.e. interest in a uniform provision and optimization of our online offer. A transmission to Google does not take place.