Data protection (GDPR)
Introduction
This privacy policy explains how we handle your personal data while you are participating in one of our seminars. To maintain our relationship with you after or during your successful completion of the seminar, or when we provide you with support or a service, or when you provide a service for us.
This privacy policy describes how we collect, use, and process your personal data and how we comply with our legal obligations to you in doing so. The protection of your data is important to us, and we are committed to protecting and safeguarding your privacy rights.
This privacy policy applies to the personal data of visitors to our website, candidates, customers, suppliers, and other individuals with whom we may come into contact. It also applies to the emergency contacts of our employees. If you are an Alphadi employee, please refer to the Alphadi Employee Privacy Policy.
For the purposes of applicable data protection laws (including, among others, the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), you will find the company responsible for your personal data (“Alphadi”).
If you disagree with any aspect of our Privacy Policy, you may have legal rights, which are also described here in the appropriate place.
This Privacy Policy applies in the relevant countries within our international network. Different countries may have slightly different approaches to data protection, so this Privacy Policy includes country-specific sections.
What types of personal data are collected?
CANDIDATE DATA: We need to process certain information about you in order to determine the most suitable seminar for you and your suitability for the seminar. We only ask for information that helps us determine your qualifications, such as your name, age, contact details, educational background, and professional history. A more detailed description of the personal data we collect about you can be found on the customer master data sheet. We also collect certain data about you when you access our website.
CUSTOMER DATA: If you are an Alphadi customer, we need to collect and use information about you or individuals within your organization in order to provide services to you, such as in-house training. A more detailed description of the personal data we collect in this way can be found on the customer master data sheet. We also collect certain data about you when you access our website.
CLIENT DATA: We require a small amount of information from our clients to ensure that seminars run smoothly. We need the contact details of the relevant persons within your organization so that we can communicate with you. A more detailed description of the personal data we collect about you can be found in the customer master data sheet. We also collect certain data about you when you access our website.
VISITORS TO OUR WEBSITE: We collect a limited amount of data from visitors to our website and use it to make our website easier for you to use and to better manage the services we offer. This includes information about how you use our website, how often you access it, and the times when our website is particularly popular. We need some of the personal data we collect from you in order to fulfill our contractual obligations to you or others. Other data is simply needed to ensure a smooth business relationship. Depending on the type of personal data and the reasons for its processing by us, we may not be able to fulfill our contractual obligations or, in extreme cases, maintain the business relationship if you refuse to provide us with this data.
CANDIDATE DATA: Your personal data is mainly collected: 1. Directly from you. If you access our website or read or click on an email from us, we may also collect certain data automatically or by you providing it to us.
CUSTOMER DATA: Your personal data is mainly collected: 1. Directly from you. If you access our website or read or click on an email from us, we may also collect certain data automatically or when you provide it to us.
SUPPLIER DATA: We collect your personal data in the course of our cooperation with you. When you access our website or read or click on an email from us, we may also collect certain data automatically or when you provide it to us.
VISITORS TO OUR WEBSITE: We collect your data automatically using cookies in accordance with the cookie settings in your browser when you visit our website. We also collect data from you when you contact us via the website.
How is your personal data used?
CANDIDATE DATA: The main reason for using your personal information is to help you find a seminar that suits you. The more information we have about you, your skills, and your goals, the better we can tailor our services to you. Where appropriate and permitted by local laws and regulations, we may also use your personal data for advertising purposes. Where appropriate, we will ask for your consent for some of these activities.
CUSTOMER DATA: The main reason we use customer information is to ensure that the contractual agreements between us can be properly implemented to ensure a smooth business relationship. The more information we have, the better we can tailor our services to you.
SUPPLIER DATA: We use your personal data for two main reasons: firstly, to ensure that the contractual agreements between us can be properly implemented, thus enabling a smooth business relationship, and secondly, to ensure compliance with legal requirements.
PERSONS WHOSE DATA WE RECEIVE FROM CANDIDATES AND EMPLOYEES, E.G., CONTACT PERSONS/EMERGENCY CONTACTS: We use the personal information of candidates’ or employees’ emergency contacts in the event that the candidate or employee is involved in an accident or emergency.
To whom is your personal data disclosed?
CANDIDATE DATA: We may share your personal data with different recipients in different ways and for different reasons. First and foremost, we share your information with the certification body in order to ensure personal certification.
POSSIBLE RECIPIENTS OF YOUR DATA: The CertEuropa® certification body, in order to verify your suitability and issue your certificate. The CertEuropa® certification body during a surveillance audit or recertification according to DIN EN ISO 9001:2015 and DIN/ISO 29990 to verify the careful handling of your data. The TQCert® certification body and TÜV Hessen, for which the same applies as for CertEuropa.
How is your personal data protected?
GENERAL: The protection of your information is important to us. That is why we take appropriate measures to prevent unauthorized access to and misuse of your personal data.
PROCEDURE: Your email data is stored in encrypted form. Your sensitive data, such as your resume, which is used to determine your suitability for certified seminars, is printed out and stored in a locked cabinet. Only certain designated and trained employees have access to this data.
How long will your personal data be stored?
DURATION: If, after three years (the expiry date of your recertification, the certificate you obtained from us), we have had no relevant contact with you or the organization you work for or with, we will delete your personal data from our systems, unless we believe in good faith that we are required to retain it by law or other regulation.
How can you access, change, or withdraw personal data that you have provided to us?
Even if we already have your personal data, you have various rights with regard to this data. If you would like to contact us in this regard, please get in touch with us. We will endeavor to process your request as quickly as possible and in any case in accordance with the applicable legal provisions. Please note that we may keep records of our communications in order to better resolve any issues you have raised.
RIGHT TO OBJECT: If we use your data because we believe it is in our legitimate interests to do so and you disagree, you have the right to object. We will respond to your request within 30 days. As a rule, we will only object to you under certain, narrowly defined circumstances.
RIGHT TO WITHDRAW CONSENT: If we have obtained your consent to process your personal data for specific activities or your consent to send you advertising, you may withdraw your consent at any time.
DATA SUBJECT ACCESS REQUEST (DSAR): You have the right to request confirmation from us at any time about what information we hold about you and to ask us to change, update, or delete that information.
ADDITIONALLY, WE HAVE THE FOLLOWING OPTIONS: We may ask you to confirm your identity or request further information about your request, and where permitted by law, we may refuse your request. In this case, we will explain the reasons for the refusal.
RIGHT TO DELETION: In certain situations, you have the right to request that we delete your personal data. We will respond to your request within 30 days. If your interests or requirements change, you can unsubscribe from some or all of our promotional content by notifying us by email.
Who is responsible for processing your personal data on the Alphadi website?
Alphadi controls the processing of personal data on its server. We have a data protection officer who has been appointed by the management. If you have any further questions or would like more details, please contact us.
What are cookies and how are they used?
A “cookie” is a small data file that is stored on your computer’s hard drive. Cookies are used by almost all websites. They do not harm your system. We use them to track your activities and ensure that you enjoy a pleasant customer experience when visiting our website. If you want to check or change what types of cookies are accepted, you can usually do this in your browser settings.
REFUSING COOKIES: If you do not want to receive cookies that are not absolutely necessary to perform basic functions on our website, you can change your browser settings so that cookies are no longer accepted. Most web browsers accept cookies. However, if you prefer that we do not collect data in this way, you can set your browser’s privacy settings to accept all or some cookies or to reject all cookies.
Detailed sections in detail – What types of personal information are collected?
Would you like to know more about what data we collect about you? Here is a more detailed description of the information we collect. The information described below is, of course, in addition to the personal data that we are legally required to process in the respective situations.
CANDIDATE DATA: Depending on the relevant conditions and applicable local laws and regulations, we may collect some or all of the information listed below in order to offer you seminars and services tailored to your situation and interests.
Name
Age / Date of birth
Gender
Photograph
Marital status
Contact details
Education details
Professional background
Reference contact details
Nationality/citizenship/place of birth
Diversity information, including physical and mental health, including any disability-related information
Additional information that you voluntarily provide to us
Additional information that your references voluntarily provide to us about you
IP address
Video recordings for training purposes
Please note that this is not a complete list of the personal data that we may collect.
CUSTOMER DATA: We collect only a very limited amount of data about our customers. As a rule, we only need your contact details or the contact details of individual contacts within your organization.
SUPPLIER DATA: We do not collect much data about suppliers. We only need to ensure a smooth business relationship. We collect the data of our contacts within your organization and bank details so that we can make payments to you.
How is your personal data collected?
CANDIDATE DATA: We primarily collect personal data from our candidates.
1. Personal data that you provide to us as a candidate
Alphadi requires certain information about you in order to provide you with a customized service. This may include entering your data as part of the registration process on the Alphadi® website or in an application form, submitting a resume in printed or electronic form, or sending your resume by email to an Alphadi® consultant.
PERSONAL DATA WE RECEIVE FROM OTHER SOURCES: not applicable
PERSONAL INFORMATION WE COLLECT AUTOMATICALLY: If you access our website or read or click on an email from us, we may collect your data automatically or by you providing it to us.
1. Personal data we receive directly from you
We receive data directly from you in two ways: when you contact us, usually by phone or email, and/or when we contact you by phone, email, or generally in the course of business development activities.
PERSONAL DATA WE COLLECT THROUGH OUR WEBSITE: If you access our website or read or click on an email from us, we may collect your data automatically or by you providing it to us.
VISITORS TO OUR WEBSITE: When you visit our website, we may automatically collect certain information about you, including your IP address, the date, time, and frequency of your visits to the website, and the way you browse the content.
How is your personal data used?
When we have data about you, we use it in a variety of ways.
CANDIDATE DATA: In general, we use data about our candidates in four ways: for personal certification, advertising, determining the reintegration rate, and asserting, exercising, or defending legal claims.
MARKETING: We may send you information at regular intervals that we believe may be of interest to you.
TO DEVELOP AND PROMOTE OTHER PRODUCTS AND SERVICES: To send you details of reports, promotions, offers, networking and customer events, and general information about industries that we believe may be of interest to you.
In more unusual cases, we may also use your personal data to assert, exercise, or defend legal claims.
CUSTOMER DATA: We use information about our customers for the following purposes: advertising and asserting, exercising, or defending legal claims.
SUPPLIER DATA: We only use your information for the following purposes: storing and updating your data, contacting you in connection with agreements, using or providing services, fulfilling legal obligations, and, where applicable, targeted advertising campaigns.
PERSONS WHOSE DATA WE RECEIVE FROM CANDIDATES AND EMPLOYEES, E.G., EMERGENCY CONTACT PERSONS: We will only use this information if candidates or employees have listed you as an emergency contact in our form.
To whom is your personal data disclosed?
We may share your personal data in a number of ways and for a number of purposes, as appropriate and in accordance with local laws and regulations, e.g., with employees, external trainers, instructors, examination boards, tax or audit authorities, external service providers, business partners, lawyers, auditors, technical support functions, and IT consultants.
How is your personal data protected?
We will take all reasonable and appropriate measures to protect the personal information we store from misuse, loss, or unauthorized access. To this end, we have implemented a number of technical and organizational measures.
How long is your personal data stored?
We will delete your personal data from our systems if we have had no relevant contact with you for three years, or for a longer period if we are required to retain it by law or other regulations.
How can you access, change, or withdraw personal data that you have provided to us?
One of the main objectives of the GDPR is to protect and clarify the data protection rights of EU citizens and individuals within the EU. This means that you continue to have various rights with regard to your data.
Right to object: You can object to our processing of your personal data if we do so on the basis of legitimate interests or for direct marketing purposes.
Right to withdraw consent: If you have given us your consent to process your personal data for certain activities, you can withdraw this consent at any time.
Data subject access request (DSAR): You may request confirmation from us at any time about what information we hold about you and ask us to amend, update, or delete that information.
Right to erasure: In certain circumstances, you may request that we erase your personal data.
You may request that we restrict the processing of your personal data in the following circumstances:
If you dispute the accuracy of the personal data.
If you object to our processing of your personal data for our legitimate interests.
If our processing of your data is unlawful, but you prefer to restrict our processing rather than have the data deleted.
If there is no longer any need for us to process your personal data, but you need the data to assert, exercise, or defend legal claims.
You also have a right to rectification and a right to lodge a complaint with a supervisory authority.
Who is responsible for processing your personal data on the Alphadi® website?
The data protection officer appointed by the management is responsible.
How is your data stored and transferred internationally?
Our data, especially emails, is stored on German servers or with service providers. International transfer to third parties is only possible with the candidate’s consent.
How do we use cookies?
We use cookies to record your use of our website and to show you content that we believe will be of interest to you.
Session cookies: These are only stored on your computer during your internet session and are automatically deleted when you close your browser.
Resident cookies: A resident cookie is stored as a file on your computer and remains there when you close your web browser.
Strictly necessary cookies: These cookies are necessary for you to use the website effectively.
Performance cookies: These cookies help us monitor and improve the performance of our website.
Functionality cookies: These cookies allow our website to remember the options you have selected.
Personalization cookies: These cookies allow us to promote details of employment opportunities that we believe may be of interest to you.
Our legal basis for processing your data
LEGITIMATE INTEREST: This is regulated in Article 6(1)(f) of the GDPR. It states that we may process your data if this is necessary to safeguard our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms prevail.
CUSTOMER DATA: To ensure that we provide you with optimal services, we store your personal data and/or the personal data of individual contact persons within your organization.
SUPPLIER DATA: We use and store the personal data of individuals within your organization in order to utilize services from you as one of our suppliers.
CONSENT: Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS: Sometimes we may need to process personal data in connection with the exercise or defense of legal claims.
Our contact details
Country in which you use Alphadi® services or provide services for Alphadi: Germany
Alphadi company responsible for processing the personal data of visitors to our website: Alphadi, Kassel
How to contact us:
To access, change, or withdraw personal data that you have provided to us.
If you suspect that your personal information has been misused, lost, or accessed without authorization.
To withdraw your consent to the processing of your personal data.
If you have any comments or suggestions regarding this privacy policy.
Postal address: Alphadi Deutschland GmbH, Miramstr. 87, 34123 Kassel, Data Protection Officer, Germany
Alternatively, you can contact our Data Protection Officer and the Data Protection Team by email at: datenschutz@alphadi.org
APPENDIX 2: Contact details of the competent local supervisory authority: The Hessian Data Protection Officer, P.O. Box 3163, 65021 Wiesbaden, Germany, telephone: +49 611 1408 – 0, fax: +49 611 1408 – 611
APPENDIX 3: Country-specific deviations from our data protection guidelines. Legal system: Germany
Country-specific legal regulation: In Germany, we collect data on candidates’ religious affiliation in order to facilitate our remuneration processes.
APPENDIX 4: Cookie list. Cookie names: Cache cookie to enable the website to load faster on your second visit and your entered data.
GLOSSARY Candidates / Customers / Clients: This term describes seminar participants or companies for all seminars and services advertised by Alphadi.
Suppliers: This category includes parties such as external trainers, service providers, and other parties who provide services to Alphadi in the course of its business activities.
Deletion: Although we endeavor to permanently delete your personal data at the end of the storage period, some of your data may remain in our systems, for example while it is waiting to be overwritten.
General Data Protection Regulation (GDPR): A legal regulation of the European Union harmonizing European data protection law.
Other persons Alphadi may contact: These may be emergency contacts as well as contacts of candidates and employees of Alphadi.
Employees: This term describes employees and interns who are directly involved in Alphadi’s business.
Data protection information for online meetings, conference calls, and live webinars via Zoom
Below, we provide information about the processing of personal data in connection with the use of “Zoom.”
Purpose of processing
We use the “Zoom” tool to conduct conference calls, online meetings, video conferences, and/or webinars. “Zoom” is a service provided by Zoom Video Communications, Inc., which is based in the United States.
Responsible
Alphadi Akademie is responsible for data processing directly related to the conduct of “online meetings.”
Note
If you visit the Zoom website, the provider of Zoom is responsible for data processing. However, visiting the website is only necessary for the use of Zoom in order to download the software for using Zoom.
You can also use “Zoom” if you enter the respective meeting ID and, if necessary, additional access data for the meeting directly in the “Zoom” app.
If you do not want to or cannot use the “Zoom” app, the basic functions can also be used via a browser version.
What data is processed?
Various types of data are processed when using Zoom. The scope of the data also depends on the information you provide before or during participation in an online meeting.
The following personal data is subject to processing:
User information: first name, last name, telephone number (optional), email address, password (if single sign-on is not used), profile picture (optional), department (optional)
Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat
For dial-in via telephone: Information on incoming and outgoing phone numbers, country name, start and end time
Text, audio, and video data: You may have the option to use the chat, question, or survey functions in an “online meeting.”
Scope of processing
We use “Zoom” to conduct “online meetings.” If we want to record “online meetings,” we will inform you of this in advance and, if necessary, ask for your consent.
If necessary for the purposes of recording the results of an online meeting, we will log the chat content.
In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up on webinars.
If you are registered as a user with “Zoom,” reports on “online meetings” can be stored with “Zoom” for up to one month.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
Legal basis for data processing
Insofar as personal data of Alphadi Academy employees is processed, § 26 BDSG (Federal Data Protection Act) is the legal basis for data processing. Otherwise, the legal basis for data processing when conducting “online meetings” is Art. 6 (1) lit. b GDPR or Art. 6 (1) lit. f GDPR.
Recipients / disclosure of data
Personal data processed in connection with participation in “online meetings” will not be disclosed to third parties unless it is specifically intended for disclosure.
Other recipients: The provider of “Zoom” necessarily obtains knowledge of the aforementioned data to the extent that this is provided for in our data processing agreement with “Zoom.”
Data processing outside the European Union
“Zoom” is a service provided by a provider in the USA. Personal data is therefore also processed in a third country. We have concluded a data processing agreement with the provider of “Zoom” that complies with the requirements of Art. 28 GDPR.
Data protection officer
We have appointed a data protection officer:
Alphadi Deutschland GmbH
Ines Pitikaris
Heinrich-Hertz-Straße 3b, 34123 Kassel
Email: info@alphadi.org
Your rights as a data subject
You have the right to obtain information about your personal data. You also have the right to have your data corrected or deleted or to restrict its processing, insofar as you are legally entitled to do so. Finally, you have the right to object to the processing of your data within the framework of the legal requirements.
You also have the right to data portability within the framework of data protection regulations.
Deletion of data
We delete personal data as a matter of principle when there is no longer any need for further storage. A need may exist in particular if the data is still required to fulfill contractual services, to check and grant or defend warranty and, if applicable, guarantee claims.
Right to lodge a complaint with a supervisory authority
You have the right to complain to a supervisory authority for data protection about our processing of personal data.
Changes to this privacy policy
We revise this privacy policy in the event of changes to data processing or other occasions that make this necessary. The current version can always be found on this website.
