Privacy

Protection of Your Personal Data

IST University of Management GmbH takes the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with statutory data protection regulations as well as this privacy policy.
Please note that data transmission over the Internet (e.g., communication via email) can have security vulnerabilities. Complete protection of data from access by third parties is not possible.
The following privacy policy informs you, as a user of the IST University of Management GmbH website (hereinafter referred to as the “Provider”), about the collection and use of personal data when visiting and using our websites.
We comply with the legal provisions on data protection, such as those outlined in the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). We also fully adhere to the regulations of the European General Data Protection Regulation (EU-GDPR). The Provider’s Data Protection Officer can be reached at the following email address: Datenschutz@ist.de.

This privacy policy does not apply to websites you may access via hyperlinks on this website.

General Data Collection and Processing

Each time you visit and use the Provider’s websites, access data is collected by the Provider or the web space provider. This access data includes: the IP address and provider of the requesting computer, the webpage accessed and any retrieved data, the date and time of access, the amount of data transmitted, a notification of successful retrieval, identification data of the browser and operating system used by the requesting computer, as well as the previously visited webpage (the site from which the request to access the Provider’s website originated).
The collection and processing of this access data are carried out solely for purposes of system administration, system security, optimization of the offering, and statistical analysis. The Provider expressly reserves the right to analyze access data retrospectively in cases of unlawful use or unlawful attacks on the Provider's websites, provided there is sufficient suspicion based on concrete evidence.

Personal Data

• Definition of Personal Data
  Personal data, as defined in Section 3 (1) of the Federal Data Protection Act (BDSG), refers to any information concerning the personal or material circumstances of an identified or identifiable natural person. This includes, for example, data such as a name, address, email address, or telephone number. Usage data also falls under the category of personal data.
• Collection of Personal Data
  The collection of personal data includes the gathering of information that can be assigned to a specific or identifiable natural person, such as name, address, email address, phone number, or usage data.

Privacy Notice

You have the right to: 

1. Revoke your consent at any time by contacting us, provided that no contractual obligations contradict this. As a result, we will no longer continue data processing based on this consent in the future.
2. Request information about your personal data processed by us. Specifically, you can request details about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been disclosed or will be disclosed, the planned retention period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data (if it was not collected by us), as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the specifics.
3. Request the correction of inaccurate or the completion of incomplete personal data stored by us without delay.
4. Request the deletion of your personal data stored by us, unless processing is necessary for exercising the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or to assert or defend legal claims.
5. Request the restriction of processing your personal data, provided that:
   
   • You contest the accuracy of the data;
   • The processing is unlawful, but you oppose its deletion;
   • We no longer need the data, but you require it for the establishment, exercise, or defense of legal claims; or
   • You have objected to the processing.
   Receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or request that it be transferred to another controller.
6. Object to the processing of your personal data if it is based on legitimate interests, provided there are reasons arising from your particular situation. If you wish to exercise your right to object, simply send an email to Datenschutz@ist.de.

 

Cookies

Provision of Paid Services

If you wish to use the paid services and offerings available on our website, we may need to collect additional information from you for billing and security purposes. This typically includes your name, a valid email address, and possibly your address and phone number, as well as any other relevant information depending on the specific case. This may also involve content that allows us to verify the data provided, such as confirming your ownership of the provided email address. For legal reasons, we must ensure that you actually wish to receive the offered services, and that we can properly invoice you for the service. In payment transactions, we use SSL encryption to protect your data, which can be recognized by the "https://" in the browser's address bar.

Third-Party Providers - Content and Services

The provider reserves the right to integrate third-party services and content into its online offerings, such as Google Maps, YouTube videos, third-party graphics, RSS feeds, etc. In order to successfully display these contents, the third-party provider will need to query your IP address. The provider strives to only integrate third-party offerings into its website that use the queried IP address solely for the purpose of displaying the respective content. However, the provider cannot exclude the use of your IP address for other statistical purposes. If the provider becomes aware of this, a separate notice will be provided.

Privacy Policy for the Use of Google Analytics

Google Analytics uses so-called "cookies," text files that are stored on users' computers and allow an analysis of the website usage. The information generated by the cookie about the usage of this website by users is usually transferred to a server of Google in the USA and stored there. On this website, IP anonymization is activated, so the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. Therefore, we inform you that data processing in the context of Google Analytics may also take place outside the scope of EU law.

On behalf of the operator of this website, Google uses this information to evaluate the usage of the website by users, compile reports on website activities, and provide other services related to website and internet usage to the website operator.

Google Analytics is used only with your consent. You can prevent the storage of cookies and, furthermore, prevent the collection of data by configuring your browser software accordingly; however, please note that in this case, you may not be able to fully use all functions of this website.

Additionally, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link. The current link is: https://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you can prevent the collection by Google Analytics by deactivating performance cookies in the cookie settings.

Objection Against Data Collection

You can prevent the collection of your data by Google Analytics. To do so, an opt-out cookie is set, which prevents the collection of your data during future visits to this website. To deactivate the collection of data by Google Analytics for this website, please click here. (Please note that no visible feedback will occur after clicking.)

Order Data Processing

We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

IP Anonymization

We use the "activation of IP anonymization" function on this website. As a result, your IP address is shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google uses this information to evaluate your use of the website, compile reports on website activities, and provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google.

Privacy Policy for the Use of Google Adwords

The provider has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to display ads both in Google search results and within the Google advertising network. Google AdWords enables advertisers to predefine certain keywords that trigger the display of an ad in Google search results only when a user retrieves a keyword-relevant search result. In the Google advertising network, ads are automatically distributed across relevant websites based on the predefined keywords.

The operator company of Google AdWords services is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to promote our website by displaying interest-relevant ads on third-party websites and in Google search results, as well as to display third-party ads on our website. If a person accesses our website through a Google ad, Google sets a so-called conversion cookie on the person's information technology system. Cookies, as explained above, are used. The conversion cookie expires after thirty days and does not identify the person. If the cookie is still valid, it tracks whether certain subpages, such as the shopping cart in an online shop system, have been accessed on our website. The conversion cookie allows both us and Google to track whether a person who accessed our website via an AdWords ad made a purchase or abandoned a cart.

The data and information collected through the conversion cookie are used by Google to create visit statistics for our website. We use these visit statistics to determine the total number of users who were referred to us through AdWords ads and to evaluate the success or failure of each AdWords ad, optimizing our future AdWords ads. Neither our company nor other advertisers using Google AdWords receive information from Google that would identify the person.

Personal information, such as the websites visited by the person, is stored via the conversion cookie. Therefore, when visiting our websites, personal data, including the IP address of the internet connection used by the person, is transmitted to Google in the USA. This personal data is stored by Google in the USA. Google may share this data with third parties through the technical process.

The person concerned can prevent cookies from being set by our website at any time by configuring the used internet browser accordingly and thus permanently object to the setting of cookies. Such a setting would also prevent Google from setting a conversion cookie on the person’s information technology system. Furthermore, any previously set cookie by Google AdWords can be deleted at any time via the internet browser or other software programs. Additionally, the person concerned has the option to object to interest-based advertising by Google. To do so, the person must access the link www.google.de/settings/ads from each internet browser they use and make the desired settings.

Further information and the applicable privacy policy from Google can be accessed at https://policies.google.com/privacy?hl=de.

Privacy Policy For Using Google Maps

This site uses the Google Maps service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the features of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence over this data transfer. The use of Google Maps is in the interest of presenting our online offerings in an attractive manner and making the locations we have listed on the website easier to find. This constitutes a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. More information on how user data is handled can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en.

Privacy Policy for the Use of Facebook Plugins (Like Button)

Our pages integrate plugins from the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the "Like Button" ("Like") on our page. An overview of the Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/.

When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. This allows Facebook to receive the information that you have visited our page with your IP address. If you click the Facebook "Like Button" while logged into your Facebook account, you can link the content of our pages to your Facebook profile. As a result, Facebook can associate your visit to our pages with your user account. Please note that as the provider of the pages, we have no knowledge of the content of the data transmitted or how Facebook uses it. For more information, please refer to Facebook's privacy policy at http://de-de.facebook.com/policy.php.

If you do not want Facebook to associate the visit to our pages with your Facebook user account, please log out of your Facebook account.

Facebook Custom Audience via the Pixel Method

The website uses the "Facebook Pixel" from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). With explicit consent, this method can track the behavior of users after they have seen or clicked on a Facebook advertisement. This process is used to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and can help optimize future advertising campaigns.

The data collected is anonymized for us, meaning it does not allow us to draw conclusions about the identity of the users. However, the data is stored and processed by Facebook, enabling it to link the data to individual user profiles and use it for its own advertising purposes in accordance with Facebook’s data usage policy (https://www.facebook.com/about/privacy/). You can allow Facebook and its partners to display advertisements both on and off Facebook. For these purposes, a cookie may also be stored on your computer. These processing operations only occur with explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.

Consent to use the Facebook Pixel may only be given by users who are over the age of 13. If you are younger, please ask your parents or guardians for permission.

Facebook Inc., based in the USA, is certified under the US-EU Privacy Shield agreement, which ensures compliance with the data protection standards applicable in the EU.

To disable the use of cookies on your computer, you can set your internet browser to prevent cookies from being stored on your computer in the future or delete any cookies already stored. However, disabling all cookies may result in some features on our website not functioning properly. You can also opt out of the use of cookies by third-party providers like Facebook on the Digital Advertising Alliance website: https://www.aboutads.info/choices/.

Additionally, you can object to the use of the Facebook Pixel by using the "Opt-out" option (please click here).

Facebook Messenger

When you use Facebook Messenger to contact us, we process personal data necessary for communication and contacting you. Facebook grants us access to your “public information,” which may include your name, gender, Facebook ID, and profile and cover photos. We use this information to respond to your inquiry or, if you have expressly consented, to send you promotional messages.

For sending and receiving messages through our various communication channels, including Facebook Messenger, we use the service Superchat provided by SuperX GmbH, Oranienburger Str. 91, 10178 Berlin (“Superchat”). The data is stored on Superchat's servers in Germany on our behalf.

Facebook is a service of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”), a company of the Meta Group. Facebook processes the data in accordance with its privacy policy, which you can access here. Facebook offers the option of end-to-end encryption for communication, which can be enabled in the Messenger settings.

Please note that Facebook may also collect so-called “metadata,” which could include information about the identity of the sender and recipient, as well as location, device information, and usage information related to Facebook Messenger (e.g., duration and frequency). Facebook uses this data for its own purposes, such as improving Facebook Messenger. Further information can be found in Facebook’s privacy notice. We are not aware of the details of this data processing, nor do we have any influence over it. We cannot exclude the possibility of data being shared with other recipients within the Meta group of companies in countries outside the EU that do not offer an adequate level of data protection (especially the USA).

The legal basis for data processing by us is:

• Art. 6 para. 1 lit. b) GDPR, if the communication serves to initiate or execute a contractual relationship;
• Your consent pursuant to Art. 6 para. 1 lit. a) GDPR, if you have signed up for newsletter distribution via Facebook Messenger;
• Our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR in processing your request in all other cases.

If the processing is based on your consent, the data will be deleted as soon as you withdraw your consent. You can withdraw your consent at any time by sending a message with the content “Stop” in the chat or by sending an email to Datenschutz@ist.de.

Otherwise, we will delete your data once the purpose of the processing has been fulfilled (e.g., when your inquiry has been fully answered). If there are legal retention periods that prevent deletion, the data will be blocked for further use until the retention period expires.

Privacy Policy for the Use of Instagram

Our pages integrate functions from the Instagram service. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. When you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our pages with your user account.

Please note that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how Instagram uses it. For more information, please refer to Instagram's privacy policy: http://instagram.com/about/legal/privacy/.

Instagram Direct Messenger

When you use Instagram Direct Messenger to contact us, we process personal data necessary for communication and contacting you. Instagram provides us with access to the username you have chosen. We use this information to respond to your inquiry or, if you have expressly consented, to send you promotional messages.

For sending and receiving messages through our various communication channels, including Instagram Direct Messenger, we use the service Superchat provided by SuperX GmbH, Oranienburger Str. 91, 10178 Berlin (“Superchat”). The data is stored on Superchat's servers in Germany on our behalf.

Instagram is a service of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, a company of the Meta Group. Instagram processes the data in accordance with its privacy policy, which you can access here. Please note that, according to the information in Instagram's privacy policy, Instagram collects content provided by its users, including communication content, as well as other information such as location, device information, and usage information (e.g., duration and frequency). Instagram also uses this data for its own purposes, such as improving the Instagram service. Further information can be found in Instagram’s privacy notice. We are not aware of the details of this data processing, nor do we have any control over it. We cannot exclude the possibility of data being shared with other recipients within the Meta group of companies (e.g., Facebook) or external third parties (e.g., advertising partners and analytics services) in countries outside the EU that do not offer an adequate level of data protection (especially the USA).

The legal basis for data processing by us is Art. 6 para. 1 lit. b) GDPR if the communication is for the initiation or execution of a contractual relationship;

Your consent in accordance with Art. 6 para. 1 lit. a) GDPR, if you have signed up for newsletter distribution via Instagram Messenger, and in all other cases, our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR in processing your request.

If the processing is based on your consent, the data will be deleted once you withdraw your consent. You can withdraw your consent at any time by sending a message with the content “Stop” in the chat or by sending an email to Datenschutz@ist.de. Otherwise, we will delete your data once the purpose of the processing has been fulfilled (e.g., the inquiry has been fully answered). If there are legal retention periods that prevent deletion, the data will be blocked for further use until the retention period expires.

Privacy Policy for the Use of Bing Ads

This website uses Bing Ads, a program from Microsoft Corporation (“Microsoft”), utilizing Universal Event Tracking (UET) for remarketing and conversion tracking. For this purpose, a cookie is placed on your computer when you access our website via Bing or Yahoo. This text file stores information about your use of our website, such as the pages you visited, for 180 days, after which it is deleted. This information includes, among other things, the URL of the visited page, the URL of the referring page, and your IP address. By using the remarketing function, we can present you with tailored offers during a later search on one of the above-mentioned search engines.

If you do not agree with the collection of information, you can disable the placement of cookies through the settings of your internet browser. By using the opt-out page for consumers provided by the Network Advertising Initiative (NAI) http://www.networkadvertising.org/choices/, you can check which participating sites place cookies in your browser and disable them. You can read Microsoft's privacy policy regarding the handling of collected data at the following link: https://privacy.microsoft.com/en-us/privacystatement/.

Privacy Policy for the Use of Xing

Our website uses features from the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing XING features is accessed, a connection is established to XING's servers. Based on our knowledge, no personal data is stored in the process. In particular, IP addresses are not stored, nor is user behavior evaluated.

For more information about data protection and the XING Share button, please refer to XING's privacy policy at https://www.xing.com/app/share?op=data_protection.

Privacy Policy for the Use of Youtube

Our website uses plugins from YouTube, which is operated by Google. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection is established to YouTube's servers. In this process, YouTube is informed about which of our pages you have visited.

If you are logged into your YouTube account, YouTube can directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

For more information on how user data is handled, please refer to YouTube's privacy policy at: https://policies.google.com/privacy?hl=en.

Privacy Policy for the Use of LinkedIn

We maintain an online presence on LinkedIn to present our company and services and to communicate with customers/prospective clients. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

We would like to point out that there is a possibility that user data may be processed outside the European Union, particularly in the USA. This could present increased risks for users, such as difficulties accessing their data in the future. Furthermore, we do not have access to this user data. The access possibility is solely with LinkedIn.

LinkedIn Privacy Information

LinkedIn Plugin

Our website uses the conversion tool "LinkedIn Insight Tag" from LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. This tool creates (if you consent) a cookie in your web browser, which allows the collection of data such as: IP address, device and browser properties, and page events (e.g., page views). If you click the "Recommend" button on LinkedIn and are logged into your LinkedIn account, LinkedIn can associate your visit to this website with your user account.

Please note that, as the provider of the site, we have no knowledge of the content of the transmitted data or its use by LinkedIn. LinkedIn only provides anonymized reports about the website audience and the ad performance. Additionally, LinkedIn offers retargeting via the Insight Tag. We can use this data to display targeted advertising outside the website, without identifying you as a website visitor.

For more information, please refer to LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.

The data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. Data processing is based on Article 6(1)(a) GDPR. Consent can be withdrawn at any time. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

Privacy Policy for the Use of TikTok

We use the TikTok Pixel on our website. The TikTok Pixel is a TikTok Advertiser Tool provided by two companies: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both are referred to as "TikTok").

The TikTok Pixel is a snippet of JavaScript code that allows us to understand and track the activities of visitors to our website. The TikTok Pixel collects and processes information about the visitors to our website or their devices (called "Event Data").

The Event Data collected by the TikTok Pixel is used for targeting our advertisements, improving ad delivery, and personalizing ads. The Event Data collected on our website via the TikTok Pixel is transmitted to TikTok.

Some of this Event Data includes information stored on your device. The TikTok Pixel also uses cookies to store information on your device. Such storage of information by the TikTok Pixel or access to information already stored on your device occurs only with your consent. Therefore, the legal basis for the collection and transmission of personal data by us to TikTok is Article 6(1)(a) GDPR. You can withdraw your consent at any time via our Consent Management Tool.

This collection and transmission of Event Data is carried out by us and TikTok as joint controllers. We have entered into an agreement with TikTok regarding joint control, which defines the distribution of data protection responsibilities between us and TikTok. In this agreement, we and TikTok have agreed that we are responsible for providing you with all the information pursuant to Articles 13 and 14 of the GDPR regarding the joint processing of personal data; that TikTok is responsible for enabling data subject rights in accordance with Articles 15 to 20 of the GDPR concerning personal data stored by TikTok after the joint processing.

You can access the agreement between us and TikTok at: https://ads.tiktok.com/i18n/official/article?aid=300871706948451871.

For the processing of the transmitted Event Data after transmission, TikTok is solely responsible. For more information on how TikTok processes personal data, including the legal basis TikTok relies on and how to exercise your rights with TikTok, you can refer to TikTok's privacy policy at: https://www.tiktok.com/legal/privacy-policy?lang=en.

Zoom Video Communications, Inc. (Zoom)

In connection with the use of the video conferencing service provided by Zoom Video Communications, Inc. ("ZOOM") for teaching, research, and administration as a tool for conducting interactive online tutorials, online seminars, webinars, and other video conferences and meetings, as well as in some cases for conducting exams and supporting the research process, personal data will be collected from you. The use of ZOOM for private purposes under the provided license is not permitted.
Data processing is carried out based on the General Data Protection Regulation (GDPR), the data protection laws of North Rhine-Westphalia, and other applicable data protection provisions.

The processing of personal data in connection with the use of ZOOM is based on the following legal grounds:

• For the (voluntary) use of ZOOM pursuant to Article 6(1)(a) GDPR (consent)
• To fulfill the legal and contractual tasks of IST-Hochschule für Management in connection with enabling research, teaching, and study in accordance with Article 6(1)(e) GDPR in conjunction with § 3 HG NRW
• For data processing in the context of contractual relationships pursuant to Article 6(1)(b) GDPR
• For "open webinars and other events" where no contractual relationship exists, pursuant to Article 6(1)(f) GDPR. In this case, the interest lies in conducting a webinar.
• For employees and staff pursuant to Article 6(1)(b) GDPR

Recipients of Personal Data

Personal data processed in connection with the use of ZOOM will generally not be shared with third parties, unless it is intended for sharing.

The provider of ZOOM and any subcontractors may become aware of the processed data as necessary, within the scope of the data processing agreement or contractual relationships with subcontractors.

Processing of Personal Data

Only personal data provided by you or lawfully made known to IST-Hochschule für Management in the context of its legal duties will be processed. In order to use ZOOM, the following personal data may be processed:

• Last name
• First name

To participate in a video conference or online meeting, you may provide your real name or a pseudonym.
Note that using the names of other people (identity theft) constitutes a criminal offense under Section 238 of the German Penal Code (StGB).

Further personal data may be processed during the use of ZOOM, depending on the settings chosen and the content used during the meeting:

• User details: First name (optional), last name (optional), phone (optional), profile picture (optional)
• Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
• Recordings: MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat
• If dialing in by phone: Incoming number details, country name, start time, and real-time data. Further connection data, such as IP address, may be stored.
• Text, audio, and video data: You may have the option to use the chat, question, or survey features during an online meeting. Any text input you make will be processed for display and logging in the online meeting. To enable video display and audio playback, the data from your device’s microphone and any device cameras will be processed according to the duration of the meeting. You can turn off or mute the camera or microphone anytime via the Zoom application.

To join an online meeting or enter the meeting room, you must at least provide your name, which could be a fictitious name.

For more information on the processing of cookies, please refer to Zoom's cookie policy.

Transfer of Personal Data to Third Countries

Your personal data will be processed for the above-mentioned purposes and transmitted to ZOOM. ZOOM Video Communications, Inc. is a U.S.-based company headquartered in San Jose, California, USA. Therefore, the data processing occurs in a third country.
A data processing agreement in accordance with Article 28 GDPR has been concluded with ZOOM. Furthermore, an adequate level of data protection is ensured through the conclusion of so-called EU Standard Contractual Clauses, which IST-Hochschule für Management has entered into with ZOOM. ZOOM also meets the data protection guarantees under Articles 44ff. GDPR, as it has joined the EU-U.S. Privacy Shield.
ZOOM uses subprocessors to deliver its service. The same level of data protection applies to these subprocessors as is contractually agreed with ZOOM. The current list of subprocessors used by ZOOM can be found here.

Data Protection Configurations in ZOOM

To achieve the best possible protection of your personal data, data protection-friendly default settings have been made. The goal is to ensure that only a minimum amount of data is transmitted and stored. Specifically, the following settings have been made:

• Encryption: All audio and video streams are encrypted. End-to-end encryption is enabled for chat so that third parties cannot access the content. However, it should be noted that no personal details or other sensitive data are disclosed.
• “ZOOM Bombing” Prevention: Attackers can automate the generation of meeting IDs, allowing them access to public ZOOM meetings. For this reason, waiting rooms are used before meetings.
• Recording of Meeting Contents: Meetings may be recorded and stored either locally on a computer or in the ZOOM Cloud.

Notice Regarding Sensitive Data Usage
This service is not intended for the exchange of highly sensitive content. All users are therefore expressly warned that ZOOM’s audio and video streaming services should not be used for application procedures, employee discussions, or personnel matters. Furthermore, these services should not be used to transmit sensitive data such as health data.

Data Retention Period
Personal data is stored by ZOOM as a data processor under Article 28 GDPR for as long as necessary to provide the technical service and billing.

Online Appointment Booking – Microsoft Bookings

IST University of Management GmbH collects and processes personal data for the online booking of meeting appointments.
For this purpose, IST University of Management GmbH uses the "Microsoft Bookings" service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. A connection to the service is established only when you access the online booking feature via a button on our website. For more information on how user data is handled, please refer to Microsoft’s privacy policy.

Please note that you are not obligated to use Microsoft Bookings to schedule an appointment. If you do not wish to use the service, please use another available contact option to arrange an appointment.
The legal basis for the transmission, storage, and processing of your data is your consent (Article 6(1)(a) GDPR).
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.
You have the right to withdraw your consent to data processing or object to the use of your data at any time. In this case, intended communication with you will no longer be possible, and any ongoing communication cannot continue.

WhatsApp

If you use WhatsApp to contact us, we process your phone number, your name, and any other data you provide to respond to your inquiry or, if you have explicitly consented, to send you promotional messages.

For sending and receiving messages through our various communication channels, including WhatsApp, we use the Superchat service from SuperX GmbH, Oranienburger Str. 91, 10178 Berlin (“Superchat”). The data is stored on Superchat's servers in Germany on our behalf.

The provider of the WhatsApp service is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“WhatsApp”), a subsidiary of Meta Platforms, Inc. (formerly Facebook). WhatsApp processes the data in accordance with its privacy policy, which you can access here. The communication contents are end-to-end encrypted. WhatsApp may also collect additional so-called “metadata,” which can include information about the identity of the sender and recipient, as well as phone numbers, device information, and usage information (e.g., duration and frequency of usage). WhatsApp uses this data for its own purposes, such as improving the WhatsApp service. More information can be found in WhatsApp's privacy policy. We do not have knowledge of the details of this data processing and have no influence over it. We cannot exclude the possibility of data being shared with other recipients within the Meta corporate group in countries outside the EU, including the USA, which may not provide an adequate level of data protection.

The legal basis for the data processing by us is:

• Art. 6(1)(b) GDPR if the communication serves the initiation or execution of a contractual relationship;
• Your consent under Art. 6(1)(a) GDPR if you have subscribed to receive newsletters via WhatsApp;
• and in all other cases, our legitimate interest under Art. 6(1)(f) GDPR in processing your inquiry.

If the processing is based on your consent, the data will be deleted as soon as you withdraw your consent. You can withdraw your consent at any time by sending a message with the content “Stop” in the chat or by sending an email to Datenschutz@ist.de.

Otherwise, we will delete your data as soon as the purpose of processing is no longer necessary (e.g., once the inquiry has been fully answered). If there are legal retention periods preventing deletion, the data will be blocked for further use until the retention period expires.

Typeform

We use Typeform from TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona, Spain (Typeform) for some contact forms. You can recognize that we use Typeform by the "Typeform" logo displayed at the bottom right corner of the screen. Typeform allows us to provide you with an easy way to contact us.

For this purpose, we share the following personal data with Typeform:

• Email address*
• First name*
• Last name*
• Phone number

Mandatory fields are marked with an *.

Typeform is the recipient of your personal data and acts as a data processor for us, which is why we have concluded a data processing agreement with Typeform. The legal basis for these processing operations is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. You can revoke your consent to the processing of your personal data at any time. The revocation can be made via the contact options provided. Your data will be processed until your request has been answered. The legality of the processing carried out based on the consent until the revocation remains unaffected by the revocation.

The data is stored exclusively for the purpose of transmitting inquiries and responding to them. The mandatory fields serve to assign and respond to your concerns. You can also choose not to provide us with your personal data via such a contact form. Alternatively, you can contact us at the email address provided in this statement.

In addition to the data mentioned above, Typeform collects the following personal data using cookies: information about your device (IP address, device information, operating system, browser settings). Furthermore, usage data such as the date and time when you used the contact form is collected. For more information, please visit: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data.

For more information on objection and deletion options regarding Typeform, please visit: https://admin.typeform.com/to/dwk6gt.

Contact via the Website

The provider's website contains information required by law that enables quick electronic contact with our company and immediate communication with us, which also includes a general address for so-called electronic mail (email address). If a data subject contacts the controller by email or through a contact form, the personal data provided by the data subject is automatically stored. Such personal data voluntarily provided by the data subject to the controller will be stored for the purpose of processing or contacting the data subject. There is no disclosure of this personal data to third parties.

Newsletter

You can sign up for our newsletter on our website. To do so, we need your email address. Additionally, in compliance with the relevant legal requirements, we must verify whether you are indeed the owner of the provided email address and whether you wish to receive the newsletter. Therefore, we collect information that allows such verification. The data collected in this context is used solely for sending and receiving the newsletter. It has no other purpose and will not be shared with third parties. Except for the information necessary for sending the newsletter, no additional data is collected by us. Since the sending and receiving of the newsletter depends on your consent, you can revoke this consent for the collection and storage of your data at any time without giving any reasons. To do so, use the "unsubscribe link" provided in the newsletter.

Blog and Comments

The provider stores your IP address when you leave posts in the offered blog or otherwise within the internet offerings of the provider. You can voluntarily provide additional information. The storage is solely for the purpose of being able to retroactively assign posts that violate existing legal regulations, serving as protection for the provider.

In case of subscribing to blog posts and subsequent comments, you will receive an email from the provider to confirm that you are the owner of the entered email address and that you wish to subscribe to blog posts and subsequent comments. You can revoke your consent to the storage of your personal data at any time. Subscribed blog posts and subsequent comments can be unsubscribed at any time. You will be informed about the necessary steps in the confirmation email.

Discussion Forum

The personal user data of forum members can be viewed and edited in the section "Discussion Forum" - "Profile." The provider enables you to access your registration data online so that you can update, correct, supplement, or delete your data on the respective page of the provider's online offering where you entered your data. To protect your privacy and security, we take the necessary steps to verify your identity before granting you access to this data. To access your personal data, please go to the "Discussion Forum" - "Profile" section on the respective page of our online offering where you entered the data and follow the instructions provided there.

Study Groups

Upon request, the provider also organizes study groups. In this case, contact details of students will be shared with other students to enable them to get in touch. For this service, we will obtain your explicit consent prior to sharing your data with other students.

SSL Encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the padlock symbol in your browser bar.

When SSL encryption is enabled, the data you transmit to us cannot be read by third parties.

Right to Information, Correction, Blocking, and Deletion

You have the right at any time to obtain free information about your stored personal data, its origin and recipients, the purpose of the data processing, as well as the right to correction, blocking, or deletion of this data, provided that no statutory retention obligations prevent such actions.

If you have any reason to believe that we have stored incorrect data about you or if you wish to request the correction, blocking, or deletion of your data, you can also reach us at the following email address: Datenschutz@ist.de.

The provider reserves the right to change this privacy policy at any time, in compliance with applicable data protection regulations.