Privacy Policy

Latest status: February 29, 2024

Data Controller

Scrum Academy GmbH is committed to protecting your privacy. This Privacy Policy sets out the types of personal data we collect, who we share it with in relation to the services, on what legal basis we process data and what rights and options you have in this respect by law.

Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses or user behaviour. With regard to the other terms used below, such as "data controller" or "data processor", we refer to the catalogue of definitions in Article 4 of the EU General Data Protection Regulation ("GDPR").

The data controller (Art. 4 Para 7 GDPR) is:

Scrum Academy GmbH
Oststr. 11-13
50996 Cologne
Germany

Phone: +49 151 610 59 938‬
Email: team@scrum-academy.com

We have appointed a data protection officer. You can contact our data protection officer via datenschutz@scrum-academy.com.

General information

SSL or TLS encryption

When you enter your data on websites, place online orders or send e-mails via the Internet, you must always be aware that unauthorised third parties may access your data. There is no complete protection against such access. However, we do our utmost to protect your data as best we can and to close security gaps as far as we can.

An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data you transmit to us cannot be read by third parties. You can recognise the encryption by the lock icon before the internet address entered in your browser and that our internet address begins with https:// and not with http://.

How long do we store your data?

In some places in this privacy policy, we inform you about how long we or the companies that process your data on our behalf will store your data. If we don’t provide such information regarding a special processing activity, we store your data until the purpose of the data processing no longer applies, you object to the data processing, you revoke your consent to the data processing and provided that there are no statutory retention obligations that prevent a deletion.

However, in the event of an objection to processing or a revocation of consent given, we may continue to process your data if at least one of the following conditions applies:

We have compelling legitimate grounds for continuing to process the data which override your interests, rights and freedoms (only in the case of an objection to data processing; if the objection is to direct marketing, we cannot provide legitimate grounds).
The data processing is necessary to assert, exercise or defend legal claims (does not apply if your objection is directed against direct advertising).
We are legally obliged to retain your data (e.g. § 257 German Commercial Code (HGB), § 147 German Federal Tax Code, (AO)).

In this case, we will delete your data as soon as the requirement(s) cease to apply.

Your Rights

Objection to data processing

IF YOU READ IN THIS PRIVACY POLICY THAT WE HAVE LEGITIMATE INTERESTS FOR THE PROCESSING OF YOUR DATA AND THAT THIS IS THEREFORE BASED ON ART. 6 PARA 1 LIT. F) GDPR, YOU HAVE THE RIGHT UNDER ART. 21 GDPR TO OBJECT TO THIS. THIS ALSO APPLIES TO PROFILING WHICH IS CARRIED OUT ON THE BASIS OF THE AFOREMENTIONED PROVISION. THE PREREQUISITE IS THAT YOU STATE THE REASONS FOR THE OBJECTION WHICH RESULT FROM YOUR PARTICULAR SITUATION. NO JUSTIFICATION IS REQUIRED IF THE OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT ADVERTISING.

THE CONSEQUENCE OF THE OBJECTION IS THAT WE MAY NO LONGER PROCESS YOUR DATA. THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING CONDITIONS IS MET:

WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS.
THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.

THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS TO DIRECT MARKETING OR TO PROFILING RELATED TO IT.

Other Rights

Withdrawal of your consent to data processing

Many data processing operations are based on your consent. You give this consent, for example, by ticking the appropriate box on online forms before you send the form, or by allowing certain cookies when you visit our website. You can revoke your consent at any time without giving reasons (Art. 7 (3) GDPR). From the time of revocation, we may then no longer process your data. The only exception: we are legally obliged to retain the data for a certain period of time. Such retention periods exist in particular in tax and commercial law.

Right to complain to the competent supervisory authority

If you believe that we are in breach of the General Data Protection Regulation (GDPR), you have the right to complain to a supervisory authority under Article 77 GDPR. You may contact a supervisory authority in the Member State of your residence, place of work or the place where the alleged infringement took place. The right to complain exists alongside administrative or judicial remedies.

Competent supervisory authority for the Scrum Academy GmbH is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestr. 2-4, 40213 Düsseldorf, E-Mail: poststelle@ldi.nrw.de.

Right to data portability

We must hand over data that we process automatically on the basis of your consent or in fulfilment of a contract to you or a third party in a common machine-readable format if you request this. We can only transfer the data to another controller if this is technically possible.

Right to information, deletion and correction of data

According to Art. 15 GDPR, you have the right to receive information free of charge about which of your personal data we have stored, where the data comes from, to whom we transmit the data and for what purpose it is stored. If the data is incorrect, you have the right to have it corrected (Art. 16 GDPR), and under the conditions of Art. 17 GDPR you may demand that we delete the data.

Right to restriction of processing

In certain situations, you can demand that we restrict the processing of your data in accordance with Art. 18 GDPR. The data may then - apart from storage - only be processed as follows:

with your consent
for the assertion, exercise or defence of legal claims
to protect the rights of another natural person or legal entity
for reasons of important public interest of the European Union or a Member State.

The right to restrict processing exists in the following situations:

You have disputed the accuracy of your personal data held by us and we need time to verify this. Here, the right exists for the duration of the verification.
The processing of your personal data is unlawful or has been unlawful in the past. Here the right exists alternatively to erasure of the data.
We no longer need your personal data, but you need it to exercise, defend or enforce legal claims. Here you have the alternative right to have the data deleted.
You have lodged an objection in accordance with Art. 21 (1) GDPR and now your interests and ours must be weighed against each other. Here, the right exists as long as the result of the balancing has not yet been determined.

Data Collection on This Website

External hosting

Our website is hosted on a server provided by the following Internet service provider (hoster):

Amazon Web Services Inc.
410 Terry Avenue North
WA 98109-5210 Seattle, USA

How do we process your data?

The hoster stores all data from our website. This includes all personal data that is collected automatically or through your input. This can be in particular: Your IP address, pages accessed, names, contact details and enquiries, as well as meta and communication data. When processing data, Amazon Web Services Inc. complies with our instructions and only ever processes the data to the extent that this is necessary to fulfil its obligation to provide services to us.

On what legal basis do we process your data?

Since we address potential customers via our website and maintain contacts with existing customers, the data processing by our hosting serves to initiate and fulfil a contract and is therefore based on Art. 6 Para. 1 lit. b) GDPR. In addition, it is our legitimate interest as a company to provide a professional Internet offering that meets the necessary requirements for security, speed and efficiency. In this respect, we also process your data on the basis of Art. 6 Para. 1 lit. f) GDPR.

Use of Cookie

Our website places cookies on your device. These are small text files that are used for various purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are needed to perform certain actions or functions on the site (functional cookies). For example, without cookies it would not be possible to take advantage of a shopping basket in an online shop. Still other cookies are used to analyse user behaviour or to optimise advertising measures. If we use third-party services on our website, e.g. to process payment transactions, these companies may also leave cookies on your device when you access the website (so-called third-party cookies).

How do we process your data?

Session cookies are only stored on your device for the duration of a session. As soon as you close the browser, they disappear by themselves. Permanent cookies, on the other hand, remain on your device unless you delete them yourself. This can lead, for example, to your user behaviour being permanently analysed. You can influence how your browser handles cookies by changing the settings:

Do you want to be informed when cookies are set?
Do you want to exclude cookies in general or for certain cases?
Do you want cookies to be automatically deleted when you close the browser?

If you deactivate or do not allow cookies, the functionality of the website may be limited.

If we use cookies from other companies or for analysis purposes, we will inform you about this within the scope of this Privacy Policy. We also ask for your consent in this regard when you visit our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our online offers can be used by visitors without technical problems and that all desired functions are available to them. The storage of necessary and functional cookies on your device is therefore carried out on the basis of Section 25 (2) No. 2 of the Telecommunications Telemedia Data Protection Act (TTDSG) as well as Art. 6 Para. 1lit. f) GDPR.

We use all other cookies on the basis of § 25 Para. 1 TTDSG and Art. 6 Para. 1 lit. a) GDPR, provided you give us your consent.

With regard to consent given, you have the option at any time to change the decision made there and to subsequently give or revoke your consent. The cookie and consent banner (Usercentrics Consent Management) can be accessed at any time via the footer of our website.

The use of Usercentrics Consent Management is justified by our legitimate interests in accordance with Art. 6 Para 1 lit. f GDPR in the use of optimised consent management. With the help of the tool, we as the data controller can comply with our legal obligations under the TTDSG and the GDPR as well as the ECJ case law on cookies.

Overriding legitimate interests of the user that outweigh our interests are not evident.

Server Log Files

Server log files record all requests and accesses to our website and record error messages. They also include personal data, in particular your IP address. However, this is anonymised by the provider after a short time, so that we cannot assign the data to you personally. The data is automatically transmitted to our provider by your browser.

How do we process your data?

Our provider saves the server log files in order to be able to track the activities on our website and to find errors. The files contain the following data:

Browser type and version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address (anonymised if necessary)

We do not combine this data with other data, but only use it for statistical evaluation and to improve our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our website runs without errors. It is also our legitimate interest to obtain an anonymised overview of the accesses to our website. The data processing is therefore lawful according to Art. 6 Para. 1 lit. f) GDPR.

Contact Form

You can send us a message via various contact forms on this website.

How do we process your data?

We store your message and the information from the form in order to be able to process your enquiry including follow-up questions. This also applies to the contact details provided. We do not pass on the data to other persons without your consent.

How long do we store your data?

We delete your data as soon as one of the following occurs:

Your request has been conclusively processed.
You request us to delete the data.
You revoke your consent to the storage.

This only does not apply if we are legally obliged to retain the data.

On what legal basis do we process your data?

If your enquiry is related to our contractual relationship or serves to implement pre-contractual measures, we process your data on the basis of Art. 6 Para. 1lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process enquiries directed to us. The legal basis for data processing is therefore Art. 6 Para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 Para. 1 lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.

Enquiry by e-mail or telephone

You can send us a message by e-mail or call us.

How do we process your data?

We store your message as well as the contact details you have given us or the telephone number you have called us in order to be able to process your enquiry including follow-up questions. We do not pass on the data to other persons without your consent.

How long do we store your data?

We delete your data as soon as one of the following occurs:

Your enquiry has been conclusively processed.
You request us to delete the data.
You revoke your consent to the storage.

This only does not apply if we are legally obliged to retain the data.

On what legal basis do we process your data?

If your enquiry is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6 Para. 1 lit. b) GDPR. In all other cases, we process data based on our legitimate interest to effectively process enquiries directed to us. The legal basis for data processing is therefore Art. 6 Para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 Para. 1 lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.

Analysis tools, plugins and advertising

We use the following third-party tools to analyse the behaviour of our website visitors, show them advertising or offer other website features.

Your prior consent is required for the use of these tools in accordance with Art. 6 Para. 1 lit. a GDPR. We obtain this consent via the cookie banner of Usercentrics of the corresponding website.

By clicking on "Accept all" on our cookie banner, you also consent to your data being processed in the United States of America in accordance with Art. 49 Para 1 lit. a GDPR. The United States of America has been assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal remedy.

1. Google Analytics 4 (neue Version)

What is Google Analytics 4?
Tool for analysing user behaviour by Google Ireland Ltd.

Who processes your data?
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about Google Analytics data protection?
https://support.google.com/analytics/answer/6004245

On what basis do we transfer your data to the USA?
On the basis of the European Commission's standard contractual clauses (https://privacy.google.com/businesses/compliance/).

How can you prevent data collection?
Among other things, with a browser plug-in: https://tools.google.com/dlpage/gaoptout

How do we process your data?

We are always interested in optimising our web offer for visitors to our website and placing advertising in the best possible way. Google Analytics, a tool that analyses the behaviour of users and thus provides us with the necessary database for adjustments, helps us to do this. The tool provides us with information about the origin of our visitors, their page views and the time they spend on the pages, as well as the operating system they use.

Standard processing

To collect the data, Google Analytics uses cookies, device fingerprinting or other technologies to recognise users. The data is transmitted to Google servers in the USA and, with the help of the IP address that is also collected, is combined into a profile that can be assigned to you or your device.

You can prevent Google from processing your data by installing a browser plug-in provided by Google itself: https://tools.google.com/dlpage/gaoptout.

IP anonymisation

We have activated the "IP anonymisation" function within Google Analytics. For you, this means that Google will truncate your IP address (from the EU or EEA) before transmitting it to the USA. Only in exceptional cases does Google transmit the full IP address to servers in the USA and only truncate it there.

Demographic characteristics

We use the "demographic characteristics" function of Google Analytics to be able to display suitable advertisements to visitors to our website within the Google advertising network. As a result, reports may be generated that contain statements about the age, gender and interests of our site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. It is not possible to assign the collected data to specific individuals.

You can deactivate the function in the settings of your Google account.

How long do we store your data?

According to Google, data stored at user and event level that is linked to cookies, user IDs (e.g. user IDs) or advertising IDs is deleted or anonymised after 26 months (see https://support.google.com/analytics/answer/7667196).

2. Google Analytics Universal (old version)

What is Google Analytics Universal?
Tool zur Analyse des Nutzerverhaltens der Google Ireland Ltd.

Tool for analysing user behaviour by Google Ireland Ltd.

Who processes your data?
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about Google Analytics data protection?
https://support.google.com/analytics/answer/6004245

On what basis do we transfer your data to the USA?
On the basis of the European Commission's standard contractual clauses (https://privacy.google.com/businesses/compliance/).

How can you prevent data collection?
Among other things, with a browser plug-in: https://tools.google.com/dlpage/gaoptout

How do we process your data?

Standard processing

You can prevent Google from processing your data by installing a browser plug-in provided by Google itself: https://tools.google.com/dlpage/gaoptout.

IP anonymisation

Demographic characteristics

You can deactivate the function in the settings of your Google account.

How long do we store your data?

3. Google Tag Manager

What is Google Tag Manager?
Tag management system for the integration of tracking codes and conversion pixels of Google Ireland. Ltd.

Who processes your data?
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland

Where can you find more information about data protection with Google Tag Manager?
https://policies.google.com/privacy

On what basis do we transfer your data to the USA?
Google complies with the European Commission's standard contractual clauses (https://privacy.google.com/businesses/compliance/)

How do we process your data?

We use the Google Tag Manager. The tool helps us to integrate tracking codes and conversion pixels into our website, manage them and play them out. The Google Tag Manager itself does not create any user profiles, does not place any cookies on your device and does not analyse your behaviour as a user. However, it records your IP address, anonymises it and transmits it to Google servers in the USA.

On what legal basis do we process your data?

The Google Tag Manager helps us to play out tracking codes and conversion pixels only if you have agreed to them beforehand. As a company, we have a legitimate interest in this. The data processing is therefore lawful according to Art. 6 Para. 1 lit. f) GDPR.

4. Google Ads

What is Google Ads?
Online advertising programme of Google Ireland Ltd.

Who processes your data?
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland

Where can you find more information about data protection with Google Ads?
https://policies.google.com/privacy

On what basis do we transfer your data to the USA?
Google complies with the European Commission's standard contractual clauses (https://privacy.google.com/businesses/compliance/)

How do we process your data?

We use Google Ads. Google's advertising programme enables us to display advertisements in the Google search engine or on third-party websites when visitors to our website enter certain search terms on Google (keyword targeting). Furthermore, we can place targeted advertisements on the basis of the user data available at Google (e.g. location data and interests) (so called target group targeting). We evaluate the collected data quantitatively by analysing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

5. Google reCAPTCHA

What is Google reCAPTCHA?
Google reCAPTCHA is a service that checks whether data is entered by a human or by an automated program.

Who processes your data?
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland

Where can you find more information about data protection with Google reCAPTCHA?
For more information about Google reCAPTCHA please refer to the Google Data Privacy Declaration and Terms Of Use under the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

On what basis do we transfer your data to the USA?
Google complies with the European Commission's standard contractual clauses (https://privacy.google.com/businesses/compliance/)

How do we process your data?

The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.

After users have given their consent via our Usercentrics Consent Management, the reCAPTCHA analyses run entirely in the background. Without consent to the analysis, certain parts of the website, such as contact forms, may not be usable.

6. LinkedIn Insight-Tag

What is the LinkedIn Insight Tag?
The LinkedIn Insight tag is a conversion tracking and retargeting service provided by LinkedIn Ireland Unlimited Company.

Who processes your data?
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Where can you find more information about privacy at LinkedIn Insight-Tag?
https://de.linkedin.com/legal/privacy-policy

On what basis do we transfer your data to the USA?
LinkedIn adheres to the European Commission's standard contractual clauses (https://de.linkedin.com/legal/l/dpa).

How can you prevent data processing?
By objecting to personalised advertising in your LinkedIn account or on this page: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

How do we process your data?

The LinkedIn Insight tag creates a unique LinkedIn browser cookie in a visitor's browser and allows the following data to be collected for this cookie: metadata such as IP address, timestamp and page events (e.g. page views). For more information, please visit: https://www.linkedin.com/help/linkedin/answer/65521.

7. YouTube (with enhanced privacy)

What is YouTube?
Video Platform

Who processes your data?
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland

Where can you find more information about privacy on YouTube?
https://policies.google.com/privacy

How do we process your data?

You can watch YouTube videos on our website. In doing so, Google, as the provider of YouTube, collects and stores certain information about you. However, since we use YouTube in extended data protection mode, this only happens when you start a video. In concrete terms, the following happens in this case:

Google's servers are told which of our pages were visited from your device. If you are logged into your YouTube account while surfing, Google can assign your surfing behaviour directly to your personal profile. If you do not wish to do this, you must log out of your YouTube account before you continue to surf the Internet.
Google receives information about visitors to our website via cookies, device fingerprinting or similar recognition technologies. On this basis, the company then compiles video statistics, makes its application more attractive to users and prevents fraud attempts.
your data may also be processed beyond this. However, we are not aware of the details. We also have no influence on the processing.

Even if you do not start a YouTube video on our website, Google establishes a connection to its DoubleClick network and possibly also to other partners. The extended data protection mode therefore does not mean that Google processes no data from you at all when you visit our website.

8. Vimeo (without tracking)

What is Vimeo?
Video platform

Who processes your data?
Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA

Where can you find more information about data protection at Vimeo?
https://vimeo.com/privacy

On what basis do we transfer your data to the USA?
On the basis of standard contractual clauses of the European Commission and legitimate business interests (see https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights).

How do we process your data?

You can watch Vimeo videos on our website. As soon as you call up a page in which we have embedded a Vimeo video, this is communicated to the Vimeo servers. In the process, Vimeo also learns your IP address. However, as we have made appropriate settings in the Vimeo plugin, Vimeo will neither leave cookies on your device nor track your surfing behaviour.

9. OneSignal

What is OneSignal?
Tool for customer engagement via push notifications, email, SMS, and in-app.

Who processes your data?
OneSignal Inc., 2850 S Delaware St Suite 201, San Mateo, CA 94403, USA.

Where can you find more information about data protection at OneSignal?
https://onesignal.com/privacy

How do we process your data?

We offer browser and push notifications on our website. In this case, we send the selected notifications to your computer or mobile device, possibly without you needing to open our website or app, depending on your settings.

For this purpose, we use the service provider OneSignal Inc. OneSignal generates an ID from your device identifier (MAC address) and the app/website. This ID is stored on the push platform along with the settings you have chosen to provide you with the desired content. In this context, the following types of data may be technically processed:

country
device
channel
first_session
player_id
language_code
last_active
lat,lon,rooted
sessions
subscribed
tags
usage_duration
unsubscribed_at

On what legal basis do we process your data?

The legal basis for data processing in connection with the use of browser and push notifications is your consent pursuant to Art. 6(1)(a) of the General Data Protection Regulation (GDPR) in conjunction with Art. 7 of the GDPR. You can revoke your consent at any time with effect for the future. You can either disable browser or push notifications in your browser or on the corresponding device or manage your settings individually in our LMS. The data required for delivering subscribed push notifications will be stored by us until you deactivate the push notifications.

You are neither legally nor contractually obligated to provide personal data. However, if you wish to subscribe to our browser or push notifications, the collection of technical data is necessary. Otherwise, we will not be able to provide you with the desired browser or push notifications.

10. Font Awesome

If you have consented, our website uses icons from the Font Awesome icon library of the US company Fonticons Inc. The fonts are loaded from the servers of Fonticons Inc. when each page is called up.

Further information on Font Awesome can be found at https://fontawesome.com/ and there specifically in the privacy policy: https://fontawesome.com/privacy.

Newsletter and existing customer mailing

Rapidmail

What is Rapidmail?
Service for sending newsletters and analysing recipient behaviour

Who processes your data?
rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i. Br., Germany

Where can I find more information about data protection at Rapidmail?
https://www.rapidmail.de/datenschutz

Newsletter dispatch

How do we process your data?

We use Rapidmail to send out our newsletter. The service manages the data of the newsletter subscribers for us, sends our newsletter and analyses our newsletter campaigns.

If you would like to receive our newsletter, we need your e-mail address. We will also use a confirmation email (double opt-in procedure) to check whether you are really the owner of this email address. We do not collect any further data or only on a voluntary basis. We use your data exclusively for sending the newsletter.

If we send a newsletter via Rapidmail and you open it, a file contained in the newsletter automatically connects to the Rapidmail servers. In this way, the service learns that the newsletter has been opened and registers all clicks on the links it contains. In addition, Rapidmail collects technical information such as the time of the retrieval, the IP address, browser type and operating system.

You can unsubscribe from the newsletter at any time.

How long do we store your data?

After you have unsubscribed, your data will be deleted from the newsletter distribution list. Under certain circumstances, we may blacklist your e-mail address at the same time; this is necessary, for example, if we have received an objection to advertising from you. In this case, the data is stored on the basis of Art. 6 Para. 1 lit. f) GDPR.

Otherwise, we reserve the right to delete the data at any time after the purpose for which it was collected has ceased to exist or at our own discretion.

On what legal basis do we process your data?

By entering your data in the subscriber list, you consent to data processing by Rapidmail. This is therefore carried out lawfully on the basis of Art. 6 Para. 1 lit. a) GDPR. You can revoke your consent by unsubscribing from the newsletter or by sending us an informal message. For us, this means that we may no longer send you newsletters from this point on.

Sending mailings to existing customers

How do we process your data?

We use Rapidmail to send mailings to existing customers. The service manages the recipient data for us, sends out our mailings and analyses our existing customer mailing campaigns.

If we send an existing customer mailing via Rapidmail and you open it, a file contained in the mailing automatically connects to Rapidmail's servers. This tells the service that the mailing has been opened and registers all clicks on the links it contains. In addition, Rapidmail collects technical information such as the time of the retrieval, the IP address, browser type and operating system. You will only receive our existing customer mailings if you have already become a customer of the Scrum Academy GmbH in the past and have provided us with your email address as part of your booking for one of our events. In our mailings to existing customers, we will only inform you about our own and similar products and services.

Of course, you can object to the further sending of existing customer mailings to your e-mail address at any time with effect for the future, without incurring any costs other than the transmission costs according to the basic rates. All you need to do is send an informal e-mail to team@scrum-academy.com. Alternatively, you can use the unsubscribe link at the end of the existing customer mailing for your objection.

How long do we store your data?

After you have objected to further mailings, the data will be deleted from the existing customer mailing list and at the same time placed on a blacklist to ensure that you will not receive any further advertising. The storage is then based on Art. 6 Para. 1 lit. f) GDPR.

Otherwise, we reserve the right to delete the data at any time after the purpose for which it was collected has ceased to exist or at our own discretion.

On what legal basis do we process your data?

The dispatch of our existing customer mailings is carried out lawfully on the basis of § 7 Para. 3 UWG (German Act against Unfair Competition).

eCommerce and payment providers

Customer and contract data

How do we process your data?

When we conclude a contract with you, we need certain personal data from you. We collect, process and use this data only insofar as it is necessary to establish our legal relationship, to shape its content or to change it. If you can only use our services via our website or if the services are billed via the website, we also collect usage data insofar as this is necessary to enable you to use our offer or to bill the service used.

How long do we store your data?

We store your data until our legal relationship ends, unless we are legally obliged to keep the data for longer.

On what legal basis do we process your data?

We store your data in order to fulfil the contract with you or to carry out pre-contractual measures. The basis of the data processing is thus Art. 6 Para. 1 lit. b) GDPR.

Data transfer when using services and digital content

How do we process your data?

For the processing of the payment, we transmit your data to a payment service or the credit institution commissioned with the processing of the payment. We only pass on data that is absolutely necessary for the payment process. If we want to pass on data beyond this, we will obtain your consent.

On what legal basis do we process your data?

We pass on your data in order to fulfil the contract we have concluded with you. The basis of the data processing is therefore Art. 6 Para. 1 lit. b) GDPR. If you have consented to the transfer of your data, the data processing is based on Art. 6 Para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

Payment services

To enable you to conveniently pay for your purchases on our website, we use the services of payment services, i.e. external companies that process the payments for us. You can see which ones these are specifically from the list at the end of this section.

How do we process your data?

For the payment process, you must provide certain personal data, e.g. your name, your account details or credit card number. We pass this data on to the respective payment service. For the transaction itself, the respective contract and data protection provisions of the respective services apply.

On what legal basis do we process your data?

We pass on your data in order to fulfil the contract we have concluded with you. The basis of the data processing is therefore Art. 6 Para. 1 lit. b) GDPR. In addition, we have a legitimate interest in processing purchases as quickly, conveniently and securely as possible. In this respect, the legal basis is also Art. 6 Para. 1 lit. f) GDPR. If you have consented to the transfer of your data, the data processing is based on Art. 6 Para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

Which payment services do we use?

Stripe

What is Stripe?
Online payment service

Who processes your data?
Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Irland

Where can you find more information about Stripe's privacy policy?
https://stripe.com/de/privacy

On what basis do we transfer your data to the USA?
Stripe adheres to the European Commission's standard contractual clauses (see https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation).

FastSpring

What is FastSpring?
Merchant service for digital products

Who processes your data?
FastSpring B.V. Fred. Roeskestraat 115, 1076 EE Amsterdam, The Netherlands.

On what basis do we transfer your data to the USA?
Fastspring complies with the European Commission's standard contractual clauses (see https://fastspring.com/terms-use/seller-terms-service/clauses/).

Where can you find more information about FastSpring's privacy policy?
https://fastspring.com/privacy/

Where can you find more information about FastSpring's GDPR compliance?
https://fastspring.com/docs/about-gdpr-compliance/ and https://fastspring.com/terms-use/seller-terms-service/clauses/

Audio and video conferencing

As a company we are in contact with many people: Customers, business partners, service providers, etc. In doing so, we also use so-called online conference tools for the exchange, in addition to other means of communication. Information relevant to data protection law on the provider(s) of the tools we use can be found at the end of this section. If you communicate with us via such a tool, not only we, but in particular the provider of the respective tool, process your personal data.

How do we process your data?

Online conference tools collect and store various personal data in order to enable participation in an online conference and its smooth execution. In addition to registration, conference and technical data, this also concerns certain communication content.

Registration data: Your e-mail address and/or telephone number and, if applicable, other data that you provide when registering for the conference.

Conference data: The start, end as well as duration of your participation in the conference, the number of participants and other metadata about the conference.

Technical data: IP address, MAC address, device ID, device type, operating system and version, client version, camera type, microphone or loudspeaker and the type of connection.

Communication content: Cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards and other information shared while using the service.

For details on data processing, please refer to the privacy statements of the respective conference tool provider.

How long do we store your data?

As your communication partner, we delete your data on our systems as soon as one of the following occurs:

The purpose of the data processing no longer applies.
You request us to delete the data.
You revoke your consent to the storage.

This does not apply if we are legally obliged to retain the data.

Cookies remain on your terminal device until you delete them.

Conference tool providers also store your data for their own purposes. Please enquire directly with the providers what this means for the duration of the storage of your data.

On what legal basis do we process your data?

If we are already contractually connected or if you would like to conclude a contract with us, we use conference tools to fulfil the contract or to inform you about our services or products. In this respect, the data processing is based on Art. 6 Para. 1 lit. b) GDPR. Otherwise, the use of conference tools serves the purpose of simple and quick communication, without which we would not be able to run our business efficiently. We therefore also have a legitimate interest in data processing pursuant to Art. 6 Para. 1 lit. f) GDPR. Another legal basis may be your consent. Relevant in this case is Art. 6 Para. 1 lit. a) GDPR. This basis ceases to apply in the future if you revoke your consent.

Which online conference tools do we use?

Zoom

What is Zoom?
Communication platform for video meetings, voice communication, webinars as well as chats via desktop computers, telephones, mobile devices and conference room systems.

Who processes your data?
Zoom Communications Inc, 55 Almaden Boulevard, Suite 600, San Jose, CA 95113, USA

Where can you find more information about privacy at Zoom?
https://zoom.us/de-de/privacy.html

On what basis do we transfer your data to the USA?
Zoom Communications Inc. complies with the European Commission's standard contractual clauses (see https://zoom.us/de-de/privacy.html#_Toc44414846)

Microsoft Teams

What is Microsoft Teams?
Communication platform for teamwork

Who processes your data?
Microsoft Corp., One Microsoft Way, Redmond, WA 98052-6399, USA

Where can you find more information about Microsoft Teams privacy?
https://privacy.microsoft.com/de-de/privacystatement

On what basis do we transfer your data to the USA?
Microsoft adheres to the European Commission's standard contractual clauses (see https://docs.microsoft.com/en-us/compliance/regulatory/gdpr).

Use of our chatbot Henrik AI

We provide our users with Henrik AI, an AI-based chatbot. Henrik AI coaches and advises based on the Agile Academy's expertise.

The provision of personal data by you in the context of the chatbot is not required by law or contractually mandatory (Art. 13 Para. 2 lit. e GDPR).

a) Legal Basis

If you choose to transmit personal data to us via the chatbot, we will process this data exclusively to fulfill our legal obligations arising from the underlying user agreement between you and us. The legal basis is Art. 6 Para. 1 S. 1 lit. b GDPR.

b) Type of Data

The data processed in the context of our chatbot depends on the data you provide during correspondence with the chatbot. Primarily, this will involve knowledge and know-how on the subject of agility. In addition, we process your account name at the Scrum Academy when using the chatbot.

c) Purpose of Processing

The purpose of processing is to impart knowledge on the subject of agility and to collect feedback on the chatbot's responses. This specifically includes:

Answering questions and imparting knowledge on the topic of "agility" with a strong focus on our self-created knowledge base.
Feedback: Users can provide feedback on responses and thereby forward them to us; depending on the type of feedback, the user may receive further advice from one of our employees.
Coaching: Questions and conversations are generated within a coaching approach, such as with follow-up questions.

d) No Automated Use of Chat Data, Training of Henrik AI:

The data entered in the context of using the chatbot will not be used to train the model of our service provider, Open AI. Our own chatbot (Henrik AI) is also not trained directly or automatically by user inquiries. Rather, if a user provides feedback on a specific response, the model is manually adjusted accordingly, without making or documenting any connection to the user or the original question.

Example: User asks about Topic X → Our assistant cannot provide an answer → User reports this as feedback → We manually input material on Topic X into the model, so that this topic can be addressed in the future.

e) Duration of Storage:

Questions and answers handled via the chatbot are stored for 60 days. This retention period is due to our desire to enable users to access the context of recent chats with the chatbot and to use this context in the context of the bot's consulting services.

Otherwise, we delete personal data after storage is no longer necessary for the provision of our services and no legitimate interests on our part or legal retention obligations (e.g., § 147 Fiscal Code, § 257 Commercial Code) prevent deletion.

f) Disclosure to Third Parties

We treat personal data with the utmost care. We only transmit data to third parties if this is necessary for the performance and processing of contractual relationships, you have given us your consent, or if the transfer is otherwise permissible under relevant legal provisions.

We use various service providers as so-called processors within the meaning of Art. 28 GDPR, who, like us, are subject to European data protection regulations and whom we have obligated accordingly. For service providers based in the USA, if they are not certified under the EU-US Privacy Framework, we have concluded appropriate EU standard contractual clauses with the respective service provider.