Privacy policy pursuant to Art.

13, 14 of the General Data Protection Regulation (GDPR)

Welcome to our privacy policy. We at Increase Your Skills GmbH are pleased that you have found our website and that you are interested in our services. The following will provide you with comprehensive and transparent information about the processing of your personal data.

1. General Information

When you access our website https://increaseyourskills.com, or make use of our services, we process your personal data. First and foremost, we process your personal data in order to present our website to you in a functional and easy-to-use manner. In addition, we process your personal data only when necessary and permitted by applicable data protection laws and regulations.

Personal data is all information that can be used to identify you personally, e.g. your name, address, email address, IP address or your user behaviour. We process your personal data in particular by collecting, storing, deleting or modifying it. For example, we save your email address and the information you enter into our contact form in order to process your request. This privacy policy describes the information collection, processing, use, and disclosure practices of our website and services. Please read the following information carefully. The personal data are stored for only as long as necessary for the purposes for which they are processed.

From time to time, we may make changes to this privacy policy. Such changes do not have retroactive effect, they only apply to our future practice. Any such future modifications to this privacy policy will be posted on our website.

2. Scope

Our privacy policy applies to visits to our website and our software products, as well as our online presence on social media networks. First, we will explain which personal data we collect if you only visit our website or if you use the services on our website, such as our contact forms. Secondly, we will explain which personal data we process when you use our software products.

You will therefore learn specifically the purposes for and the extent to which we process your personal data, as well as the data protection rights to which you are entitled.

3. Name and Contact Details of the Controller and the Data Protection Officer

3.1 Controller

Increase Your Skills GmbH

Katharinenstraße 21 | 04109 Leipzig | Germany Email: info@increaseyourskills.com

Phone: +49 (0) 341 249 116 71

3.2 Data Protection Officer

Jan Marschner, LL.M.

Attorney | Data Protection Officer Markt 9 | 04109 Leipzig

Email: jm@datenschutzbeauftragter-leipzig.de Phone: +49 (0) 341 261 893 73

For questions regarding our privacy policy, the processing of your data, and the processing procedures, please contact us under the address above.

4. Transfer Mechanisms for Data Transfers

We will not transfer personal data from the EU to any country or recipient not recognized as providing an adequate level of protection for personal data within the meaning of the EU General Data Protection Regulation (GDPR), unless we first take all such measures as are necessary to ensure the transfer is in compliance with applicable data protection laws. Such measures may include (without limitation) transferring such data to a recipient that (i) is covered by a suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection for personal data, including the EU Commission’s adequacy decision for the UK and the EU-US Data Privacy Framework; (ii) has achieved binding corporate rules authorization in accordance with applicable data protection laws, including the GDPR; or (iii) has executed the Standard Contractual Clauses in each case as adopted or approved in accordance with applicable European data protection laws.

5. Processing of your personal data in connection with our web presence

5.1 Hosting

Description

We use external service companies (Strato AG, Hetzner Online GmbH) to host our website. The following personal data is collected during an individual's visit to our website (depending on the use of our services), and is stored on the servers of our service companies:

Personal master data Communication data Contract master data Log data

Our external service companies are based in Germany. Their server locations are generally in Germany or in a member state of the European Union or in another contractual state as per the Agreement on the European Economic Area.

Purpose

Our external service providers, or we ourselves, process your personal data in order to provide and operate our website as efficiently and safely as possible. We use the hosting services to provide infrastructure and platform services, computing capacity, storage space, database services and security services, as well as technical maintenance services.

Legal framework

These purposes form the basis of our legitimate interest in the storage of your personal data as per Art. 6(1)(f) of the GDPR. Our legitimate interests are, in addition to system security and stability, to enable the access, the evaluation of the usage data of our website and if necessary in the defense, investigation and any related prosecution of legal claims. The external service companies with which we work process your personal data only as per our instructions and on our behalf. As such, we have entered into a data processing contract with them in accordance with Art. 28(3) of the GDPR.

5.2 Access to our website / Creation of log files

Description

When you visit our website, even if only to inform yourself about our company and our services, your personal data will automatically be transmitted to us. This does not require that you actively provide information about yourself, e.g., by entering it in our contact forms, or that you use other features on our website (e.g. Google Maps). Your personal data will be sent to our servers by the browser that you used to visit our website and stored in log files.

The following personal data will be transmitted as mentioned above:

• IP address
• Date and time of access to our website
• Time zone differences to Greenwich Mean Time (GMT) Content of the request(specific page)
• Access status / HTTP status code Amount of data transferred
• Website that the request came from
• Browser (information about the browser you are using)
• Operating system and its interface (operating system of the computer you use to access the website)
• Language and version of the browser software

In principle, only your IP address from the aforementioned data is part of your personal data. For example, the browser you use, or your operating system are not personally identifiable as such. However, a personal connection can be established by combining it with your IP address or several criteria.

Purpose

Our servers are tasked with making our website available for you. They therefore accept your requests and process them in order to display our website correctly and to enable all functions. For example, the exchange of your IP address is technically mandatory. Your personal data is stored in log files so that we can associate your inquiries with you and optimise the design and structure of our website through an analysis. We therefore process your personal data for the purpose of the functionality and optimisation of our website as well as to ensure the security of our information technology systems.

Legal framework

These purposes form the basis of our legitimate interest in the storage of your personal data as per Art. 6(1)(f) of the GDPR.

Storage period

Your IP address will be stored by our external service provider (Strato AG) for a maximum of seven days and then deleted. A storage extension is possible. In this case, however, your IP address will be anonymised, e.g. by abbreviating it. A personal connection to you can no longer be made. It is only possible to view your IP address in the log files anonymously.

Obligation to provide / possibility to object

The collection of your personal data is, due to technical reasons, absolutely necessary for us. You can therefore not object to the processing of your automatically transmitted personal data.

Advertising purposes

We only use your personal data for the stated purposes. Your personal data in the log files will therefore not be merged with any other personal data or used for advertising purposes.

5.3 Use of cookies / Cookie consent tool “Cookiebot”

Description of cookies

We use so-called “cookies” on our website. Cookies are alphanumeric text files that your web browser automatically saves to your computer's hard drive when you visit our website. When you revisit our website, the information from the cookies is automatically sent back to our servers. Cookies enable us to recognise you as a visitor to our website. With the help of cookies, however, we cannot run programs on your computer, transmit viruses or the like.

Depending on their type, cookies can store different information.

Session cookies

We use so-called “session cookies”, also called temporary or transient cookies. Session cookies usually store the following information, which is generally not personal, but which offers you a more personalised use of our website:

• Session ID (session identifier / identifier to recognise multiple related requests from you and assign them to a session. For example, it detects whether a page has been opened several times in different windows.)
• Language setting Page setting Login status

Purpose

We use session cookies to secure the functionality of our website and to provide you with our website in a more user-friendly and effective way.

Legal framework

These purposes also form the basis of our legitimate interest in the use of cookies on our website as per Art. 6(1)(f) of the GDPR.

Storage period

The session cookies are automatically deleted when you close your browser.

Cookie settings

As a rule, the browsers are set to accept cookies by default. However, you can deactivate or block cookies in whole or in part in the settings of your browser at any time. Please note that you may not be able to use all the functions of our website without problems.

User profiles

We do not use your data, which we collect through the use of session cookies, to create user profiles.

Description of cookie consent tool "Cookiebot”

In order to use cookies in compliance with data protection, and so that you have control over the use of cookies, our website uses the cookie consent tool “Cookiebot” from the company Cybot A/S, 1058 Copenhagen, Denmark. The tool is displayed when you first access our website and you can then modify your cookie settings, i.e. declare your consent to the respective use of cookies. The technical cookies are already preset in the tool and are

therefore stored the first time you visit our website. You can change your cookie settings at any time by opening up the “Cookie Settings” field found in the footer of our website and making the corresponding changes in the tool (revoke your cookie consent by opting out).

5.4 Use of Google Analytics

Description

We use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics, in turn, uses cookies that enable an analysis of your use of our website. The information generated by the cookies about your use of our website is usually transmitted to a Google server in the USA and stored there. In addition to us, Google and the state authorities (USA) therefore have access to your data.

The following information will be transmitted:

• Browser type / version
• Operating system used
• IP address
• Time of the server request
• Previously visited page
• Duration of visit

We have activated the IP anonymisation “anonymizeIP” on our website so that your IP address is generally shortened beforehand by Google within the member states of the European Union or in other contracting states under the Agreement on the European Economic Area. However, in some cases, your full IP address may be transmitted to a Google server in the USA and shortened there.

Google uses the information generated by the cookies to evaluate the use of our website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. We ourselves use Google Analytics to analyse the use of our website and thereby constantly improve the quality and content of our website or adapt it to the target group. In addition, Google may use the collected data for its own purposes (e.g. creation of personal advertising, profiling) in order to link them to other data that you store, such as search history, personal accounts, usage data of other devices and all other data that Google has about you.

We use the Google Analytics function “demographic characteristics". This allows reports to be created that contain statements about the age, gender and interests of the web audience. This data comes from interest-based advertising from Google as well as from guest data from third-party providers. This data cannot be assigned to a specific person and can be deactivated at any time via the settings (https://adssettings.google.de/authenticated)

Legal framework

We only use Google Analytics if you give us your consent in accordance with Art. 6(1)(a) of the GDPR in this regard. No data relating to Google Analytics is collected prior to your consent.

You can revoke your consent at any time and change your cookie settings with effect for the future.

With your consent, you also agree that your personal data will be processed in the USA, Art. 49(1)(a) of the GDPR.

Storage period

Google Analytics keeps your data linked to cookies for fourteen months. They are then deleted or anonymised.

Settings

Google provides a browser add-on for deactivating Google Analytics. You can therefore prevent the collection of the data generated by the cookies and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

Information about Google

GoogleIrelandLtd., Gordon House, Barrow Street, Dublin 4, Ireland (For users of Google services who have their usual residence in the European Economic Area or Switzerland.)

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (For users of Google services who have their usual residence in the United Kingdom).

Further information on how Google processes your personal data can be found here:

• Terms: https://marketingplatform.google.com/about/analytics/terms/de
• Privacy policy: https://policies.google.com/privacy?hl=de&gl=de

5.5 Use of Google Tag Manager

Description

We use the Google Tag Manager on our website. The Google Tag Manager is a solution from Google LLC (“Google”), which facilitates the implementation of tracking tools and other services, so-called web presence tags, and enables their administration on an interface. For example, it makes it easier for us to implement Google Analytics on our website. A tag, in turn, is an element that is intended in particular to record predefined usage data and is stored in the source code of our website.

The Google Tag Manager is a cookie-free domain, which means that it functions without the use of cookies. It ensures that the usage data required by Google Analytics, for example, is forwarded to this analysis tool. However, with the help of the Google Tag Manager, no personal data will be processed, as the Google Tag Manager does not access this data. In some cases, your personal data is processed by Google Tag Manager on a Google server in the USA when it is forwarded.

Settings

If you have made a deactivation at the domain or cookie level, this deactivation remains place for all tracking tags that have been implemented via the Google Tag Manager.

Purpose

We use the Google Tag Manager for easy management and integration of multiple tags on our website.

Legal framework

These purposes also form the basis of our legitimate interest in the use of the Google Tag Manager; the legal basis is therefore Art. 6(1)(f) of the GDPR.

5.6 Use of LinkedIn Insight Tag

Description

We use the conversion tool “LinkedIn Insight Tag”, a tool from LinkedIn Ireland Unlimited Company, on our website. This tool allows us to analyse the use of our website and show you advertising based on your interests on other websites. To this effect, the tool sets a cookie in your browser, which, among other things, collects the following data from you:

• IP address
• Device and browser properties
• Page views

Your IP address will be shortened or hashed. Your direct identifiers will be removed within seven days to pseudonymise your data. Your remaining pseudonymised data will be deleted within 180 days. LinkedIn does not share any of your personal information with us but provides us with anonymised reports on ad activity on our website and through our website audience.

LinkedIn also offers retargeting. With the help of this data, we can show you advertisements on

other websites that are tailored to your interests. However, you will not be identified as a website visitor.

Purpose

On the one hand, we use LinkedIn Insight Tag to analyse the use of our website and thereby constantly improve the quality and content of our website and, on the other hand, to display personalised advertising to you.

Legal framework

We only use the LinkedIn Insight tag if you give us your consent in accordance with Art. 6(1)(a) of the GDPR (selection via the cookie banner). You can revoke your consent at any time and change your cookie settings.

Information about LinkedIn

Further information on data protection on LinkedIn can be found under the following link:

https://linkedin.com/legal/privacy-policy

5.7 Use of Meta Pixel

Description

We have integrated Meta Pixel on our website. The Meta Pixel allows us to measure the success of our Facebook advertising campaign outside of Facebook on our website by seeing whether you reached our website as a result of our Facebook advertising campaign.

The following data may be collected from you in this regard:

• Device information, IP address
• Page views (visited websites, access times, interest in page content).

Purpose

Meta Pixel is used to track the success of our Facebook advertising campaigns.

Legal framework

We only use Meta Pixel if you give us your consent in accordance with Art. 6(1)(a) of the GDPR (selection via the cookie banner). You can revoke your consent at any time and change your cookie settings.

Information about Meta

Further information on data protection on Facebook can be found here:

• Privacy policy: https://facebook.com/about/privacy/update

5.8 Use of Google Ads

Description

We use Google Ads, an advertising system from the US company Google LLC, for the targeted placement of advertising on Google (declared as an “ad” on Google) and search network partners (e.g. YouTube). If you click on a corresponding advertisement from us, Google sets cookies. These cookies allow Google (and we via Google Analytics) to determine whether you have reached our other pages via our advertisements. To measure the success of our advertisements, we receive the following statistical data from Google in relation to our advertisements: number of clicks, demographic characteristics (gender, age), day and time, device information and location data. In addition, we do not receive any data from Google that could identify you. We have no influence on the use of your data by Google.

Purpose

We use Google Ads to display interest-based advertising to our target group, to draw attention to our company, and increase sales of our e-learning products.

Legal framework

These purposes also form the basis of our legitimate interest in the use of Google Ads, Art. 6(1)

(f) of the GDPR.

Information about Google

GoogleIrelandLtd., Gordon House, Barrow Street, Dublin 4, Ireland (For users of Google services who have their usual residence in the European Economic Area or Switzerland.)

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (For users of Google services who have their usual residence in the United Kingdom).

Further information on how Google processes your personal data can be found here:

• Privacy policy: http://google.de/intl/de/policies/privacy

5.9 Contact (form / email / phone)

Description

You can contact us in various ways to get advice on our services. On our website, you can use the forms provided to contact us regarding inquiries, in particular requests for quotations.

However, you can also contact us by email or telephone, or we will use these channels to contact you.

Forms

If you enter your personal data in the input screens of our forms, your personal data will be transmitted to us and transferred to our CRM (see under the heading “CRM” in our privacy policy). In principle, you must provide the following required data so that we can process your requests accordingly (you already know this data because you entered it yourself):

• First name and surname
• Business email address and/or business landline number / business mobile number
• Company name
• If applicable, company size.

Email / Phone

If contact is made by email or telephone, we process the personal data that you give us via your email or telephone.

If you have consented to email/telephone contact in certain cases (e.g. form for a demo course

/ following our web seminars), we process the data that you provided to us via our forms. As a rule, this includes the following data:

• Your name (for personal contact)
• Your professional email address, and/or your professional telephone number (to contact you)
• Information about your company (e.g. company name, as we only sell to entrepreneurs and legal entities under public law)

Purpose

The processing of your data takes place for the purpose of communicating with you and/or for processing your requests:

We need

• Your name for personal contact
• Your business email address and/or business landline number/business mobile number for communication
• Your company name, as our services are only aimed at companies, legal entities under public law or a special fund under public law
• If necessary, your company size to create a corresponding quote

Legal framework

As long as the communication is in connection with the closing of a contract or allows us to fulfil the contract, then Art. 6(1)(b) of the GDPR is the legal basis. If this is not the case, the processing of your data is based on our legitimate interests, Art. 6(1)(f) of the GDPR, to respond to your inquiry or to process your request.

If you have expressly consented to contact by email/telephone, Art. 6(1)(a) of the GDPR is the legal basis. You can revoke your consent at any time with effect for the future, e.g. by emailing datenschutz@increaseyourskills.com. We will no longer contact you after receipt of your revocation.

Storage period

We store your personal data for the duration of the communication with you and delete your personal data when the communication has ended, i.e. when your concerns have been clarified, or there are no longer any contractual or statutory storage obligations.

If you have given us your consent, we will store your data until your revocation or until there are no longer any contractual or legal retention periods.

Data security

The details you provide to us in our forms will be sent using SSL / TLS encryption.

5.10 Online meetings / Web presentations (incl. online appointments)

Description

We may arrange online meetings with you to conduct location-independent meetings and/or web presentations to present our e-learning courses. For the web presentations, you can make appointments with us online via our website.

Appointment via HubSpot Meetings / Implementation via Microsoft Teams. To make an appointment for a web presentation, you can use the form provided for this purpose via our web presence. The form is synchronised with our Outlook calendars and automatically generates appointment calendar entries when appointments are made.

We use the meeting feature from HubSpot's Sales Suit to provide the form and service. HubSpot is an American software company with a subsidiary in Ireland (HubSpot Ireland Limited). To make an appointment, you must provide the following data:

• Email address
• First name and surname
• Company name
• Appointment information (date / time).

After the input process is complete, you will receive a confirmation email from us to the specified email address (so-called double opt-in procedure). After you confirm the link included in the confirmation email, the booking for your online appointment is finished.

We use Microsoft Teams to conduct our online meetings/web presentations. Teams is part of the Office 365 cloud package from the US provider Microsoft and is a solution to hold online video conferences. In principle, it is possible to upload or share files and/or record the video conferences while holding an online meeting with the tool. A recording will be made only with your prior consent and the recording process will be displayed to you and/or all participants in the Microsoft Teams app. You will receive information about participating in and implementing our online meetings/web presentations via Teams (e.g. participation link) by email.

To carry out our online meetings/web presentations, we process the following personal data:

• First name and surname
• Email address
• Company name
• Appointment information (time / date)
• Device used (e.g. tablet, smartphone)
• Use of the webcam
• Connection data
• Session data
• Any potential recording (only with consent).

HubSpot transmits data either to Ireland or to the USA. With regard to Microsoft, your personal data may also be transferred to the USA. We have entered into an order processing agreement with HubSpot. HubSpot and Microsoft currently guarantee compliance with the European data protection level through standard contractual clauses.

Purpose

Your personal data will be processed for the purpose of arranging appointments/conducting our web presentations/online meetings. We use the meeting feature of HubSpot to offer you the opportunity to make appointments with us independently and quickly. We use Teams to present our e-learning courses in a personal and simple way and to conduct online meetings. In addition, your personal data will be used for preparation and follow-up (e.g. sending documents) for the appointments.

Legal framework

We process your data to arrange appointments, given your consent in accordance with Art. 6(1)(a) of the GDPR. The implementation of the online meetings/web presentations allow us to fulfil the contract and/or assist you regarding the closing of a contract (including answering your pre-contractual inquiries), Art. 6(1)(b) of the GDPR. If this is not the case, we provide you with these services within the scope of our legitimate interest, Art. 6(1)(f) of the GDPR, including arranging of appointments and conducting our web presentations and online meetings. A recording of the online meetings/web presentations only takes place given your prior consent in accordance with Art. 6(1)(a) of the GDPR.

Information about HubSpot and Microsoft

For more information about how HubSpot and Microsoft process your personal data, click here:

HubSpot:

• Privacy policy: https://legal.hubspot.com/privacy-policy

Microsoft:

• Privacy policy: https://privacy.microsoft.com/de-de/privacystatement

5.11  Advertising (email)

Description

If you have concluded a contract with us for the use of our e-learning products, or have contractually used our consulting services, we will send you promotional emails from time to time. These emails are used to inform you about our products/services, which are similar to the products/services that you have previously used from us.

Legal framework

The legal basis is our legitimate interest, Art. 6(1)(f) of the GDPR, for the above-mentioned purpose. You have the right to object to receiving such emails at any time without incurring any costs other than those for the provision of services according to the basic rates. You can send your objection by email to datenschutz@increaseyourskills.com.

We will not send you any more promotional emails upon receipt of your objection. Under certain circumstances, however, the technical lead time involved in sending promotional emails may nevertheless result in such emails being sent after your objection. However, this does not mean that we have not or will not respect your objection.

Storage period

We will store your data until you object or until there are no longer any contractual or legal retention periods.

5.12 CRM

Description

We may store your data in our customer relationship management systems, or CRM systems for short. In this regard, we use the CRM from HubSpot and the Sales Cloud from Salesforce.com, Inc. (“Salesforce”). HubSpot and Salesforce are both U.S. software companies. HubSpot has a branch in Ireland (HubSpot Ireland Limited). With the help of CRM systems, we can centrally manage our business relationships, optimise and, in particular, simplify our business processes (e.g. email marketing, communication management).

In our CRM systems, the following personal data and/or information about your company is stored separately according to the purposes collected (sales/marketing):

• Name
• Title, if applicable
• Position, if applicable
• Business email address
• Business phone number
• Company name
• Company size
• Communication traffic
• Marketing data, if necessary
  • Linking Hotjar with HubSpot (overview [Dashboard] in HubSpot about your pseudonymised usage behaviour on our website [scrolls, clicks, duration, etc.]) Link Facebook to HubSpot (overview [Dashboard] in HubSpot about the success of marketing ad campaigns on Facebook; anonymised data collected [number of likes and clicks])
  • The specified data is automatically transferred to our CRM systems and separated according to the respective collection purposes when using our contact forms or via other means / media (e.g. linking with Hot jar and Facebook). Combining data that was collected for different purposes does not occur. An automatic transfer of your data to our CRM systems does not occur when you register for our demo courses/web seminars unless you have given us your consent to contact you.

The CRM systems are centrally managed within the MetaCompliance group. MetaCompliance Ireland Ltd based in Ireland, MetaCompliance Ireland Ltd Sucursal Portugal based in Portugal, MOCH AS based in Denmark and MetaCompliance Ltd based in the United Kingdom may access and process your data through using the CRM systems for the purposes described below.

Your personal data or information about your company may be transferred to the USA, i.e. outside the European Union or the European Economic Area.

HubSpot and Salesforce currently ensure compliance with the European level of data protection through standard contractual clauses. In addition, Salesforce and HubSpot are certified under the EU-US Data Privacy Framework.

We have entered into a data processing agreement with HubSpot and Salesforce.

 Purpose

We store your personal data or information about your company for administrative purposes, such as centrally managing, optimising and automating our business relationships and business processes.

Legal framework

Our use of CRM systems is carried out in accordance with Art. 6(1)(f) of the GDPR. Our legitimate interest also lies in the aforementioned purposes.

Storage period

If we store your personal data or information about your company in our CRM systems, your data will be anonymised after the purposes have come to an end, so that a personal connection to you cannot be made. Information about your company without personal reference, i.e. usually the company name, is not anonymised in order to avoid renewed contact.

Information about HubSpot and Salesforce

For more information about how HubSpot and Salesforce process your personal data, click here:

HubSpot:

• Privacy policy: https://legal.hubspot.com/privacy-policy

Salesforce:

• Privacy policy: https://salesforce.com/de/company/privacy

5.13 Integration of YouTube videos

Description

We include YouTube videos on our website, e.g. our promotional film. The videos are hosted on https://youtube.com and integrated into our website so that you, in principle, have the ability to play the videos directly from our website. We have integrated the videos into our website using an extended data protection mode, which means that the videos will only be played if you give us the necessary consent (you will be shown a corresponding text before playing). Only when you provide your consent will YouTube receive information that you have visited our website and/or the corresponding page and accessed the YouTube video found there, as well as any data stored in any cookies. YouTube receives this data when you play the videos, regardless of whether you are logged in to YouTube / Google at the time of playing or not.

YouTube stores your data for various purposes, including advertising and marketing purposes.

Legal framework

We only use YouTube videos if you give us your consent to do so in accordance with Art. 6(1)(a) of the GDPR (selection via corresponding text before starting the videos).

Information about YouTube

You can find more information about how YouTube processes your personal data here: Privacy policy (Google): https://policies.google.com/privacy?hl=de&gl=de

5.14 X (formerly Twitter)

Description

Embedding tweets

We occasionally embed tweets in our blog articles. If you access the corresponding blog articles or click on the embedded tweets, X may receive information about you, even if you do not have your own account with them. X refers to this information as so-called "log data". According to X, this log data includes information such as your IP address, browser type, operating system, information about the web presence you previously visited and the pages you viewed, your location, your providing mobile carrier, your device information (including device ID and application ID), search terms (including those not submitted as requests), and cookie information.

X states that it processes your log data to, among other things, better understand the use of its own services, protect the security and integrity of the platform, and display more relevant content, including ads.

We have no influence over which of your data X processes or who X passes your data on to. Since is a US company, your data may also be transferred to the US or other countries outside the European Union, regardless of your place of residence. Further information on how X processes data and which data protection settings you can make can be found on X.

X conversion tracking

We have integrated X conversion tracking on our website. With the help of X conversion tracking, we can measure the success of our X advertising campaigns and adapt our marketing strategies accordingly. Conversion tracking allows us to track your activity after you have seen or clicked on our X advertising campaigns; this means that we can track whether you have “found” the way from the X advertising campaign to our website. The data collected via conversion tracking is provided to us by X in anonymous form; we can only see the total number of people who have been redirected from a X advertising campaign to our website or a corresponding subpage. However, X has full access to your personal data, which is collected via conversion tracking. X may, among other things, connect this data to your X account and use it for its own purposes. Further information on how X processes your personal data can be found on X itself.

Purpose

We use X conversion tracking to track the success of our X advertising campaigns.

Legal framework

We only use X conversion tracking if you give us your consent to do so in accordance with Art. 6(1)(a) of the GDPR (selection via the cookie banner). You can revoke your consent at any time and change your cookie settings.

Information about X

If a data subject resides in the United States or any other country outside the European Union, the EFTA states, or the United Kingdom, the entity responsible for your personal data is X Corp., located at 1355 Market Street, Suite 900, San Francisco, CA 94103 USA. If a data subject resides in the European Union, the EFTA states, or the United Kingdom, the entity responsible for the personal data is Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Irland

• Privacy policy: https://twitter.com/de/privacy
• Settings: https://twitter.com/settings/account/personalization

5.15 Our Demo Courses

Description

We offer you the opportunity to register for our demo courses on our website. You can test our awareness courses for 14 days from registration in a scaled-down version in order to get a first

impression. Our awareness courses are characterised by cutting-edge animations, engaging activities and tests. This creates an effective learning experience where users gain knowledge quickly. To provide our course materials, we use a hosted and modified version of the open- source software solution Moodle. Your personal data will therefore not be forwarded to Moodle.

Registration / completion of our demo courses

You can register yourself via the registration form. You must enter your first and last name, your email address and your chosen password. We will then send a verification link to the email address you provided and ask you to change your password. If you test our demo courses, we process additional usage data from you, such as your course activities and registration periods.

Purpose

We process your registration data (name, email address, but not your password) to unlock our demo courses for you and add you as a user. Activation cannot take place without providing your name and email address, so you will not be able to test our courses without them. As a matter of course, we will collect your usage data for the implementation of our demo courses. This is not the same as requesting a trial of the MyCompliance platform. During a trial of the MyCompliance platform, section 6.4 below will apply.

Legal framework

We process your registration and usage data to enable you to test our demo course. The legal basis for this is Art. 6(1)(b) of the GDPR and our legitimate interest in the processing of your data, Art. 6(1)(f) of the GDPR.

Storage period

Your data will be automatically deleted 14 days after your registration.

6 Processing of your personal data when using our software.

6.1 Our IYS E-Learning Courses available on Moodle.

Description

You have the opportunity to participate in our e-learning courses. Our courses consist of cutting-edge animations, engaging activities and testing to create an effective learning

experience where users boost their knowledge quickly. To provide our course materials, we use a hosted and modified version of the open-source software solution Moodle. Your personal data will therefore not be forwarded to Moodle.

Registration / participation in our e-learning courses

When you participate in our e-learning courses, we process your personal data. This is in part the data you enter via our registration form. You must provide the following personal data when registering:

• First name and surname
• Email address
• A password (that you choose)

We will then send a verification link to the email address you provided and ask you to change your password.

If you then participate in our e-learning courses, we also process usage data from you, e.g.:

• Connection data (e.g. IP address, browser type, date and time of access) Registration data and possibly further information about yourself, which you may voluntarily enter on your profile page
• Course activities (e.g. which e-learning courses you have attended and what you have done during these e-learning courses)
• Performance results (e.g. result of your course completion exam) Your usage data is stored in log files.

Purpose

We process your registration data (name, email address, not your password) in order to provide you access to our e-learning courses and to add you as a user. We will inevitably collect your registration and user data for the implementation of our e-learning courses and for the subsequent creation of certificates for the completion of our e-learning courses. In addition, we will store your personal data in log files to ensure the functionality of our platform instance and the framework conditions for the implementation of our e-learning courses. Furthermore, your personal data is used to optimise the platform solution and to secure our information technology systems.

Legal framework

Our legitimate interest in the processing of your personal data pursuant to Art. 6(1)(f) of the GDPR is the aforementioned purpose. If the processing of your personal data is in connection with the closing of a contract, our corresponding contractual relationship, pursuant to Art. 6(1)(b) of the GDPR, is the legal basis.

Storage period

Your data will be stored for the duration of the contract period. After the end of the contract, your data will be deleted within 30 days, unless longer storage is required by law or contract.

You can delete your registration data or voluntary information about yourself at any time.

Your IP address will be stored for seven days and then deleted. Storage beyond this is possible. In this case, however, your IP address will be anonymised, e.g. by abbreviating it.

People authorised to receive your personal data

In principle, only the following authorised people can receive your personal data and access it:

• Admin
• Our employees
• Selected people from your company

Obligation to provide

The provision of your personal data is mandatory for participation in our e-learning courses; otherwise, you will not be able to complete them.

Data security

Our e-learning courses can only be used by those who are registered. Communication is carried out via an encrypted and authenticated connection. Authentication is performed via username and password. The connection is SSL encrypted.

Use of cookies

When you take part in our e-learning courses, session cookies are stored on your computer. These cookies are necessary so that you can access all the pages of our e-learning courses after your registration. Although you can disable or block cookies, you will not be able to use our e-learning courses if you do so.

Reporting dashboard

We provide you or your company with a so-called “reporting dashboard”. You or the selected company admin will then have an overview of the participation in our e-learning courses. At the most, the following personal data and/or further information from you will be processed:

• Name
• Result of the course examination Certificate of participation
• Remaining term of the license
• New registrations (users who have registered within the last twenty-four hours)

However, you can individually determine any storage of data in the reporting dashboard. Thus, the choices just described are only an overview and are implemented after individual arrangements are made with you.

6.2 Our IYS Phishing Attack Simulator (PAS)

Description / Purpose

We offer a phishing attack simulator for training employees. This requires us to process the personal data of employees. The personal data is processed for setting up access authorisations and sending simulated phishing emails, as well as for participation evaluation, automated reminders and certificate generation. The following personal data are processed:

• Personal master data (first and last name, professional email address, password [login data] of users who are assigned the role of company admin and company editor.
• Log files, connection data
• Log data about the creation, modification and deletion of items Permissions and responsibilities
• Time stamp

Legal framework

The legal basis for the processing of personal data in connection with providing this service is Art. 6(1)(b) GDPR.

Storage period

Your data will be stored for the duration of the contract period. After the end of the contract, your data will be deleted within 30 days, unless longer storage is required by law or contract.

People authorised to receive your personal data

In principle, only the following authorised people can receive your personal data and access it:

• Admin
• Our employees
• Selected people from your company

Obligation to provide

Providing your personal data is mandatory for the use of the phishing attack simulator; otherwise, you will not be able to use it.

6.3 Help desk (support via ticket system)

Description

You can submit your support requests regarding our IYS e-learning products via our help desk. We register your support requests in an electronic ticket system from Asana and in the use of the MetaCompliance, MyCompliance software on Zendesk.

Asana is a project management software from Asana Inc., a provider located in the USA who currently ensures compliance with the European data protection level by means of a standard contractual clause and who is certified under the EU-US Data Privacy Framework. We have entered into a data processing agreement with Asana.

Zendesk is another support ticketing software we use provided by Zendesk Inc. we have entered into a Data Processing Agreement via our group entity with. Zendesk assists us in monitoring communications with customers as part of onboarding and ongoing support. Zendesk Inc. is also located in the U.S.A, compliant with the European data protection level by means of a standard contractual clause and certified under the EU-US Data Privacy Framework.

We confirm receipt of your support requests by reiterating the request and we respond to your issues within the appropriate response time. In order to respond to your inquiries, we process the personal data that you provide to us via the help desk form. It is your name, email address and a description of the problem. In addition, you can specify the name of your company and send us a screenshot of your problem.

Gong.io Inc is a U.S. company that offers a software for call recording and is used to in the provision of our services to our customers. We have entered into a data processing agreement with Gong.io and use this software upon consent of the person calling. Gong.io currently ensures compliance with the European data protection level by means of a standard contractual clause and is certified under the EU-US Data Privacy Framework.

In addition to the mentioned third parties, support and help desk services may be performed by our affiliated companies, including MetaCompliance Ireland Ltd based in Ireland, MetaCompliance Ireland Ltd Sucursal Portugal based in Portugal, MOCH AS based in Denmark and MetaCompliance Ltd based in the United Kingdom may access and process personal data in connection therewith.

Purpose

We use the ticket system to ensure efficient support. With the help of the ticket system, we can sort, structure and categorise your support requests and keep an eye on our response and processing times.

The recording of customer calls enables us to analyze the quantity and quality of specific problems in connection with our services. We are able to summarize useful experiences and categorize the individual problems. Doing this allows for identifying critical application errors and optimising our services. The collected data will therefore be filtered according to the specific purpose of optimization and only linked to the optimization processes without any further use.

Legal framework

If the processing of your personal data is in connection with the closing of a contract for our services, Art. 6(1)(b) of the GDPR is the legal basis. If this is not the case, the processing of your data is based on our legitimate interests in ensuring functioning support, Art. 6(1)(f) of the GDPR.

Regarding the customer calls, the processing of your data is based on your consent in accordance with Art. 6(1)(a) of the GDPR. No data based on customer calls is collected prior to your consent. You can revoke your consent at any time.

Storage period

We store your support requests for the duration of the processing and for a reasonable period of time thereafter in order to be able to help you with new support requests as quickly as possible and to have all the necessary information. We delete your support requests (tickets) one year after our last communication with you.

Upon 30 days following termination or expiration of the Agreement with Gong, they shall delete all personal data still in their possession or control. This requirement shall not apply to the extent Gong is required by applicable law to retain some or all of the Customer Data, or to Customer Data it has archived on back-up systems (e.g., in the form of audit logs), which Customer Data Gong shall securely isolate and protect from any further Processing, except to the extent required by applicable law.

Information about Asana Inc.

• Privacy policy: https://asana.com/terms/privacy-statement

Information about Zendesk Inc.

• Data Processing Agreement: https://www.zendesk.co.uk/company/data-processing-form/

• Privacy notice of Zendesk Inc.: https://www.zendesk.co.uk/company/agreements-and-terms/privacy-notice/

• Information on security practices of Zendesk Inc.: https://www.zendesk.co.uk/trust-center/

• Sub-processors of Zendesk Inc.: https://support.zendesk.com/hc/en-us/articles/4408883061530-Sub-processor-Policy

Information about Gong.io

• Data Processing Agreement: https://www.gong.io/data-processing-addendum/

• Summary of credentials: https://help.gong.io/hc/en-us/articles/12971994113421-Summary-of-security-features#UUID-6892b061-7859-b4be-434e-5391ba084c5f

• Sub-processors: https://www.gong.io/sub-processors/

•  

6.4 Our MetaCompliance Group, MyCompliance software offering (MetaPhish, MetaPolicy etc as outlined here: Spezifikationen (metacompliance.com))

Description

We host the above referenced software and data on servers of Microsoft Ireland Operations Ltd. The relevant data centers of Microsoft are located in Dublin and Amsterdam.

We use Amazon Web Services EMEA SARL, located in Ireland, as our transactional e-mail provider.

Legal framework

The processing of your data occurs in connection with the provision of our services, therefore the legal basis is Art. 6(1)(b) GDPR. In addition, the processing is based on our legitimate interests in ensuring functioning services, Art. 6(1)(f) of the GDPR.

Storage period

Your data will be stored for the duration of the contract period. After the end of the contract, your data will be deleted within 90 days, unless longer storage is required by law or contract.

Customer entities can delete data held within the platform at any time.

Information about Microsoft Ireland Operations Ltd.

• Privacy Policy: https://docs.microsoft.com/en-us/legal/gdpr

• Sub-processors: https://go.microsoft.com/fwlink/p/?linkid=2096306

Information about Amazon Web Services EMEA SARL

• Privacy Policy: https://aws.amazon.com/blogs/security/new-global-aws-data-processing-addendum/

• Information on related security controls: https://aws.amazon.com/compliance/data-protection/

• Sub-processors: https://aws.amazon.com/compliance/sub-processors/

6.5 Invoicing Software

Description

We use a software developed by Maxio LLC based in the U.S.A., that automatically transfers the invoices as well as invoice reminders. Usually this operation does not include the processing of personal data. However, there may be few instances in which personal data may be processed in connection with our invoicing activities:

• First name and surname
• Email address

Therefore, our group entity has entered into a data processing agreement with Maxio LLC.

Legal framework

The legal basis for the processing is Art. 6(1)(b) GDPR. In addition, the use of invoicing software reduces costs and mistakes such as false invoices; the legal basis is therefore also our legitimate interest, Art. 6(1)(f) of the GDPR.

Storage period

We store your personal data relating to the invoicing for the duration of your contract and as would be necessary to fulfil our legal obligations thereafter.

Information about Maxio LLC

Privacy Policy which includes basis of data processing and related sub-processors is available here: Privacy Policy | Maxio

7 Processing your personal data in the context of our social media network presence

Description

We are active on the social media networks Facebook, Xing, LinkedIn, X and YouTube (our own channel) where we present information about our company, our services or communicate with you. We and/or the providers of the social media networks process your personal data when you visit our site in the respective social media networks. On the one hand, we process personal data that you provide to us via our page in the social media networks, such as your login name, your contact details, comments, username or a message to us. On

the other hand, our page's social media network providers furnish us with (anonymised) statistics and insights (representation of the target group in anonymised form). These help us obtain insights into the types of actions you take on our pages in the respective social media networks or watch our YouTube videos. In this way, we can gain insight into our target group or the reach of our posts.

In addition, your personal data is usually processed by the providers of the social media networks for the purpose of advertising and market research (e.g. tracking). Based on your user behaviour in the social media networks, user profiles can be created (normally through the use of cookies) and used for the purpose of placing presumably interest-based advertising inside and outside the social media networks you use. Detailed information regarding the processing of your personal data by the providers as well as how to exercise your data protection rights (e.g. deletion of your personal data) with respect to the providers can be found on the respective pages of the social media networks. We ourselves have no influence over which personal data the social media network providers process.

However, the following personal data are generally processed when you visit our site in the social media networks:

• Master data (e.g. name, address, email address)
• Content data (e.g. photos, videos, text input)
• Connection and usage data (e.g. IP address, device information, access times, websites visited, interest in content)

Your personal data, which you give when visiting the social media networks, will or may also be processed outside the European Union or the European Economic Area; in particular in the USA by Facebook, X, LinkedIn and Google (YouTube is a subsidiary of Google). The enforcement of your data protection rights may be made more difficult due to the different regulations in the individual countries outside the European Union or the European Economic Area with regard to data protection.

Your personal data will be processed by the providers of the social media networks regardless of whether you have an account with them or are logged in at the time you access the respective pages.

Purpose

We are active on social media networks and operate our own YouTube channel in order to better present our company and our services, notably our animated videos, and to reach a larger target group. We therefore process your personal data for marketing purposes as well as to communicate with you and to process your requests. We process the statistics and insights

obtained for the evaluation and improvement of our pages in the respective social media networks.

Legal framework

Our legitimate interest in the processing of your personal data pursuant to Art. 6(1)(f) of the GDPR is the aforementioned purpose.

Information on social media network providers Facebook

• Website: https://de-de.facebook.com
• Privacy policy: https://facebook.com/about/privacy/update
• Information about page insights data: https://facebook.com/legal/terms/page_controller_addendum

Xing

• Website: https://login.xing.com
• Privacy policy: https://privacy.xing.com/de/datenschutzerklaerungXing events FAQs on data protection for participants: https://xing- events.com/de/datenschutz-faqs-teilnehmer
• Xing events help section for ticket buyers: https://xing-events.com/de/support/hilfe-fuer- ticketkaeufer

LinkedIn

• Website: https://linkedin.com
• Privacy policy: https://linkedin.com/legal/privacy-policy

YouTube

YouTube is a subsidiary of Google; YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

• Our YouTube channel: https://youtube.com/channel/UCXCVPpqLHfzB2dx-cuNFkPA
• Google's privacy policy: https://policies.google.com/privacy?hl=de

X

• Privacy policy: https://twitter.com/de/privacy

8 Your data protection rights

In accordance with Art. 15 GDPR, you have the right to access the personal data stored about you. If inaccurate personal data has been processed, you have the right to rectify it in accordance with Art. 16 GDPR. If the legal requirements are met, you can request the erasure or restriction of processing as well as appeal against data processing (Art. 17, 18 and 21 GDPR). According to Art. 20 GDPR, you can invoke the right to data portability in the case of automated processing of data based on your consent or a contract with you.

Where data processing relies on your consent in exceptional cases, you may revoke this consent at any time with effect for the future, Art. 7(3) GDPR.

If you believe that any data processing is in breach of data protection law, you have the right lodge a complaint with a data protection supervisory authority of your choice (Art. 77 GDPR in conjunction with Section 19 of the German Federal Data Protection Act (BDSG)). This includes the data protection supervisory authority responsible for us: Saxon Data Protection and Transparency Commissioner, https://www.saechsdsb.de

Please contact us if you wish to modify or verify personal information that you have submitted, or if you have questions about the information that is maintained or if you want to exercise your rights concerning your personal data.

Last updated: March 2024

info@increaseyourskills.com

+44 20 4586 8499

Contact us!

Copyright © 2022, Increase Your Skills