Learn with us
Visit us
Kiron Open Higher Education gGmbH
c/o Impact Hub Berlin
Rollbergstraße 28A
12053 Berlin
E-Mail: info@kiron.ngo
c/o Impact Hub Berlin
Rollbergstraße 28A
12053 Berlin
E-Mail: info@kiron.ngo
Version 7.0 effective from 2nd of April, 2025
Data Privacy is a very important issue for us and we hold the protection of your personal data in very high esteem. The purpose of this Privacy Policy is to provide you information on how and to which purposes we’re collecting your personal data and how this will be processed. Particularly this Privacy Policy provides you with information about how we process your personal data when you visit our website, when you visit our social media pages, when we communicate with you as partner or client or learner, when you apply for open positions at Kiron, when you are a student on Kiron Campus and generally when you use the services offered through our website and through Kiron Campus. Your data will be processed in compliance with the applicable legal data protection regulations. Read this Privacy Policy carefully and contact us as indicated below if you have any questions.
The sections of this Privacy Policy apply to the websites www.kiron.ngo (“Website”) and/or campus.kiron.ngo (“Campus”). If you visit another website, the data protection provisions of the respective website operator apply. If links to other websites are placed on our website or on Campus, we have no influence nor control on the content of such websites and the way they process personal data. We recommend that you read the respective privacy notices to obtain information on how your personal data is collected and processed.
This Privacy Policy is organized as follows:
The information provided in this section provides general information, which applies to all services and processes, unless specified otherwise within the specific sections.
Responsible for the collection and processing of your data in accordance with Art. 4 para 7 GDPR is:
(“Kiron”, “we”, “us” or “our”)
You can contact our Data Protection Officer as follows:
Our Privacy Policy aims to be simple and understandable for everyone. The terms used in this Privacy Policy, unless they are defined herein or in other sources we explicitly refer to, correspond to the official terms of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, “GDPR”). Such official terms are defined in Art. 4 GDPR. The full text of the GDPR can be found here.
We use the services of Amazon CloudFront, a content delivery network (CDN) operated by Amazon Web Services (“AWS”), with the purpose to make content such as photographs, web videos or other large media available quickly and securely. The CDN uses proxy servers worldwide, which store the files locally and thus improve the access speed when downloading. This CDN collects data such as e.g. IP address, the website accessed, the referrer URL, the browser used and the operating system used.
We have concluded a data processing agreement with AWS. Using AWS, personal data may be transferred to the U.S. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Amazon Web Services Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified here
Contact: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855, Luxembourg
More information: aws.amazon.com/compliance/eu-data-protection
In order to optimize our services, we use cookies on different pages of the Website and of the Campus platform. Cookies are small text files that are stored on your device. Some of the cookies will be deleted at the end of your browser session (so-called session cookies). Other cookies may remain on your device and allow us to identify your browser the next time you visit the Kiron platform (so-called persistent cookies).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behavior or display advertising.
Technically necessary cookies are stored on the basis of Art. 6 para. 1 s. 1 lit. (f) GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimised presentation of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 s. 1 lit. (a) GDPR. This consent can be withdrawn at any time for the future. The legal basis may also result from Art. 6 para. 1 s. 1 lit. (b) GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
On our Website and on Campus we give you the opportunity to select the type of cookies that will be used in addition to such cookies that are essential for the functionality of the Website (“Strictly Necessary Cookies”). Provided you have given your consent, we also use cookies in order to statistically record the use of our website or of Campus and to evaluate it for the purpose of optimising our offer to the users. Insofar as cookies are used for analysis purposes, we will inform you of this separately within the framework of this privacy policy and obtain your consent. These cookies enable us to automatically recognize when you return to our site that you have already visited our website. These cookies are automatically deleted after a certain period (max. 14 months).
You can set your browser to
The cookie settings can be managed under the following links for each browser:
You can also manage cookies of many companies and functions used for advertising individually. To do this, use the appropriate user tools, available at www.aboutads.info/choices or www.youronlinechoices.com/uk/your-ad-choices.
Most browsers also offer a so-called "do-not-track function". When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be "tracked" for behavioural advertising and the like.
For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:
Additionally, you can prevent the loading of so-called scripts by default. "NoScript" allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: addons.mozilla.org/de/firefox/addon/noscript).
In case of non-acceptance of cookies, the functionality of the Kiron Website or of Campus may be limited.
We may use a number of other external services embedded in our website and/or on Campus to better display certain content or deliver additional services. Below is a list of services and their respective privacy policies:
We use "Google Fonts" on our website and on Campus, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: "Google"). Google Fonts enables us to use external fonts. For this purpose, the required Google Fonts are loaded into your browser cache by our web server when you access our website and Campus. This is necessary so that your browser can display a visually improved representation of our texts. If your browser does not support this function, a standard font will be used by your computer for display.
The fonts are hosted by us and therefore are not loaded by an external provider. This requires the processing of your IP address.
We use Google Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly. The legal basis for the data processing is our legitimate interest (Art. 6 para. 1 lit. (f) GDPR).
On our website and on Campus we embed videos from "YouTube", a social media platform of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). The legal basis for the processing of your personal data is your given consent according to Art. 6 para. 1 lit. (a) GDPR.
When the display of the embedded YouTube videos is started by your consent, a server call is made, usually to a Google server in the United States. This server is informed of the page you have accessed, and the IP address of the visitor's browser is transmitted to Google and stored by Google.
In case of your consent, YouTube also uses cookies to collect information about user behaviour. According to YouTube, these cookies are used, among other things, to collect video statistics, improve the user experience and prevent abuse. If you are signed in to Google, your information may also be associated with your account when you click on a video. If you do not want your data associated with your YouTube profile, you must sign out before activating the button. Google will store this information in the form of a user profile and use it for the purposes of advertising, market research and/or improving the user experience on its websites. In particular, this analysis is used (including for users who are not logged in) to display relevant advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To do so, please contact Google directly.
Since a transfer of personal data by Google to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: dataprivacyframework.gov/s/participant-search
For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. (c) GDPR. These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.
Further information on data protection and data use by Google can be found on the following Google website: policies.google.com/privacy
We recognize that some data protection laws vary based on the age of consent. Depending on the jurisdiction, the age of consent can be between 13 to 16 years old. We do not knowingly request to collect personal information from any data subject (as defined in the GDPR) under the age of consent as defined by the jurisdiction in which the data subject resides. If we are aware of or suspect that a data subject is under the age of consent, we will require the data subject to terminate their account or any usage of our services. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of consent using any of our tolls or services.
More strict rules apply for the access to Kiron Campus (s. Section E, para 1, sub-para a.).
This section describes how Kiron handles your personal information when you visit the website www.kiron.ngo ( “Website” or “our website”).
Our website www.kiron.ngo is hosted on Webflow, a platform and service provided by Webflow Inc. We have concluded a data processing agreement with Webflow Inc. Accessing our website, personal data may be transferred to the U.S. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Webflow, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: dataprivacyframework.gov/s/participant-search
More information: webflow.com/legal/privacy
When you visit our Website, the browser on your device automatically sends information to the server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
The mentioned data will be processed for the purpose of ensuring a smooth and stable connection of the Website and a comfortable use of our Website for the users as well as to evaluate the system security and stability and for other administrative purposes. The legal basis for data processing is Article 6 para. 1 s. lit. (f) GDPR. Our legitimate interest follows from the purposes listed above for data collection.
The saved logs will not be retained for any period longer than 12 months.
Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies" and web beacons.
Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. (a) GDPR on the legal basis of your given consent.
We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.
We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.
Since a transfer of personal data by Google to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: dataprivacyframework.gov/s/participant-search
For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. (c) GDPR. These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.
The terms of use of Google Analytics and information on data protection can be accessed via the following links:
google.com/analytics/terms
policies.google.com/privacy
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.
You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at tools.google.com/dlpage/gaoptout.
Our Website also uses Meta Pixel, an analytical tool provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Meta Pixel helps us measure the effectiveness of our Facebook and Instagram advertising by tracking the behaviour of the Website visitors. To this purpose Meta Pixel uses cookies and similar technologies.
The tool tracks user behaviour on our website and links the information with the user data of our website visitors on Facebook.
Since a transfer of personal data by Meta to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Meta Platforms, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: dataprivacyframework.gov/s/participant-search
For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. (c) GDPR. These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.
The terms of use of Meta and information on data protection can be accessed via the following links:
www.facebook.com/legal/terms
www.facebook.com/privacy/policy
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.
You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also manage how Meta collects the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Meta as indicated at facebook.com/privacy/policies/cookies
Our Website also uses Linkedin Insight Tag, an analytical tool provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Linkedin Insight Tag helps us measure the effectiveness of our advertising by tracking the behaviour of the Linkedin members visiting our Website. To this purpose Linkedin Insight Tag uses cookies and similar technologies and collects data, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp.
The IP addresses are truncated or hashed, and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 180 days.
Since a transfer of personal data by Linkedin to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Linkedin Corporation is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: dataprivacyframework.gov/s/participant-search
For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. (c) GDPR. These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.
The terms of use of LinkedIn and information on data protection can be accessed via the following links: linkedin.com/legal/user-agreement
linkedin.com/legal/privacy-policy
You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also manage how LinkedIn collects the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by LinkedIn as indicated at: linkedin.com/psettings/guest-controls/retargeting-opt-out
Through our website we also present certain programs that have been created to address specific needs or specific target groups or that are the result of certain partnerships. If you click on the link on the website leading to the presentation of the program, you may be redirected to the landing page of that program. To build landing pages, we may use the services of an external service provider, Landingi Sp. z o. o., an organisation based in ul. Dworcowa 25, 44-100 Gliwice, Poland. When you visit a program page that has been built with Landingi, the following personal data will be processed:
Name, e-mail address, IP address as well as other data specified in the forms included on the landing page.
We have concluded a data processing agreement with Landingi.
The mentioned data will be processed for the purpose of enhancing user experience (e.g. ensuring a smooth and stable connection of the landing page and a comfortable use of the landing page for the users) as well as to monitor performance, evaluate the system security and stability and for other administrative purposes, particularly for follow up communication. The legal basis for data processing is Article 6 para. 1 s. lit. (f) GDPR. Our legitimate interest follows from the purposes listed above for data collection.
More information:
landingi.com/company/gdpr
landingi.com/company/dpa
We process the data you enter in the donation input mask on the website in order to process the payment of donations by you via the donation platform fundraisingbox.com, embedded in the website. The platform is operated by Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg, Germany. The information you enter in the donation input mask is transmitted to fundraisingbox.com by clicking on the "Donate Now!" button and is processed to complete your donation using the chosen payment method and to issue a donation receipt.
The legal basis for the above mentioned processing is Art. 6 para. 1 lit. b GDPR.
Further information on the handling of personal data in connection with the fundraisingbox.com plugin can be found here fundraisingbox.com/privacy
If you have any questions or remarks, we offer you the opportunity to contact us using the online form available to this purpose or by email or per post at the contacts as indicated here.
When you contact us through the form on the Website we may collect and process personal information from you, including but not limited to:
We process your personal information you have transmitted on the basis of Article 6 para. 1 s. 1 lit. (f) GDPR. Our legitimate interest is to answer your questions and inquiries.
Your personal information will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this section, or as otherwise required by applicable law. Generally this means your personal information will be kept for the duration of the inquiry process plus a reasonable period of time on a case by case basis.
Within Kiron, only those departments and employees will have access to your data that need it to manage the incoming messages and to process the inquiries.
We will not transfer your personal data to any external third party, except for the purpose of managing our correspondence with you, where we may work with a specialised provider contracted by us (s. para 1).
If you contact us per e-mail, we may use the services of Gmail. Our kiron.ngo e-mail address is maintained by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") and administered by Kiron as part of Google-for-Nonprofits program. All information and data you choose to share with us by E-mail is processed automatically by Google in one of their secure data centers. We have concluded a data processing agreement with Google Workplace. Through the use of Google Workplace, personal data may be transferred to the USA. Google (Google LLC) is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: policies.google.com/privacy?hl=de&gl=de
For possible transfers to other third countries outside the EU and EEA for which there is no adequacy decision by the EU Commission, the provider states that it uses standard data protection clauses in accordance with Art. 46 para. 2 lit. (c)lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe, see here.
We use the online map service provider OpenStreetMap via an iframe. Provider of the map service is OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. This allows us to display interactive maps directly on the website and on Campus and it makes it easy for you to use the map function. To use the functionalities of OpenStreetMap the following data is processed: Browsertype and version, IP address, referrer URL, date and time of server request.
For the UK, there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPROpenStreetMap stores personal data other than any associated with a tile request (for instance, IP addresses and request details) in the United Kingdom and the Netherlands. Backups are stored in the EU. Map tiles are provided by a global network of cache servers; which tile server your browser or app accesses is determined by the operation of the content distribution network at the time of the request.
Further information on the handling of user data can be found in Open Street Mape's privacy policy.
OpenStreetMapGoogle uses Cookies to collect information about user behavior. The legal basis for the processing of your personal data is your given consent according to Art. 6 para. 1 lit. (a)lit. a GDPR, Sect. 25 para. 1 TTDSG.
Further information about cookies applied by OpenStreetMap can be found here.
Via our website you can also register for our Newsletter. In this case, you will have to confirm your consent to receiving a newsletter with information about Kiron.
We collect your name and email address so that we can deliver the requested periodical email newsletter from Kiron to you. We also collect information on your interest in subscribing to the newsletter. No other data is collected for the purpose of sending the newsletter. We use the so-called double opt-in procedure for sending the newsletter. This means that we will not send you our newsletter by email until you have expressly confirmed that you agree to the dispatch of newsletters. In the first step, you will receive an email with a link to confirm that you, as the owner of the corresponding email address, would like to receive the newsletter in the future. With the confirmation you give us your consent according to Art. 6 para. 1 s.1 lit. (a) GDPR that we may use your personal data for the purpose of the desired newsletter dispatch.
When registering for the newsletter, in addition to the email address required for sending the newsletter, we store the IP address via which you have registered for the newsletter as well as the date and time of registration and confirmation so that we can trace any possible misuse at a later point in time.
You can, of course, unsubscribe from the newsletter at any time via email privacy@kiron.ngo, or, better, by following the instructions provided at the bottom of each newsletter. After unsubscribing, your email address will be promptly removed from the system handling the newsletter.
Your name and email address will be stored on Kiron’s secured server (s. Section A, para. 4, subpara. a. and b). Within Kiron, only those departments will have access to your data that need it to carry out the mailing of the Newsletter.
Our email newsletters are sent via a technical service provider to whom we pass on the data you provide when you register for the newsletter. This forwarding is carried out in accordance with Art. 6 para. 1 s. 1 lit. (f) GDPR and serves our legitimate interest in the use of an effective, secure and user-friendly newsletter system. The data you enter to subscribe to the newsletter (e.g. email address) will be stored on servers located in the EU.
The service provider uses this information for the dispatch and statistical evaluation of the newsletter on our behalf. For evaluation purposes, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. In this way it can be determined whether a newsletter message was opened and which links were clicked on, if applicable. Conversion tracking can also be used to analyze whether a predefined action (e.g. purchase of a product on our website) was carried out after clicking on the link in the newsletter. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). The data is only collected pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
We have concluded an order processing contract with our email service provider in which we oblige him to protect our customers' data and not to pass it on to third parties.
Email service provider:
Service provider: Mailjet by Sinch
Address: Mailjet SAS,13-13 bis, rue de l’Aubrac, 75012 Paris, France www.mailjet.com
A transfer to other third parties may only take place with your consent (Art. 6 para. 1 s. 1 lit. (a) GDPR) or if we are legally obliged to do so in individual cases (Art. 6 para. 1 s. 1 lit. (c) GDPR).
We use the services of Slack Connect for communicating with external partners, a product of Slack Technologies LLC based in the USA, which is a Salesforce Inc. company.
The legal basis for this processing is our legitimate interest in maintaining contacts made in the course of business transactions beyond the initial contact and in using them to establish business relationships and to remain in contact with the persons for this purpose according to Art. 6 para. 1 s. 1 lit. (f) GDPR.
We have concluded a data processing agreement with Slack. Since a transfer of personal data by Slack to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Slack Technologies LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: dataprivacyframework.gov/s/participant-search
For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. (c) GDPR. These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.
The terms of use of Slack and information on data protection can be accessed via the following links: app.slack.com/trust/compliance/gdpr
slack.com/intl/en-gb/main-services-agreement
slack.com/intl/en-gb/trust/privacy/privacy-policy
The purpose of Kiron is to offer courses through an online learning platform called Kiron Campus (“Campus” or “Platform”). In this section we provide information about how your data is handled and processed on Campus at different stages when you apply to become a student at Kiron (“Student” or “Kiron Student”), when you are a Student and when you stop being a Student. Also this section will describe how your data is processed through the different services that Kiron offers on or via the Platform to its Students.
Data Privacy is a very important issue for us and we hold the protection of your personal data in very high esteem. In this chapter we inform you how your personal data, that is collected when you use our Social Media Channels on social networks and plattform, is processed. Your data is processed in accordance with the applicable laws and regulations.
The controller named at the beginning of this privacy policy (hereinafter referred to as "we/us") operates websites or "fan pages" on various social media platforms. We are jointly responsible for the processing of your personal data in connection with your visit to our presence or our "fan page" on the Facebook, Instagram and LinkedIn platforms with the operators of the respective platform named here under i), insofar as they provide us with aggregated information about visitors to our fan page or our presence ("Insights"). Detailed information on the scope of processing under joint responsibility in relation to the respective providers can be found in the second section of this privacy policy.
The platform operator for Facebook and Instagram is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, a subsidiary of Meta Platforms, Inc, 1601 Willow Rd Menlo Park, CA 94025-1452, USA. The operator of the LinkedIn platform is: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W Maude Ave Sunnyvale, CA, 94085-2810 USA.
We have concluded an agreement with the operators in accordance with Art. 26 GDPR on joint responsibility for the processing of your personal data (Controller Addendum) with regard to Facebook. This agreement specifies which data processing operations we or the respective operator are responsible for when you visit our fan page or our presence on the platform of the respective operator. You can view this agreement at the following link:
Facebook: facebook.com/legal/terms/page_controller_addendum
LinkedIn: legal.linkedin.com/pages-joint-controller-addendum
If your personal data is processed by one of the providers of social media platforms listed below, this processing is the responsibility of the platform operator within the meaning of Art. 7 No. 4 GDPR. For the assertion of your rights as a data subject, we would like to point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. If you still need help, please feel free to contact us at any time.
If we pass on personal data to the providers of social media platforms, the latter are recipients of the data within the meaning of Art. 4 No. 9 GDPR. As personal data is transferred to countries outside the EU and the EEA (including the USA) when visiting and interacting with the social media platforms we use, further protective mechanisms are required to ensure the level of data protection under the GDPR.
In cases where providers process your personal data under their own responsibility (para 1, sub-para a. ii.), we have no influence on the processing of this data by the provider and their handling of this data (at least after transmission of the data). For further information, please check the privacy policy of the respective provider and, if necessary, use the opt-out / personalization options with regard to data processing by the provider:
When you visit our Facebook fan page or our other social media sites, one or more cookies are placed on your device by the platform provider. Cookies are small text files that are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or display advertising.
By interacting with our Facebook fan page or our other social media presences, information (e.g. your IP address) may be accessed or information (e.g. cookies) may be stored in your end devices. This access or storage may involve further processing of personal data within the meaning of the GDPR.
The period of activity or validity of cookies can vary greatly, but you can delete them manually at any time using your web browser settings. If you have any technical questions, please contact the manufacturer of your web browser. Further information on the use of cookies and their legal basis can be found in the respective privacy policy of the provider. Links to the respective privacy policies can be found above under "Data transfer and recipients". If you have any further questions, please contact the provider of the respective social media platform directly.
As a rule, personal data is processed on the company page for market research and advertising purposes of the provider of the social media platform. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. The provider also carries out a comprehensive analysis of your interactions on the social media platform. The data collected can be used to create user profiles. These are used to place advertisements within and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the usage profiles independently of the devices you use. This is regularly the case if you are a member of the respective platforms and are logged in to them. Further information on this can be found in the data protection information of the respective provider.
If you visit or interact with our social media presence, we may receive personal data from you, which we process on our own responsibility in addition to the provider, other than in the cases mentioned in section 2 of this privacy policy. This may be information that you actively provide (comments, likes and information that you make publicly available, such as your profile picture or name).
Collection of information about who has viewed our social media presence: Depending on the provider and your settings on the provider's platform, we may also be informed about who has accessed our presence or page within the platform.
Our access to the aforementioned data results from the operation of our social media presence; no further processing of this data by us takes place except in the cases mentioned in this privacy policy. We have a legitimate interest in the operation of our social media presence and the associated processing of personal data that you actively publish or make available to us within the meaning of Art. 6 para. 1 sentence 1 lit. (f) GDPR. Our legitimate interest lies in the advertising approach as well as in the provision of an effective communication and interaction option with our company.
We collect personal data ourselves when you contact us, for example via a contact form or a messenger service of the respective platform, such as Facebook Messenger. Which data is collected depends on the information you provide and the contact details you provide or share. This data is stored by us for the purpose of processing the request and in the event of follow-up questions. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. (f) GDPR and, if applicable, Art. 6 para. 1 lit. (b) GDPR if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. We assume that processing is complete if it can be inferred from the circumstances that the matter in question has been conclusively clarified.
If your contact via a social network or other platform is aimed at concluding a contract for the delivery of goods or the provision of services with us, we process your data to fulfill the contract or to carry out pre-contractual measures or to provide the desired services. The legal basis for the processing of your data in this case is Art. 6 para. 1 lit. (b) GDPR. Your data will be deleted if it is no longer required for the performance of the contract or if it is clear that the pre-contractual measures will not lead to the conclusion of a contract corresponding to the purpose of the contact. Please note, however, that it may be necessary to store personal data of our contractual partners even after the conclusion of the contract in order to comply with contractual or legal obligations.
If you are asked by the respective providers of the platforms for consent to processing for a specific purpose, the legal basis for processing is Art. 6 para. 1 lit. (a), Art. 7 GDPR. Any consent given can be revoked at any time with effect for the future.
When you visit our Facebook fan page, your personal data is processed by Facebook as the operator of the platform and by us as the operator of the fan page. Insofar as this data processing takes place in connection with the Insights functionality of Facebook (Meta Platforms Ireland Ltd. or Meta Platforms Inc.), we are jointly responsible with Facebook (Art. 26 para. 1 GDPR).
Page Insights (facebook.com/business/a/page/page-insights) is a function provided by Facebook that allows the operator of a Facebook fan page (us) to receive summarized data about the interaction of visitors.
Page Insights can be based on personal data that is collected in connection with a visit or interaction of people on or with our page and in connection with the content provided. Please note which personal data you share with us via Facebook. Your data may be processed for market research and advertising purposes, even if you are not logged in to Facebook or do not have a Facebook account. For example, user profiles can be created from user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. This data collection takes place via cookies that are stored on your end device. Furthermore, data that is independent of the devices used by the users can also be stored in the user profiles, especially if the users are members of the respective platforms and are logged in to them.
We only receive summarized (aggregated) data from Facebook, which does not allow any conclusions to be drawn about individual persons.
We process your personal data for advertising and marketing purposes. (e.g. increasing the reach and awareness of our fan page by designing posts to suit the target group, evaluating the success of marketing campaigns).
The legal basis for the processing of your personal data in relation to the Insights functionality is your consent given to Facebook or Meta in accordance with Art. 6 para. 1 lit. (a) GDPR.
For information on the purposes that Facebook pursues with the processing of your personal data and the legal basis for this data processing, please refer to Facebook's privacy policy.
Please note that we have no influence on the data collection and further processing under Facebook's responsibility. As a result, we cannot provide any information about the extent to which, where and for how long the data is stored by Facebook. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing deletion obligations, which evaluations and links are made with the data by Facebook and to whom the data is passed on by Facebook.
You can find information about the processing of your personal data, which Facebook processes for its own purposes, in the privacy policy of Facebook: facebook.com/about/privacy
If you would like to exercise your rights as a visitor of the site or fanpage (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both Facebook and us. You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: facebook.com/settings?tab=ads or youronlinechoices.com
You can (also) restrict the visibility of your Facebook account to us via the Facebook settings.
For further details, please refer to Facebook's privacy policy: facebook.com/about/privacy/
To contact Facebook's data protection officer, you can use the online contact form provided by Facebook at the following link facebook.com/help/contact/540977946302970
When you visit our LinkedIn site, your personal data will be processed by LinkedIn as the operator of the platform and by us as the operator of our site within the platform. Insofar as this data processing takes place in connection with the Insights functionality of LinkedIn (LinkedIn Ireland Unlimited Company. or LinkedIn Corporation.), we are jointly responsible with LinkedIn (Art. 26 para. 1 GDPR).
LinkedIn Page Insights (legal.linkedin.com/pages-joint-controller-addendum) is a function provided by LinkedIn that allows the operator of a LinkedIn site (us) to receive summarized data about the interaction of visitors.
As part of the Page Insights function, LinkedIn analyzes your interaction with our LinkedIn presence and also uses the personal information you provide (professional activity, industry, country, etc.). The evaluated data is made available to us by LinkedIn, but only in aggregated form (i.e. LinkedIn does not provide us with specific information about individual users as part of this function, but only summarized information). We use this aggregated data for the target group-oriented presentation of our LinkedIn presence and generally for its optimization with regard to the above-mentioned advertising purposes.
We have a legitimate interest in these advertising purposes; the processing of your data is based on Art. 6 para. 1 lit. f GDPR.
For information on the purposes that LinkedIn pursues with the processing of your personal data and on the legal basis of this data processing, please refer to LinkedIn's privacy policy. Please note that we have no influence on the data collection and further processing under LinkedIn's responsibility. As a result, we cannot provide any information about the extent to which, where and for how long the data is stored by LinkedIn. Furthermore, we cannot make any statements about the extent to which Instagram complies with existing deletion obligations, which evaluations and links are made with the data by LinkedIn and to whom the data is passed on by LinkedIn.
If you would like to exercise your rights as a visitor of the site (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both LinkedIn and us. You can adjust the visibility of your LinkedIn account to us.
For more information on data processing by LinkedIn, please refer to LinkedIn's privacy policy: linkedin.com/legal/privacy-policy
To contact Linkedin’s data protection officer, you can use the online contact form provided by Linkedin at the following link linkedin.com/help/linkedin/ask/TSO-DPO verwenden.
You have the right to be informed about your personal data stored in connection with the Kiron platform free of charge. Below you will find information on the rights the applicable data protection law grants you with regard to the processing of your personal data.
a. The right to request information about your personal data processed by us pursuant to Art. 15 GDPR. In particular, you can request information on the purpose of processing, the category of personal data being processed, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification or erasure of personal data, or restriction of processing of your data, the right to lodge a complaint, what the source of the data is, if it wasn’t collected by us, and if any automated decision-making, including profiling exists and, where appropriate, meaningful information about their details.
b. The right, in accordance with Art. 16 GDPR, to demand the correction of incorrect or completion of incomplete personal data stored by us without delay.
c. The right to demand the deletion of your personal data stored with us, according to Art. 17 GDPR, as far as the processing is not required for the right of freedom of expression and information, the compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.
d. The right to demand the restriction of the processing of your personal data, in accordance with Art. 18 GDPR, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you oppose the erasure and we no longer need the data, but they are required by you for the establishment, exercise or defence of legal claims or you have lodged an objection against the processing pursuant to Art. 21 GDPR
e. The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our above named seat or, if applicable, your usual place of residence or work place.
f. Right to withdraw granted consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw the previously given consent in the processing of data at any time with effect for the future. In the case of withdrawal, we will delete the data concerned immediately, as far as further processing cannot be based on a legal basis where consent is not required for processing. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 s. 1 lit. (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is for reasons that arise from your particular situation. If you object to the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of specifying a particular situation.
If we process your personal data on the basis of your consent according to Article 6 para. 1 lit. (a) GDPR, you have the right according to Article 7 para. 3 GDPR to withdraw your consent to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future.
You can assert your right via email at: datenschutzbeauftragter@datenschutzexperte.de or contact us at the contact details specified in section A.1. of this Privacy Policy.
We reserve the right to change this Privacy Policy at any time in accordance with the law. In this way, we can adapt it to current legal requirements and take changes in our services into account, e.g. when introducing new services. The most current version applies to your visit.
This is version 7.0 of this policy, effective as of 2nd of April 2025.
Previous versions:
Version 6.0 (effective from February 4th, 2024 to April, 1st 2025) Download pdf here
Version 5.0 (effective from August 8th, 2020 to January 31st, 2024) Download pdf here
Version 4.0 (effective from May 25th, 2018 to August 8th, 2020) Download pdf here
Version 3.0 (effective from January 18th to May 24th, 2018) Dowload pdf here
Version 2.1 (effective from October 13th, 2016 to January 17th, 2018) Download pdf here
Version 2.0 (effective from July 1st to October 12th, 2016) Download pdf here
Version 1.2 (effective from May 11th to June 30th, 2016) Download pdf here
Version 1.1 (effective from March 16th to May 10th, 2016) Download pdf here
Version 1.0 (effective from October 15th, 2015 to March 15th, 2016) Download pdf here
