Privacy Policy

Data Privacy is a very important issue for us and we hold the protection of your personal data in very high esteem. We only ask for personal data when we really need it in order to provide a service to you. We collect that data by fair and lawful means, and with your knowledge and consent. The purpose of this Privacy Policy is also to let you know why we’re collecting personal data and how this will be processed. Read this Privacy Policy carefully and contact us as  indicated below if you have any questions.

We comply with the provisions of the German Federal Data Protection Act and the German Telemedia Act as well as with the EU General Data Protection Regulation.

This Privacy Policy provides you with information about how we process your personal data when you visit our website, when you apply for open positions through our website, when you are a student on Kiron Campus and generally when you use the services offered through our website and through Kiron Campus. This Privacy Policy applies to www.kiron.ngo. If you visit another website, the data protection provisions of the respective website operator applies. This also applies to websites to which we refer by means of a link, which might be placed on our website or on Campus, and we recommend that you obtain information on the respective website how your personal data is collected and processed.  

Version 5.0 effective from 8th August 2020

 

 This Privacy Policy is organized as follows:

General Information and Overview

 

General Information and Overview

The information provided in this section provides general information, which applies to all services and processes, unless specified otherwise within the specific sections. 

 

Contact

Responsible for the collection and processing of your data in accordance with Art. 4 para 7 GDPR is: 

Kiron Open Higher Education gGmbH
Herzbergstrasse 82-84
10365 Berlin, Germany
Email: [email protected]

 

(“Kiron”, “we”, “us” or “our”)

You can contact our Data Protection Officer as follows:

 

PROLIANCE Gmb
Leopoldstr. 21
80802 Munich
Germany
Email: [email protected]

Web: www.datenschutzexperte.de

 

Our Privacy Policy aims to be simple and understandable for everyone. The terms used in this Privacy Policy, unless they are defined herein or in other sources we explicitly refer to, correspond to the official terms of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation,  “GDPR”). Such official terms are defined in Art. 4 GDPR. The full text of the GDPR can be found here.

 

Access to Data and Transferal

Depending on your use of our services different sets of data may be processed or stored, as is described in detail further below.

Our employees, volunteers and contractors have access to the data based on our access control policies and are contractually bound to keep the information confidential.

Kiron uses service providers in order to operate and maintain Kiron’s website and Kiron’s educational platform “Campus” and to be able to offer certain services related thereto, which may receive and process personal data of the users. Any service providers engaged by Kiron are obliged to comply with the applicable data protection regulations and will process data exclusively in accordance with the instructions of Kiron. Kiron and its service providers commit to take reasonable technical and organizational precautions in order to protect the data of the users.

Your data will not be transferred to any third parties unless

• we have explicitly indicated this in the description of such data processing;


• you have given express consent pursuant to Art. 6 para. 1 s. 1 lit. (a) GDPR;


• disclosure in accordance with Art. 6 para. 1 s. 1 lit. (f) GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in the non-disclosure of your data;


• disclosure in accordance with Art. 6 para. 1 s. 1 lit. (c) GDPR is a legal obligation and


• transfer to third parties is required by Art. 6 para. 1 s. 1 lit. (b) GDPR for the performance of contractual relationships with you.

Any third party processor, which handles data on Kiron’s behalf is required to do so in accordance with contractual terms which require that the data is kept secure, is processed in accordance with applicable data protection laws, and used only as we have instructed and not for that Third Party Processor’s own purposes (unless you have explicitly consented to them doing so). 

If our use of a Third Party Processor involves the transfer of personal data to a location outside of the European Economic Area, we apply European Commission-approved standard contractual clauses to ensure that the personal data is adequately protected in that location.

 

Servers. General Services

 

DigitalOcean

The main Kiron servers and data storages are hosted at DigitalOcean. We have concluded a data processing agreement with DigitalOcean. Using DigitalOcean, personal data may be transferred to the USA. In order to ensure an adequate level of data protection in accordance with the provisions of the GDPR, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR.

Contact: DigitalOcean, LLC, 101 Avenue of the Americas, New York, New York 10013, USA.

More information: https://www.digitalocean.com/legal/gdpr/

 

Amazon Web Services (AWS)

Besides DigitalOcean we also use Amazon Web Services, with the majority of the data being hosted on DigitalOcean. We have concluded a data processing agreement with AWS. Using AWS, personal data may be transferred to the USA. In order to ensure an adequate level of data protection in accordance with the provisions of the GDPR, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR.

Contact: Amazon Web Services, Inc., P.O. Box 81226, Seattle, WA 98108-1226, USA

More information: https://aws.amazon.com/compliance/eu-data-protection/

 

HubSpot

We use HubSpot for communicating with our external partners. HubSpot is a software company from the USA with a branch in HubSpot Ireland Limited in Ground Floor, Two Dockland Central, Guild St, North Dock, Dublin, D01 R8H7, Ireland. We use this integrated software solution as a CRM and for communication purposes. With the HubSpot Sales email extension, we log emails sent from outside of HubSpot to the CRM automatically.

The legal basis for this processing is our legitimate interest in maintaining contacts made in the course of business transactions beyond the initial contact and in using them to establish business relationships and to remain in contact with the persons for this purpose according to Art. 6 para. 1 s. 1 lit. (f) GDPR.

We have concluded a data processing agreement with HubSpot. Using HubSpot, personal data may be transferred to the USA. In order to ensure an adequate level of data protection in accordance with the provisions of the GDPR, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR.

Depending on your use of our services different sets of data may be stored, as is described in detail below. 

 

This section describes how Kiron handles your personal information when you visit the website www.kiron.ngo ( “Website” or “our website”).

 

Data collected and legal basis

When you visit our website, the browser on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:

• The domain you requested


• Mobile Device ID (of your mobile device)


• IP Address (the number that is automatically assigned to your computer when you use the Internet)


• Browser type and -version


• Browser language/locale settings


• Operating System


• Referrer URL (the page, from which this page was linked, including the search term, in case of a search engine)


• Time and date of the request


• The amount of data transferred.

The mentioned data will be processed for the purpose of ensuring a smooth and stable connection of the website and a comfortable use of our website for the users as well as to evaluate the system security and stability and for other administrative purposes. The legal basis for data processing is Article 6 para. 1 s. lit. (f) GDPR. Our legitimate interest follows from the purposes listed above for data collection. 

For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. The log files are deleted after the end of the respective browser session, at the latest after seven days, or will be anonymized so that no attribution to any specific persons is possible, unless their further storage is required for the above-mentioned purposes. 

We do not use this information in any way for statistical analysis and do not link this information with any other data sources.

 

Cookies

In order to optimize our services, we use cookies on different pages of the Website / Kiron platform. Cookies are small text files that are stored on your device. Some of the cookies will be deleted at the end of your browser session (so-called session cookies). Other cookies may remain on your device and allow us to identify your browser the next time you visit the Kiron platform (so-called persistent cookies).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behavior or display advertising.

Technically necessary cookies are stored on the basis of Art. 6 para. 1 s. 1 lit. (f) GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimised presentation of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 s. 1 lit. (a) GDPR. This consent can be withdrawn at any time for the future. The legal basis may also result from Art. 6 para. 1 s. 1 lit. (b) GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.

On our website we give you the opportunity to select the type of cookies that will be used in addition to such cookies that are essential for the functionality of the Website (“Essential Cookies”). Provided you have given your consent on our Website, we also use cookies in order to statistically record the use of our website and to evaluate it for the purpose of optimising our offer to the users. Insofar as cookies are used for analysis purposes, we will inform you of this separately within the framework of this privacy policy and obtain your consent. These cookies enable us to automatically recognize when you return to our site that you have already visited our website. These cookies are automatically deleted after a certain period (14 months).

You can set your browser to

• be informed about the setting of cookies, 


• only allow cookies in individual cases, 


• exclude the acceptance of cookies for certain cases or generally,


• activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

• Google Chrome


• Mozilla Firefox


• Edge (Microsoft)


• Safari


• Opera 

You can also manage cookies of many companies and functions used for advertising individually. To do this, use the appropriate user tools, available at https://www.aboutads.info/choices/ or  http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called "do-not-track function". When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be "tracked" for behavioural advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

• Google Chrome


• Mozilla Firefox 


• Edge (Microsoft)  


• Safari


• Opera

 

Additionally, you can prevent the loading of so-called scripts by default. "NoScript" allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).

In case of non-acceptance of cookies, the functionality of the Kiron platform may be limited.

 

Tracking Measures and Analysis Tools

We use Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“). In this context, pseudonymised user profiles are created and cookies (see Section 2) are used. The information generated by the cookie about your use of this website such as

• browser type/version


• operating system used


• referrer URL (the previously visited page)


• host name of the accessing computer (IP address)


• time of the server request

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports about the website activities and to provide further services associated with website use and Internet use for the purposes of market research and demand-oriented design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized using the Google Analytics extension “anonymizeIp()”, so that an assignment is not possible (IP masking).

Google will act for us as a processor within the meaning of Article 28 GDPR.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing a browser add-on.

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie is set which prevents future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Information on data protection in connection with Google Analytics can be found in the
Google Analytics Help.

 

Other external services

We may use a number of other external services embedded in our website to better display certain content or deliver additional services. Below is a list of services and their respective privacy policies:

 

Google Maps

We use Google Maps on this website. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To guarantee the functionality of Google Maps, we store your IP-address. This information is sent to and stored on Google’s servers in the USA. We want to provide our online offer in an appealing way and ease the search for addresses. If you have given your consent, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. The provider of this website has no influence on the data transfer. Further details about the handling of data can be found in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/
Opt-out: https://www.google.com/settings/ads/.

 

Google Web Fonts

This site uses web fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to uniformly display fonts. Google Web Fonts allows us to use external fonts, so-called Google Fonts. When you visit our website, the required Google Font is loaded from your web browser into your browser cache to display texts and fonts correctly. This is necessary so that your browser can also show an optically improved representation of our texts. If your browser does not support this feature, your computer will use a standard font for display. These web fonts are integrated by a server call, usually a Google server in the USA. This transfers to the server which page of our website you have visited. Google also stores the IP address of the browser of the visitor's terminal device.

We use Google Web Fonts for optimization purposes, in particular to improve the use of our Internet presence for you and to make its design more user-friendly. This is also our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

 

Further information on data protection can be found in Google's data protection declaration: http://www.google.de/intl/de/policies/privacy

For more information about Google Web Fonts, visit http://www.google.com/webfonts/ , https://developers.google.com/fonts/faq?hl=en-GB&csw=1https://www.google.com/fonts#AboutPlace:about.

 

YouTube

We use YouTube plugins on our website. YouTube is a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). If you visit a website that is operated by us and uses a YouTube plugin, a connection to YouTube servers will be established. YouTube servers will be informed about which of our websites you visited. When you are logged in your YouTube account, you enable YouTube to assign your browsing behavior to your particular account. You can prevent this by logging out of your account. Further information about the handling of user data are stated in YouTube’s privacy policy, available at:https://www.google.de/intl/de/policies/privacy.

We use the advanced privacy mode which, according to the provider, only leads to the storage of user information when a video is actively played. When embedded YouTube videos are played, the provider uses cookies in order to collect information about user behavior. This procedure enables YouTube to record video statistics, enhance user friendliness and prevent abusive behavior. When you are logged in your Google account, your data will be assigned to your account when you play videos. You can prevent the assignment by logging out of your account before playing the video. Google stores the data (also for users that are not logged in) in the form of user profiles and analyses them. The legal basis for the analysis is Google’s legitimate interest in displaying personalized advertisement, market research and adequate website presentation. You have the right to object to the creation of user profiles. If you want to want to exercise this right, you have to address YouTube. By visiting this website, a connection to the Google network “DoubleClick” is established, independently from playing an embedded video, and can lead to further data processing, which are not influenced by us. 

 

Donations via Betterplace

We process the data you enter in the donation input mask on the website in order to process the payment of donations by you via the donation platform betterplace.org. embedded in the website. The platform is operated by gut.org gemeinnützige Aktiengesellschaft, Schlesische Straße 26, 10997 Berlin, Germany. The information you enter in the donation input mask is transmitted to betterplace.org by clicking on the "Donate Now!" button and is processed to complete your donation using the chosen payment method and to issue a donation receipt.

The legal basis for the above mentioned processing is Art. 6 para. 1 lit. b GDPR.

Further information on the handling of personal data in connection with the betterplace.org plugin can be found in the privacy policy of betterplace.org at: https://www.betterplace.org/c/rules/privacy-policy.

We use “Google reCAPTCHA” (in the following referred to as “reCAPTCHA”) within the donation input mask. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). reCAPTCHA controls whether data entries on our website (e.g. in a contact form) are made by humans or automated programs. For this purpose, reCAPTCHA analyses the user behavior on the website based on several characteristics. The analysis starts automatically as soon as the user visits the website. reCAPTCHA evaluates several information, e.g. 

• IP address


• Length the user stays on the website 


• Mouse movements 

The data recorded for the analysis are transferred to Google. 

The reCAPTCHA analysis runs in the background. Website visitors are not informed about the analysis. The processing is pursuant to Art. 6 para. 1 s. 1 lit. (f) GDPR. We have a legitimate interest in protecting our website from abusive spying out of data and unwanted, automated mailings (spam). 

We do not store personal data from the use of reCAPTCHA. In general, personal data concerning the data subject are deleted or disabled as soon as the purpose for storing the data has been omitted. Google’s privacy policy contains more details concerning data protection regulations, available at: https://www.google.com/intl/de/policies/privacy/ 

andhttps://www.google.com/recaptcha/intro/v3beta.html.

 

Social Media Links

Social networks (Instagram, Facebook and Twitter) are only integrated on our website as links to the corresponding services. After clicking on the integrated text/image link you will be redirected to the page of the respective provider. Only after forwarding is user information transmitted to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective data protection regulations of the providers you use.

 

Contacting Kiron

If you have any questions or remarks, we offer you the opportunity to contact us by email or per post at the contacts indicated here.

 

Data collected and legal basis

When you contact us we may collect and process personal information from you, including but not limited to:

• Name


• Contact information, such as address, telephone number, and email address


• Any other information you voluntarily provide contacting us

We process your personal information you have transmitted on the basis of Article 6 para. 1 s. 1 lit. (f) GDPR. Our legitimate interest is to answer your questions and inquiries.

Your personal information will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this section, or as otherwise required by applicable law. Generally this means your personal information will be kept for the duration of the inquiry process plus a reasonable period of time on a case by case basis.

 

Access to Data and Transferal

We will not transfer your personal data to any external third party, except for the purpose of managing our correspondence with you, where we may work with a specialised provider contracted by us (s. Section A 4 c. above). 

 

Kiron newsletter

Via our website you can also register for our Newsletter. In this case, you will have to confirm your consent to receiving a newsletter with information about Kiron. 

 

Data collected and legal basis

We collect your email address so that we can deliver the requested periodical email newsletter from Kiron to you. No other data is collected for the purpose of sending the newsletter. We use the so-called double opt-in procedure for sending the newsletter. This means that we will not send you our newsletter by email until you have expressly confirmed that you agree to the dispatch of newsletters. In the first step, you will receive an email with a link to confirm that you, as the owner of the corresponding email address, would like to receive the newsletter in the future. With the confirmation you give us your consent according to Art. 6 para. 1 s.1 lit. (a) GDPR that we may use your personal data for the purpose of the desired newsletter dispatch.

When registering for the newsletter, in addition to the email address required for sending the newsletter, we store the IP address via which you have registered for the newsletter as well as the date and time of registration and confirmation so that we can trace any possible misuse at a later point in time.

 

Retention and Deletion

You can, of course, unsubscribe from the newsletter at any time via email [email protected], or, better, by following the instructions provided at the bottom of each newsletter. After unsubscribing, your email address will be immediately removed from the system handling the newsletter.

 

Access to Data and Transferal

Your email address will be stored on Kiron’s secured server (s. Section A, para. 4, subpara. b).  Within Kiron, only those departments will have access to your data that need it to carry out the mailing of the Newsletter.

Our email newsletters are sent via a technical service provider to whom we pass on the data you provide when you register for the newsletter. This forwarding is carried out in accordance with Art. 6 para. 1 s. 1 lit. (f) GDPR and serves our legitimate interest in the use of an effective, secure and user-friendly newsletter system. The data you enter to subscribe to the newsletter (e.g. email address) will be stored on servers located in the EU.

The service provider uses this information for the dispatch and statistical evaluation of the newsletter on our behalf. For evaluation purposes, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. In this way it can be determined whether a newsletter message was opened and which links were clicked on, if applicable. Conversion tracking can also be used to analyse whether a predefined action (e.g. purchase of a product on our website) was carried out after clicking on the link in the newsletter. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). The data is only collected pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

We have concluded an order processing contract with our email service provider in which we oblige him to protect our customers' data and not to pass it on to third parties.

Email service provider:

Service provider: Mailjet

Address: Mailjet SAS,13-13 bis, rue de l’Aubrac, 75012 Paris, France

Privacy policy: https://www.mailjet.com/privacy-policy/

Privacy Shield: The US-based provider is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active 

A transfer to other third parties may only take place with your consent (Art. 6 para. 1 s. 1 lit. (a) GDPR) or if we are legally obliged to do so in individual cases (Art. 6 para. 1 s. 1 lit. (c) GDPR). 

 

Applying for a Position at Kiron

You can apply for one of the open positions at Kiron through our website by sending us an email as indicated here.

This section describes how Kiron handles your personal information when you apply for a job, an internship, a volunteer role or another position with us (“Position”) and the rights you have in connection with that information. The term “Candidates” is used in this section to refer to anyone who applies for any Position specified in our Career web page, or who otherwise seeks to work with or for us (whether on a permanent or non-permanent basis).

 

Data collected and legal basis

When you apply for a Position at Kiron, we may collect certain information automatically, from you personally, or from third party sources.

 

Information we may collect automatically

You can visit the Careers  page of our website and navigate through the open Positions without providing personal information. However, we do collect certain information automatically from your device when you visit our website. For further information, please see section B of this Privacy Policy.

 

Information we may collect from you

We only process such data that are related to your application. This can be general personal data (name, address, contact details, etc.), information on your professional qualifications and schooling, information on further professional training and, if applicable, other data that you provide us with in connection with your application.

As a general rule, during the recruitment process, we try not to collect or process any Special Categories of Personal Data (as defined in Art. 9 para. 1 GDPR) unless authorized by law or where necessary to comply with applicable laws. 

However, in some circumstances, we may need to collect, or request on a voluntary disclosure basis, some Special Categories of Personal Data for legitimate recruiting-related purposes. For example, information about your physical or mental condition may be collected in order to consider accommodations we need to make for the recruitment process and/or subsequent job role.

You may provide, on a voluntary basis, other information including Special Categories of Personal Data during the recruiting process.

• We may collect some or all of the following personal information from other sources (in each case where permissible and in accordance with applicable law) when you apply for a role with Kiron:


• 
  
  
  
  • References provided by referees;
  
  
  • Other background information provided or confirmed by academic institutions and training or certification providers;
  
  
  • Criminal records data obtained through criminal records checks;
  
  
  • Information provided by background checking agencies and other external database holders (for example credit reference agencies and professional / other sanctions registries);
  
  
  • Information provided by recruiting or executive search agencies; and
  
  
  • Information collected from publicly available sources, including any social media platforms you use or other information available online.
  
  
  
  

 

We also receive personal data from applicants via the platform Join, a service of Join GmbH, Klausenerstraße 10a, 39112 Magdeburg, Germany.

We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis is Art. 88 GDPR in conjunction with Art. 26 BDSG for the purposes of the employment relationship, if this is necessary for the decision on the establishment of an employment relationship.

Furthermore, we may process your personal data if this is necessary to fulfil legal obligations (Art. 6 para. 1 s. 1 lit. (c) GDPR) or to defend or assert legal claims. The legal basis for this is Art. 6 para. 1 s. 1 lit. (f) GDPR. The legitimate interest is, for example, a duty of proof in proceedings under the General Equal Treatment Act (AGG).

If you give us express consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent pursuant to Art. 6 para. 1 s. 1 lit. (a) GDPR. Any consent granted can be revoked at any time with effect for the future 

If an employment relationship arises between you and us, we may, in accordance with Art. 88 GDPR in conjunction with Art. 26 BDSG, further process the personal data already received from you for the purposes of the employment relationship, insofar as this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of employee representation arising from a law or a collective agreement, works or service agreement (collective agreement).

 

Retention and Deletion

In case you are selected for a position at Kiron, the information collected during the recruiting process will be processed in accordance with applicable law, including any privacy notice for employees, a copy of which will be provided when you are on-boarded as an employee, intern, or volunteer, as applicable.

If you are not successful, we will keep your application for a maximum period of six months, after which your personal information will be deleted or anonymised. We might keep it for a longer period, in which case we will ask for your consent first.

 

Access to Data and Transferal

Within Kiron, access to your personal information is reserved only to those departments and employees that need it to carry out their tasks and duties and that are directly involved in the selection process. If you apply for a position related to the activities carried out by our office in Jordan, we may share your personal information with the Jordan office, which will process your data exclusively in accordance with and for the purposes stated in this Privacy Policy.

If you have any questions about the processing of your data, you may address them to the person managing the recruiting process or contacting us as specified in Section 1. You can find an overview of your rights in Section G.

 

Kiron Campus

The purpose of Kiron is to offer courses through an online learning platform called Kiron Campus (“Campus” or “Platform”). In this section we provide information about how your data is handled and processed on Campus at different stages when you apply to become a student at Kiron (“Student” or “Kiron Student”), when you are a Student and when you stop being a Student. Also this section will describe how your data is processed through the different services that Kiron offers on or via the Platform to its Students.

 

Should you be interested in becoming a Student at Kiron, you can apply and register using the form you will find on Campus, using either an already existing Google Gmail account or another personal email address. If you opt to register with an existing Gmail account using an existing password, you agree that we will obtain validation of the password from Google. When you fill in the form, you agree that the information you give us will be used for the purpose of giving you access to the courses offered by Kiron, helping you succeed with your online studies with Kiron and providing you with the services suiting your situation and needs. In this section we explain which personal information we collect in the application process, for what purpose and how such personal information is processed.

 

Data Collected and legal basis

The following information is collected by a form on the apply page as part of your application and will later be used to create your account as a Student at Kiron:

•   Personal details: name, email address, nationality, country of residence as well as, if you wish to fill in also these details, city of residence, gender, age,  phone number. 


•   Document proving your status as a “refugee”, internally displaced person or as a qualifying member of a host community in Jordan or Lebanon. 


• If applicable , the project you participated into or the organization from which you found out about Kiron

The information gathered in the application process is used to prepare your registration and also to ensure that you are eligible for our free service, by providing some proof of your status as a “refugee”, as an internally displaced person or as a qualifying member of a host community in Jordan or Lebanon.

We collect this data to provide you access to our online courses and to optimize our services and guidance for you. This may include e.g. information on specialized programs for female students (“gender”) and additional student services (for instance those indicated in the following paragraphs). If consent is given, the legal basis for data processing is Art. 6 para. 1 s. 1 lit. (a) GDPR or Art. 6 para. 1 s. 1 lit. (b) GDPR, insofar as the processing is necessary for the provision of the requested services.

 

Your Status

Kiron’s student services are targeted primarily at refugees. In addition, we accept internally displaced people and eligible members of host communities in Jordan and Lebanon. We must therefore assess your eligibility. The respective documents uploaded by you are safely stored separately from your account information.

 

Retention and Deletion

Should an application not meet the minimum requirements to become a Kiron Student our support team will reach out to the applicant to clarify and evaluate if eligibility might still be possible (e.g. by providing additional documents). Until your application is deemed to meet all requirements, you may have access to Campus but possibly not to all courses and services.

Successful applicants will be notified by email and the information they have provided will be converted into a Kiron Student profile as the basis for the relationship between the Student and Kiron. In the event that an application is not accepted, all registration data will be deleted promptly.

 

Access to Data and Transferal

Within Kiron, until the applicant has been accepted, only the team at Kiron in charge of reviewing applications and its members will have access to the data provided with the application. All data is stored and processed on Kiron’ secure server infrastructure hosted by DigitalOcean. During the application process and until you have been accepted as a Student, we will not transfer your data to any external party. 

 

Being a Kiron Student: Your Student Profile

When your application is successful, regardless whether you have enrolled with a Google gmail account or another email address, your  profile will be set up on Campus as Kiron Student. 

Students that have enrolled on Campus before this Privacy Policy has been published might have been assigned an email account with an address ending in @students.kiron.ngo. This account will be maintained by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") and administered by Kiron as part of their Google-for-Nonprofits program. Effectively, the account entails a number of functions, which are part of the Google G Suite. These email addresses are still active and the provisions hereunder apply to such email accounts as well.

 

Data Collected and legal basis

The following information is collected when you log-in and use your student account:

• login and usage logs


• all personal information and data you may choose to upload to your student account or which is included in the material you may upload – including profile pictures, emails sent and received, files, videos, etc.

If consent is given, the legal basis for data processing is Art. 6 para. 1 s. 1 lit. (a) GDPR or Art. 6 para. 1 s. 1 lit. (b) GDPR, insofar as the processing is necessary for the provision of the requested services.

The log files will be processed for the purpose of ensuring a smooth and stable connection of the Platform and a comfortable use of our Platform for the students as well as to evaluate the system security and stability and for other administrative purposes. The legal basis for data processing is Article 6 para. 1 s. 1 lit. (f) GDPR. Our legitimate interest follows from the purposes listed above for data collection. 

 

Retention and Deletion

The log files may be retained until their storage is required for the above-mentioned purposes. So, generally login logs are not deleted but are anonymised when the Student requests deletion of their account (s. Section 10); HTTP request logs are deleted on a regular basis, at the latest upon the next deploy on Campus, at least every two weeks.

All personal information and data you may have uploaded to your profile will be removed either when you delete it from your account or at latest when you will cease being a Kiron Student. For the deletion process see Section 10 below.

 

Access and Transferal

Your student profile on Campus is administered by Kiron. Kiron will never access your profile or review the information stored therein. However Kiron administrators have the ability to reset an account password upon explicit request by the Student. 

All your data is stored on secured servers (S. above Section A 4). Within Kiron, access to your personal information is granted only to those departments and employees that need it to carry out their tasks and duties related to the functions of the Platform and the provision of the services on the Platform. Certain employees from our Jordan office may have access to the data, in which case they will process your data exclusively in accordance with and for the purposes stated in this Privacy Policy.

Only for those Students that still have a @students.kiron.ngo account, the following applies:

G Suite employs automatic security mechanisms such as spam filters, login and usage logs and safety warning mechanisms. Kiron administrators have the possibility to view automatically collected logging information which are part of G Suite security and audit features. For more information about the security mechanism of Google’s G Suite please see https://gsuite.google.com/faq/security/

To use this service you will need to agree to Google’s terms of service (https://www.google.com/intl/en/policies/terms/) and privacy policy (https://www.google.com/policies/privacy/).

All information and data you chose to upload to your G Suite account – including profile pictures, emails sent and received, files, videos, etc. – is processed automatically by Google in one of their secure data centers. We have concluded a data processing agreement with Google G Suite. Through the use of G Suite, personal data may be transferred to the USA. In order to ensure an adequate level of data protection in accordance with the provisions of the GDPR, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR.

For further information see:

https://apps.google.com/faq/security/  and https://cloud.google.com/security/whitepaper 

 

Being a Kiron Student: Studying on Campus

As a Kiron Student, you have the possibility to study, following courses on different topics as well as language courses. Also, you are given access to a number of services and functionalities of the Platform, which may include:

• providing an overview and specific recommendations for free online courses (Massively Open Online Courses “MOOC”), which may match your interests and your goals;


• provide access and transfer to MOOC-platforms such as Coursera


• providing information about our products and recent developments at Kiron


• inviting you to Student Events


• assisting with transfer to a university


• providing you with counseling services


• providing you with tutorials and classes as live sessions


• offering the possibility for exchange and communication between students

We will need to collect personal information for some or all of these purposes. This section will explain which data is collected and how it is processed for these purposes. The information contained in this section applies to all purposes unless it is specified otherwise or more in detail in one of the following sections.

 

Data Collected and legal basis

Kiron may collect, process and use the content and other information Students provide when accessing the Platform and using the services provided thereon, including the data submitted for signing up for a service (s. Section F 1.a.), creating or sharing content, and messaging or communicating with others on the website. Such information may include:

• name


• nickname


• email address


• gender


• country of residence


• city


• date of birth


•  nationality


• phone number


• status as refugee, internal displaced person or qualifying member of a host community in Jordan or Lebanon  and related documentation

Your data will be processed for the purpose of ensuring that Students access the Platform and to all services for the Students, to provide for an efficient, unhindered and comfortable use of the Platform, and to constantly improve the Platform and the services offered to the Students. If consent is given, the legal basis for data processing is Art. 6 para. 1 s. 1 lit. (a) GDPR or Art. 6 para. 1 s. 1 lit. (b) GDPR, insofar as the processing is necessary for the provision of the requested services.

 

Contacting Students

For contacting Students (i.e. information about campaigns, course reminders, etc.) Kiron uses a technical service provider to whom we pass on your email address you provide when you register for Kiron. This forwarding is carried out in accordance with Art. 6 para. 1 s. 1 lit. (f) GDPR and serves our legitimate interest in the use of an effective, secure and user-friendly communication. Your email address will be stored on servers located in the EU.

We have concluded an order processing contract with our email service provider in which we oblige him to protect our customers' data and not to pass it on to third parties.

Email service provider:

Service provider: Mailjet

Address: Mailjet SAS,13-13 bis, rue de l’Aubrac, 75012 Paris, France

Privacy policy: https://www.mailjet.com/privacy-policy/

Privacy Shield: The US-based provider is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

 

Student Events

Kiron periodically organizes events for its Students and may collect specific information to facilitate the organisation of such events. The participation in such events is optional and the information provided by you is used only for the organisation of the specific event. Kiron may keep a record of which Students participated at Student Events. The legal basis for data processing is Art. 6 para. 1 s. 1 lit. (b) GDPR, insofar as the processing is necessary for the provision of the requested services.

 

Certificate of Enrollment

Kiron may provide you with a non-legally binding document which says that you are enrolled at Kiron. We may ask you about the purpose of the request and will use this information for statistics, in which case we will ask for your consent and your data will be anonymised, and to help us identify students with the potential to transfer to a university. 

 

Offerboard

From time to time on the Offerboard site on Campus we publish links to interesting opportunities to support you with your goals. The opportunities are provided by independent third parties and organizations. In these cases the data protection provisions of the respective website operator applies and we recommend that you obtain information on the respective website how your personal data is collected and processed.  

 

Retention and Deletion

Your data and personal information will be removed from the Platform when you will cease being a Kiron Student. For the deletion process see Section 10 below.

 

Data Access and Transferal

All your data is stored on secured servers (S. above Section A 4). Within Kiron, access to your personal information is granted only to those departments and employees that need it to carry out their tasks and duties related to the functions of the Platform and the provision of the services on the Platform. Certain employees from our Jordan office may have access to the data, in which case they will process your data exclusively in accordance with and for the purposes stated in this Privacy Policy.

We may use the support of external services in order to provide certain services to you or to contact you:

 

Location Data

Kiron will provide specific offers based on the country or city you are currently located in. Kiron needs to know in which country you are currently located in order to offer these services. Additionally, you may provide your current city in order to further allow for tailoring of services.

We make use of the Google Location API, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), when you enter your location on our website to be able to serve you better based on your location and in accordance with Art. 6 para. 1 s. 1 lit. (f) GDPR.

You can find the Google API privacy policy here: https://www.google.com/policies/privacy/

 

Zendesk

Our Student communications, Support Ticketing system, Support Portal, Live Chat and Knowledge Base, Feedback and suggestions section are using a software solution by Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA. We have concluded a data processing agreement with Zendesk. Through the use of Zendesk, personal data may be transferred to the USA. In order to ensure an adequate level of data protection in accordance with the provisions of the GDPR, Zendesk has Binding Corporate Rules according to Art. 47 GDPR.

The legal basis for the use of this service is our legitimate interest according to Art. 6 para. 1 s. 1 lit. (f) GDPR. Our legitimate interest in the use of this service is to be able to answer user enquiries quickly and efficiently.

Data including email contact information, IP-address logs as well as email content is stored on servers hosted within the European Union in compliance with European GDPR.

More information: https://www.zendesk.com/company/customers-partners/privacy-and-data-protection/

 

Contact and additional Information via phone, email and other means

Kiron may keep in contact with you or send you updated information via email or other messaging services for which the respective contact details are used.

These services include:

•   WhatsApp Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland: For certain services we may also ask you to communicate through WhatsApp Messenger service. Therefore your name and telephone number will be required. You will be asked for your specific consent to communicate via WhatsApp.

More information: https://www.whatsapp.com/legal/#privacy-policy 

•   Google Hangouts, a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"): This service may be used for phone conversations with Students and video calls within Kiron-organized group tutorial sessions. To use this, you must be logged in to your Google Account. This allows Google to store your activity data. You can view and manage this information in your Google Account. During the call, you will be in a real-time audio/video call that will not be recorded or transmitted by us to anyone else. 

More information: https://www.google.com/+/policy/call-phones-terms.html 

•   Facebook Groups: May be used for recruiting purposes and for the organisation of student events. 

More information: https://www.facebook.com/policy.php 

•   Telegram: May be used to create and coordinate Student groups and communicate with group members.

More information: https://telegram.org/privacy

•   MessageBird: May be used to deliver SMS messages to Students.

More information: /www.messagebird.com/en/privacy

We may use the contact services indicated to send you messages that may include information about our products and recent developments or to create and coordinate Student groups about specific topics, interests and events. We may also contact you in case of questions in connection with the Kiron platform, as well as to inform you on changes with regard to this Privacy Policy or any other Terms of Services. 

 

Other disclosures

Other than in the aforementioned cases Kiron will not transmit your personal data to any third parties, unless we are obliged to do so because of German legal regulations (e.g. disclosure to courts or law enforcement authorities), you have given us your explicit consent, or the disclosure is permitted by law. A disclosure may for example be permitted when such disclosure is required for us to be able to render our services to the user on the Kiron platform (e.g. see Section 5)

 

Being a Kiron Student: Data Analysis for Scientific Purposes

Kiron may analyze the data collected from its Students for scientific purposes in order to conduct academic surveys and research, such as evaluating key performance indicators, social impact and scientifically analyze the services offered on the Platform. 

 

Data Collected and legal basis

Such research will be conducted by Kiron or its research partners either in accordance with the respective legislation, using anonymized and pseudonymised data, whenever possible, or after you have explicitly consented to be part of such research. If consent is given, the legal basis for data processing is Art. 6 para. 1 s. 1 lit. (a) GDPR.

 

Retention and Deletion

The data and personal information collected for research purposes will be either anonymised or removed from the server where it is stored when you will cease being a Kiron Student. For the deletion process see Section 10 below.

 

Access and Transferal

The data selected for research purposes is copied and stored on a separate server environment, which is dedicated to research only, on Kiron’s secure data servers. Only certain Kiron’s selected employees are authorised to access this data. 

 

Being a Kiron Student: Cooperation with External Partners

As a Kiron Student you will be granted access to different free online courses on different topics, which are offered by external partners (“External Partners”; e.g. MOOC providers like Coursera, language courses providers like Inlingua). You can access these courses through Campus.

 

Exchange of Data with External Partners

In certain cases we will have to provide our External Partners with certain personal data in order to inform the partner that you are a Kiron Student and to identify you so that the External Partner will grant you access to its services. This is the case for instance of the MOOC provider Coursera.

In some cases you are redirected to the External Partner’s platform or website, where you should login with your Kiron Student account in order to come in favour of full functionality of these websites. Such websites and platforms are governed by their own separate privacy policies and terms of services, which you will have to accept in order to be able to use the services offered by the websites. Information about the data collected by such websites, how such data is processed, the purpose and legal basis of processing, your rights and other relevant data related information is specified in the respective privacy policies of the External Partners. 

Furthermore, Kiron may receive information about the users and their activities (e.g. participation and completion of courses and programs) on and off the service from the External Partners.

 

Data Collected and legal basis

Depending on the partner and of the services, we may share the data strictly necessary as requested by the External Partner to identify you and to offer you certain courses and services, such as:

• name


• email address


• date of birth


• country of origin


• Spoken language(s)

 

If consent is given, the legal basis for data processing is Art. 6 para. 1 s. 1 lit. (a) GDPR or Art. 6 para. 1 s. 1 lit. (b) GDPR, insofar as the processing is necessary for the provision of the requested services.

External Partners (e.g. a MOOC-partner like Coursera or a language school like Inlingua) may share with us such information as

•  the choice of subject


• study record


• period of study


• results of completion


• your language test results, etc. 


• attendance

The processing of this information is necessary for the purposes of the legitimate interests in accordance with art. 6 para. 1 s. 1 lit. (f) GDPR.

 

Retention and Deletion

The data and personal information collected for research purposes will be either anonymised or removed from the server where it is stored when you will cease being a Kiron Student. For the deletion process see Section 10 below.

 

Access and Transferal

The data selected for research purposes is copied and stored on a separate server environment, which is dedicated to research only, on Kiron’s secure data servers. Only certain Kiron’s selected employees are authorised to access this data. 

 

Being a Kiron Student: Communications Channels between Students on Campus

Currently, on Campus Students have the possibility to chat and communicate with other Students through a message board. Also, if you registered as a Student in the past and received a students.kiron.ngo account, Kiron has offered to you the possibility to register for and participate in our internal discussion forum (“Forum”) based on the Discourse platform. The Forum remains only accessible via login with such email address granted by Kiron. 

Forum and the message board (“Channels”) are meant to exchange your experience with other students or with members of the team at Kiron. Using the Channels is optional and if you opted to join, Kiron created an account for you. 

 

Data collected and legal basis

Kiron may collect, process and use the content and other personal information Students may provide when accessing and being active on the Channels. Such information may include:

• login and usage logs


• name


• email address


• profile image


• all personal information and data you may share on the Channels.

If consent is given, the legal basis for data processing is Art. 6 para. 1 s. 1 lit. (a) GDPR or Art. 6 para. 1 s. 1 lit. (b) GDPR, insofar as the processing is necessary for the provision of the requested services.

The mentioned data will also be processed for the purpose of ensuring a comfortable use of our the Channels for Kiron Students as well as to evaluate the system security and stability and for the purpose of moderating the Channels and ensure that no inappropriate content is uploaded which violates the Channel or the Forum’s code of conduct. The legal basis for data processing is Art. 6 para. 1 s. 1 lit. (f) GDPR. Our legitimate interest follows from the purposes listed above for data collection. 

 

Retention and Deletion

Your data and personal information will be removed from the Channels either when you delete it from your account and correspondence or at latest when you will cease being a Kiron Student. For the deletion process see Section 10 below.

 

Data Access and Transferal

At Kiron, only employees that are authorised to administer and / or moderate the Channels will have access to your data on the Channels . However you need to be aware that content you provide within the Channels may be accessed by a larger audience of other Students, who register on the Channels and join the groups or channels, on which you share information. 

The Channels are not accessible by any external search engines, such as Google or Bing, or by any other third parties other than those mentioned herein, if any. 

 

Being a Kiron Student: Transfer to University

Kiron may support you in the process of applying and transferring to universities in Germany if you request us to do so. In order to support you and to connect you as a Student with partner universities, we may collect specific data and we may ask for your approval to communicate with universities using your name and application number.

 

Data Collected and legal basis

For the purpose of the transfer, we will collect the following personal data: 

• Name


• Email address


• Education and availability of the relevant documents


• City, Postcode, Country of Residence


• Information on your legal status and documents


• Language and other skills and certificates


• Financial situation


• Information on your transfer interest in general and more specifically for subjects and universities

After a transfer has been successful we will add the following information to the data that has been collected:

• The university to which a Student has been admitted


• The subjects, topics a Student has enrolled for.

 

If you consent, we will help you submit your application at a university and therefore to this purpose we will transfer your relevant personal information to the university. The mentioned data will be processed for the purpose of advising about the transfer and of supporting the transfer process and only with your previous consent. The legal basis for data processing is Article 6 para. 1 s. 1 lit. (a) GDPR. We will not disclose any personal information, for which you have not given explicit permission.

In case the transfer to a university of higher education institution has been successful, we will retain the related data that we have collected in the transfer process for statistical and research purposes. 

 

Retention and Deletion

All the personal data related to the transfer process is stored in our Backend in a separate section dedicated to this purpose. In case you contacted us through the help center, some data and information you may have provided may be stored on our customer relationship management system Zendesk (s. Section F c. ii). 

The data will be removed from the Backend when you decide not to be a Student anymore (S. Section 10 below). 

 

Data Access and Transferal

Your personal information related to the transfer process is accessible only to Kiron employees with access to the Backend and Zendesk, including the members of the Transfer Team.

Permission to access transfer-relevant student data in Internal Backend and access to Zendesk is only granted upon request to members of the Transfer Team that are in contact with Students.

No data is transferred to any third parties other than the educational institutions (e.g. universities), for which you have given explicit consent.

 

Being a Kiron Student: Counseling

Kiron offers its Students the possibility to use an online counseling service, which is provided in partnership with IPSO (https://ipsocontext.org). If you want to use this service you will create a separate user account on IPSO’s website. The way your data is collected and processed by IPSO is specified in IPSO’s Policy on their website, for any information in this respect you can go to https://ipsocontext.org/about-us/privacy/

 

Data Collected and legal basis

When you show interest and when you attend the counseling service, we will collect the following data:

• Name, 


• Email address 


• Place of residence,


• Form of first contact (e.g. via mail, event),


• Registration date


• Dates of all counseling sessions or no-show


• Additional comments if needed (e.g. if a student has special preferences)


• Any other information you may decide to share with us.

 

If you signed up to this service through your membership at Kiron, IPSO may share basic data about your participation in its program (i.e. if you attended the program or not) with Kiron.

The mentioned data will be collected and processed for the purpose of facilitating your registration with IPSO and to support and assist you when you participate in this counseling service. We will collect this data only subject to your explicit consent. The legal basis for data processing is Art. 6 para. 1 s 1 lit. (a) GDPR. Also, we may collect information about the attendance to the sessions for statistical purposes and to evaluate the usage and effectiveness of this service.  In this case the legal basis for data processing is Article 6 para. 1 lit. (f) GDPR. Our legitimate interest follows from the purposes listed above for data collection. In no case we will receive any information about the content of the counseling sessions, which will remain fully confidential. 

 

Retention and Deletion

All the personal data related to the counseling process is stored in our Backend in a separate section dedicated to this purpose. In case you contacted us through the email [email protected], some data and information you may have provided may be stored on our customer relationship management system Zendesk. The data will be removed from the Backend and from Zendesk when you will cease being a Kiron student (S. Section 10 below).

 

Data Access and Transferal

Only Kiron employees with authorization can access the specific section of the Backend, where your personal information about the counseling service is held. The digital files will be accessible only to selected employees in charge of the counseling service. No data collected in the context of this purpose will be made available to third parties, other than, after you have provided your explicit consent, to IPSO.

 

Being a Kiron Student: Live Sessions Tutorials

Kiron offers its Students the possibility to attend tutorials on topics of their interest with Kiron’s volunteer staff. This service is offered to Students upon their request. In order to support you and to connect you as a Student with the suitable tutor, we may collect specific data and we may ask for your approval to communicate with tutors.

 

Data Collected and legal basis

When you show interest and when you attend the live sessions tutorials, we will collect the following data:

• Name, 


• Email address 


• Telephone number


• Your personal interests for the tutorials

 

The mentioned data will be collected and processed for the purpose of organising and facilitating your attendance of tutorials and to support and assist you when you participate in this service. We will collect this data only subject to your explicit consent. The legal basis for data processing is Article 6 para. 1 lit. (a) GDPR. Also, we may collect information about the attendance to the tutorial sessions for statistical purposes and to evaluate the usage and effectiveness of this service.  In this case the legal basis for data processing is Article 6 para. 1 lit. (f) GDPR. Our legitimate interest follows from the purposes listed above for data collection. In no case we will receive any information about the content of the tutorial sessions, which will remain fully confidential. 

 

Retention and Deletion

All the personal data related to the tutoring process is stored in our Backend in a separate section dedicated to this purpose. The data and information you have sent to the e-mail [email protected], may be stored on our customer relationship system Zendesk. We may retain the data collected for the purposes of this service also on digital files which will be stored in a dedicated section of our Google Drive system.

The data will be removed from the Backend, from Zendesk and from Drive when you will cease being a Kiron student (S. Section 10 below).

 

Data Access and Transferal

Only Kiron employees with authorization can access the Backend. No data collected in the context of this purpose will be made available to third parties, other than your e-mail address and name which will be shared, after you have provided your explicit consent, to the instructors.

Ceasing being a Kiron Student

You may terminate your membership with the Kiron Platform at any time. For this purpose please send an email to [email protected]. Further to your request of deletion: 

•   Your Student account will be removed from our platform and live systems within maximum 5 working days.


•   Data related to your account may remain in our backup systems for a period of time but will be irreversibly deleted or anonymised after 12 months at the latest.


•   All your personal data and references to you will be completely anonymized with the exception of the data, for which a legal requirement to retain exists.


•   Your profile in our forum (https://forum.kiron.ngo) will be anonymized. Any content you contributed to the forum, however, will remain, unless specifically deleted by you, and will be deleted after a maximum period of 12 months.


•   Upon account deletion, if you have received a students.kiron.ngo account provided by Kiron, this will be closed including  the email box and the Drive cloud storage and all information will be deleted from Google’s and Kiron’s servers. The data cannot be recovered once it is deleted. 

 

Your Rights: Right to information, questions, suggestions and comments

You have the right to be informed about your personal data stored in connection with the Kiron platform free of charge. Below you will find information on the rights the applicable data protection law grants you with regard to the processing of your personal data. 

1. The right to request information about your personal data processed by us pursuant to Art. 15 GDPR. In particular, you can request information on the purpose of processing, the category of personal data being processed, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification or erasure of personal data, or restriction of processing of your data, the right to lodge a complaint, what the source of the data is, if it wasn’t collected by us, and if any automated decision-making, including profiling exists and, where appropriate, meaningful information about their details.


2. The right, in accordance with Art. 16 GDPR, to demand the correction of incorrect or completion of incomplete personal data stored by us without delay.


3. The right to demand the deletion of your personal data stored with us, according to Art. 17 GDPR, as far as the processing is not required for the right of freedom of expression and information, the compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.


4. The right to demand the restriction of the processing of your personal data, in accordance with Art. 18 GDPR, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you oppose the erasure and we no longer need the data, but they are required by you for the establishment, exercise or defence of legal claims or you have lodged an objection against the processing pursuant to Art. 21 GDPR


5. The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our above named seat or, if applicable, your usual place of residence or work place.


6. Right to withdraw granted consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw the previously given consent in the processing of data at any time with effect for the future. In the case of withdrawal, we will delete the data concerned immediately, as far as further processing cannot be based on a legal basis where consent is not required for processing. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;

If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 s. 1 lit. (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is for reasons that arise from your particular situation. If you object to the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of specifying a particular situation.

If we process your personal data on the basis of your consent according to Article 6 para. 1 lit. (a) GDPR, you have the right according to Article 7 para. 3 GDPR to withdraw your consent to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future.

You can assert your right via email at: [email protected] or contact us at the contact details specified in section A.1. of this Privacy Policy.

 

Versions, Modification of this Privacy Policy

We reserve the right to change this Privacy Policy at any time in accordance with the law. In this way, we can adapt it to current legal requirements and take changes in our services into account, e.g. when introducing new services. The most current version applies to your visit.

 

This is version 5.0 of this policy, effective as of 10th August 2020. 

 

Previous versions:

Version 4.0 (effective from 25th May 2018 to 8th August 2020) can be found here.

Version 3.0 (effective from 18th January 2018 to 24th May 2018) can be found here.

Version 2.1 (effective from 13th October 2016 to 17th January 2018) can be found here.

Version 2.0 (effective from 1st July to 12th October 2016) can be found here.

Version 1.2 (effective from 11th May to 30th June 2016) can be found here.

Version 1.1 (effective from 16th March to 10th May 2016) can be found here.

Version 1.0 (effective from 15th October 2015 to 15th March 2016) can be found here.