Version 4.0 effective on 25 May 2018
Kiron.ngo is a collection of free services by
Kiron Open Higher Education gGmbH (haftungsbeschränkt)
Am Festungsgraben 1
10117 Berlin, Germany
hereinafter: “Kiron“ or “We”.
Data privacy is an important topic for us and we hold the protection of your personal data in very high esteem. We comply with the provisions of the German Federal Data Protection Act and the German Telemedia Act as well as with the EU General Data Protection Regulation.
Contact of Data Protection Officer
Right to information, questions, suggestions and comments
You have the right to be informed about your personal data stored in connection with the Kiron platform free of charge. Below you will find information on the rights the applicable data protection law grants you with regard to the processing of your personal data:
- The right to request information about your personal data processed by us pursuant to Art. 15 EU GDPR. In particular, you can request information on the purpose of processing, the category of personal data being processed, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification or erasure of personal data, or restriction of processing of your data, the right to lodge a complaint, what the source of the data is, if it wasn’t collected by us, and if any automated decision-making, including profiling exists and, where appropriate, meaningful information about their details.
- The right, in accordance with Art. 16 EU GDPR, to demand the correction of incorrect or completion of incomplete personal data stored by us without delay.
- The right to demand the deletion of your personal data stored with us, according to Art. 17 EU GDPR, as far as the processing is not required for the right of freedom of expression and information, the compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
- The right to demand the restriction of the processing of your personal data, in accordance with Art. 18 EU GDPR, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you opposes the erasure and we no longer need the data, but they are required by you for the establishment, exercise or defence of legal claims or you have lodged an objection against the processing pursuant to Art. 21 EU GDPR
- The right, in accordance with Art. 20 GDPR, to receive your personal data provided to us in a structured, common and machine-readable format or to request the transfer to another responsible person.
- The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our above named seat or, if applicable, your usual place of residence or work place.
- Right to withdraw granted consent pursuant to Art. 7 para. 3 EU GDPR: You have the right to withdraw the previously given consent in the processing of data at any time with effect for the future. In the case of withdrawal, we will delete the data concerned immediately, as far as further processing can not be based on a legal basis where consent is not required for processing. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
Right to Object
If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 s. 1 lit. f EU GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 EU GDPR, insofar as this is for reasons that arise from your particular situation. If you object to the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of specifying a particular situation.
Here is an overview of the different services at Kiron where personal data may be processed. Depending on your use of the our services different sets of data may be stored, as is described in detail below.
I. Accessing content at Kiron.ngo
II. Kiron newsletter
III. Being a Kiron student
IV. Transferral and Access of Data
V. Data analysis for scientific purposes
I. Accessing content at Kiron.ngo
Serving Content and IT Security
By requesting our websites and for the purpose of handling security incidents and to help diagnosing problems with our servers, we automatically store log files. This includes the following types of information:
- The domain you requested
- Information you have enter in form fields on our website.
- IP Address and Mobile Device ID (numbers which are automatically assigned to your device when you use the Internet)
- Technical information (such as browser type and -version, operating system
- Referrer URL (the page, from which this page was linked, including the search term, in case of a search engine)
- Time and date of the request.
For technical and security reasons, especially the prevention of attacks on our web servers, we store this information for a short period of time. These logs are deleted after 7 days or will be anonymized so that no attribution to any specific persons is possible. We do not use this information in any way for statistical analysis and do not link this information with any other data sources.
Web analytics via Google Analytics
We use Google Analytics, including the functionalities of Universal Analytics, a web analytics service provided by Google, Inc. (“Google”). Universal Analytics allows us to track usage on several devices (such as computer, tablet, smartphone). This is done by automatically assigning a pseudonym user-ID of the user. No personal identifiable information is passed to Google. Google Analytics also uses the cookies (detailed below), which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. IP anonymization is activated on this website: your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the whole IP address be first transferred to a Google server in the USA and truncated there. The IP anonymization is activated on these websites.
Google will use this information on behalf of Kiron for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to Kiron. All such reports will be deleted after 14 months.
Google Inc. is a company based in the United States of America and is certified through the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, which ensures compliance with EU data protection standards. This information helps us to improve our services and improve the experience you have on our websites which constitutes legitimate interests in accordance with Art. 6 para. 1 lit. f EU GDPR resp. art. 15 par. 3 German TMG.
As an alternative to the browser add-on or for browsers on mobile devices, you can click this link in order to opt-out from being tracked by Google Analytics on this website in the future (the opt-out applies only for the browser in which you set it and for web pages under this domain). An opt-out cookie will be stored on your device, which means that you’ll have to click this link again, if you delete your cookies.
Other External Services and Embedded Content
We may use a number of other external services embedded in our website to better display certain content or deliver additional services. Below is a list of services and their respective privacy policies:
- Google Maps, Google Fonts and Youtube Videos provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you load our websites the necessary Google provided files will be loaded by your web browser into the browser’s cache in order to display the content correctly. The use of these embedded tools results in a server call, generally one of Google’s servers in the USA. By this the server will be informed which page you have opened and what the IP address of the browser of your device is.
We are using Google Maps and Google Fonts and Youtube videos to optimize your experience on our websites and to improve their usability. This constitutes legitimate interests in accordance with Art. 6 para. 1 lit. f EU GDPR.
Google is certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, which ensures compliance with EU data protection standards more information can be found under the following links: https://policies.google.com/privacy and https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
- Fonts and Icons used on kiron.ngo are displayed via FontAwesome, property of Fonicon Inc, 6 Porter Road, Apartment 3R, Cambridge, MA 02140, United States. We do this to optimize your experience on this website and to improve its usability. This constitutes legitimate interests in accordance with Art. 6 para. 1 lit. f EU GDPR. https://fontawesome.com/privacy
- Donations via Betterplace by gut.org gAG, Schlesische Straße 26, 10997 Berlin, Germany. We may integrate donation buttons or links on our website. For more information on what information Betterplace may collect please see here: https://www.betterplace.org/c/privacy-policy
If any of the cookies which are implemented on our websites process personal information, then only for the purpose of improving the usability of the websites and within our legitimate interest in accordance with Art. 6 para. 1 lit. f EU GDPR.
You can set your browser so that it enables you to decide in each case whether or not to accept or reject all cookies or specific cookies being installed by a webpage. In case of non-acceptance of cookies, the functionality of the Kiron platform may be limited. More information about the cookie settings for your browser can be found under following links:
Google Chrome: https://support.google.com/chrome/answer/95647
Microsoft Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Apple Safari: https://support.apple.com/kb/ph21411
II. Kiron newsletter
Via our website you can also register for our Newsletter. In this case, you will have to consent to the following:
You are giving your consent to processing your email address for the purpose of sending a Newsletter with information about Kiron. We make use of a Double-Opt-In process which means you will receive an email after sign-up on our website and have to actively confirm your subscription. By this confirmation you consent that we may use your information in accordance with Art. 6 para. 1(f) EU GDPR to send you informational emails or updates regarding our services. Our email software may automatically track if an email has been opened.
You can, of course, unsubscribe from the newsletter at any time via email email@example.com, or better by following the instructions provided at the bottom of each newsletter. After unsubscribing, your email address will be removed from the system handling the newsletter.
We will not transfer the email address we have received for newsletters to any third party, except for the purpose of sending out the newsletter, where we may work with a specialised provider contracted by us:
Mailjet SAS, 13-13 bis, rue de l’Aubrac – 75012 Paris, France.
III. Being a Kiron student
Should you be interested in applying and registering to become a Kiron Student, you agree that the information you give us will be used for the purpose of helping you succeed with your online studies with Kiron, provide you with the services suiting to your situation and needs and to potentially support you in transferring to a university. We will explain here which information we collect and for what purpose.
In order to register as a Kiron Student, you must successfully apply first.
- First, we collect a set of information to prepare the registration, which will be later used as a Kiron student.
The application process meets also two more goals:
- To ensure that you are eligible for our free service, by providing some proof of your status as a “refugee”, as an internally displaced person or as a qualifying member of a host community in focus countries.
- To ensure that you meet our eligibility criteria as a Kiron student, according to your qualifications and motivation.
- To help identify the specific Student Services which will be offered to you upon successful registration.
Preparing the registration
The following data categories are collected and used to create your student account as an applicant:
- Personal details (e.g. name, gender, age, etc)
- Refugee status (e.g. nationality, legal status, UNHCR number (if available), etc.)
- Information about educational background (e.g. education level, where you went to school if you have documentation about your previous education, etc.)
- What your educational goals are (e.g. why you apply at Kiron, how you found Kiron, what your goals for studying at Kiron are, etc.)
We collect this data to optimize our services and guidance for you, f.e. information on specialized programs for female students (“gender”), guidance in applying to universities (“country”, questions related to former school degrees and to former university attendance) and additional student services (see below). Furthermore, we use the data for scientific purposes (“date of birth”, “nationality”, “how you heard about Kiron” and motivational questions; see below).
Kiron’s student services are targeted primarily at refugees in our focus countries. In addition, we accept internally displaced people and eligible members of host communities in Jordan and Lebanon. We must therefore assess your eligibility.
The respective documents uploaded by you are stored separately from your account information.
Completion of the Onboarding
Once successfully registering at Kiron, you will have to complete a series of steps, collectively called “Onboarding”, in order to gain access to certain Student Services. Non-completion of these steps may lead to a deactivation or blocking of your account.
Eligibility – Motivation
Eligibility to participate in Kiron requires filling out a form describing your motivation for becoming a Kiron student. After approving the application the data collected on your motivation is only used for scientific purposes and to further improve the service.
Registration and login via an account in Google’s G Suite
When your application is successful you will be provided an email account with an address having two letters, representing the first initial of your first and last names, and a number. For instance, the name “your name” could be used to assign an email address such as “firstname.lastname@example.org”. This account will be maintained by Google Inc., and administered by us as part of their Google-for-Nonprofits programme.
Google Inc. is a company based in the United States of America and is certified through the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, which ensures compliance with EU data protection standards.
Effectively, the account entails a number of functions, which are part of the G Suite. A core functionality, besides Email, is the use of the login-mechanism, i.e. you will need to login via this account, when wanting to access our services.
For further information see:
As a Kiron student you are given access to a number of services and functionalities of the platform, for which personal data needs to be collected. Specifically:
- to provide recommendations for online courses
- to transfer and provide access to MOOC-platforms such as edX and Coursera
- to provide further information about our products and recent developments at Kiron
- to deliver a possibility for exchange through our forum
- to invite you to Student Events
- to help you with transfer to a university
- To provide you with Mentoring services
- To provide you with “Direct Academics” tutorials and classes
Kiron may collect, process and use the content and other information users provide when using the services, including the data submitted for signing up for a service, creating or sharing content, and messaging or communicating with others on the website. Such information may include:
- first name
- last name
- date of birth
- phone number
Recommendation of courses
Kiron aims at providing an overview and specific recommendations for free online courses (Massively Open Online Courses, MOOCs), which fit your interests. Such recommendations may be selected by taking into account data Kiron has collected about you.
Our MOOC Partners
Kiron will allow you to get access to different free online courses, which are governed by their own separate privacy policies and terms of services. You can find a complete list of third party MOOC-Partners and their Privacy Policies and Terms of Services here.
Usually access to these services is granted via your Google G Suite login with your email@example.com account. You should login to the MOOC partners websites with your Kiron students account in order to come in favor of full functionality of these sites.
Transferal of Data from our partners
Furthermore, Kiron may receive information about the users and their activities (e.g. participation and completion of courses and programs) on and off the service from third-party partners, such as information from a MOOC-partners on the choice of subject, study record, period of study, results of completion. The processing of this information is necessary for the purposes of the legitimate interests in accordance with art. 6 para. 1 lit. f EU GDPR.
Additional Information via phone, email and other means
Kiron may send you updated information via email or other messaging services for which the respective contact details are used.
These services include:
- WhatsApp: for certain services we may also ask you to communicate through WhatsApp Messenger service (https://www.whatsapp.com/legal/#privacy-policy). You will be asked for your specific consent to communicate via WhatsApp.
- MailJet: used for delivering emails to students and people who signed up to receive mailings from Kiron (https://www.mailjet.com/privacy_policy)
- MessageBird: to deliver SMS messages to students. (https://www.messagebird.com/en/privacy)
- Google Hangouts: may be used for phone conversations with students and video calls within Kiron-organized group tutorial sessions (https://www.google.com/+/policy/call-phones-terms.html)
- Calendly: For a few services you may be asked to use the service offered by Calendly for scheduling meeting times (https://calendly.com/pages/privacy/)
- Facebook Groups: May be used for recruiting purposes and for the organization of student events. (https://www.facebook.com/policy.php)
Other than in the aforementioned cases Kiron will not transmit your personal data to any third parties, unless we are obliged to do so because of German legal regulations (e.g. disclosure to courts or law enforcement authorities), you have given us your explicit consent, or the disclosure is permitted by law. A disclosure may for example be permitted when such disclosure is required for us to be able to render our services to the user on the Kiron platform (e.g. see above: transfer of personal data to our MOOC-partners).
Forum based on Discourse Software (use optional)
Kiron also creates an account for you for our internal discussion forum based on the Discourse platform. This forum is meant to exchange your experience with other students or with members of the team at Kiron and the forums moderators may remove content at the discretion of Kiron and in regard with the forums code of conduct which can be found under https://forum.kiron.ngo/faq (once logged in).
Using the forum is optional, but you need to be aware that content you provide within the forum may be accessed by a larger audience. The forum is not accessible by external search engines, such as Google or Bing. The forum is only accessible via login with an email address granted by Kiron.
Kiron will provide specific offers based on the country or city you are currently located in. Kiron needs to know in which country you are currently located in order to offer these services. Additionally, you may provide your current city in order to further allow for tailoring of services.
We make use of the Google Location API when you enter your location on our website to be able to serve you better based on your location and in accordance with Art. 6 para. 1(f) EU GDPR.
Kiron periodically organizes events for its students and may collect specific information to facilitate the organization of such events. The participation in such events is optional and the information provided by you is used only for the organization of the specific event. Kiron may keep a record of which students participated at student events.
Kiron offers (optional) language courses and works with partners to provide you with language learning opportunities. Language partners may ask you for personal information on their website and Kiron may receive and store some info about your participation, about your language test results, etc. from the partners.
Transfer to University
For connecting you as a students to partner universities, we may ask for your approval to communicate with universities using your name and application number.
With your consent we may help you submit your application at a university and therefore transfer your personal information to the university. We will not disclose any information which you have not given explicit permission.
Online mentoring is provided in partnership with Volunteer Vision (https://www.volunteer-vision.com). You will create a separate user account on the partners website. If you signed up to this service through your membership at Kiron, these partners may share basic data about your participation in their programs (i.e. if you attended the program or not) with Kiron.
Online mentoring is provided in partnership with IPSO (https://ipsocontext.org). You will create a separate user account on the partners website. If you signed up to this service through your membership at Kiron, these partners may share basic data about your participation in their programs (i.e. if you attended the program or not) with Kiron.
Certificate of Enrollment
Kiron may provide you with a non-legally binding document which says that you are enrolled at Kiron. We may ask you about the purpose of the request and will use this information for statistics and to help us identify students with the potential to transfer to a university.
Termination of membership
You may terminate your membership with the Kiron platform at any time. For this purpose please send an email to firstname.lastname@example.org. Accounts may get disabled or deleted if we detect inactivity for an extended period of time and only if repeated notification emails remain unanswered.
- Your account will be removed from our platform and live systems within maximum 5 working days.
- Data related to your account may remain in our backup systems for a period of time but will be irreversibly deleted after 12 months at the latest.
- When terminating your membership, all your personal data and references to you will be completely anonymized with the exception of the data, for which a legal requirement to retain exists.
- Your profile in our forum (https://forum.kiron.ngo) will be anonymized. Any content you contributed to the forum, however, will remain unless specifically deleted by you.
- Upon account deletion – either by students’ request or upon extended inactivity – the Google Account provided by Kiron (email address ending in @students.kiron.ngo) including the Gmail email box and the Drive cloud storage will be closed and all information will be deleted from Google’s and Kiron’s servers. The data cannot be recovered once it is deleted.
IV. Transferral and Access of Data
Our employees, volunteers and contractors have access to the data based on our Access control policies and are contractually bound to keep the information confidential.
Kiron uses service providers in order to operate and maintain the Kiron platform. The service providers will process the data exclusively in accordance with the instructions of Kiron and have been obliged to comply with the applicable data protection regulations. Kiron and its assigned service providers will take reasonable technical and organizational precautions in order to protect the data of the users. Depending on your use of our services different sets of data may be processed or stored, as is described in detail below.
Your data will not be transferred to any third parties unless
- we have explicitly indicated this in the description of such data processing,
- you have given express consent pursuant to Art. 6 para. 1 sentence 1 lit. a EU GDPR
- disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f EU GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in the non-disclosure of your data,
- in the event that the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c EU GDPR is a legal obligation and
- insofar as this is required by Art. 6 para. 1 p. 1 lit. b DSGVO for the settlement of contractual relationships with you.
Any Third Party Processor which handles information on Kiron’s behalf is required to do so in accordance with contractual terms which require that the information is kept secure, is processed in accordance with applicable data protection laws, and used only as we have instructed and not for that Third Party Processor’s own purposes (unless you have explicitly consented to them doing so).
If our use of a Third Party Processor involves the transfer of personal data to a location outside of the European Economic Area, we will put appropriate measures in place to ensure that the personal data is adequately protected in that location, most often by applying European Commission-approved standard contractual clauses alongside robust security checks.
We want to give you more detailed information about our most important data processing service providers:
Amazon Web Services (AWS)
All Kiron servers and data storages are hosted at AWS and are located within the European Union.
Contact: Amazon Web Services, Inc., P.O. Box 81226, Seattle, WA 98108-1226
Amazon Web Services is compliant within EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and the European GDPR regulations.. More information: https://aws.amazon.com/compliance/eu-data-protection/
Our Student communications, Support Ticketing system, Support Portal and knowledge base, Feedback and suggestions section are using a software solution by LiveAgent. Data including email contact information, IP-address logs as well as email content is stored on servers hosted by LiveAgent.
Contact: Quality Unit, LLC, 3616 Kirkwood Highway, Suite A #1130, Wilmington DE 19808
All servers by LiveAgent are hosted in the European Union are compliant with European GDPR. More information: https://www.ladesk.com/security-privacy-policy/
We use the CRM software solution provided by Hubspot, Inc, and Hubspot may store contact and correspondence information of external parties Kiron interacts with on their servers. This does not include personal information of our students.
Contact: HubSpot, Inc., European Headquarters, One Dockland Central, Dublin 1, Ireland
HubSpot complies with the EU-U.S. Privacy Shield Principles for all onward transfers of personal data from the EU. More information: https://legal.hubspot.com/privacy-policy/
V. Data analysis for scientific purposes
Kiron may analyze the data collected for scientific purposes in order to conduct academic surveys and research, such as evaluating key performance indicators, social impact and scientifically analyze the services. Such research will be conducted by Kiron or its research partners either in accordance with the respective legislation, using anonymized and pseudonymized data, whenever possible, or after you have explicitly consented to be part of such research.
We may modify this policy from time to time and adjust it according to the underlying data processing. When we make changes to this policy we will inform users on our website, via app or via email.
This is the fourth version of this policy: Version 4.0 (effective May 25th 2018).
Version 3.0 (effective from 18th January 2018 to 24th May 2018) can be found here.
Version 2.1 (effective from 13th October 2016 to 17th January 2018) can be found here.
Version 2.0 (effective from 1st July to 12th October 2016) can be found here.
Version 1.2 (effective from 11th May to 30th June 2016) can be found here.
Version 1.1 (effective from 16th March to 10th May 2016) can be found here.
Version 1.0 (effective from 15th October 2015 to 15th March 2016) can be found here.