Privacy Policy for Hogrefe Ltd

Thank you for visiting the Hogrefe website. In order to improve our website, we continually optimise the site’s functions and services. In doing so, security is a priority for us. You trust us with your personal data when you use our website and we know that this trust is to be valued, which is why we handle your data with special care.

This document outlines how your personal data is collected when you use our website, our online portal (Hogrefe Test System) or apply for a job with Hogrefe. Personal data is all data that personally relates to you, e.g. name, address, e-mail address(es), user behaviour. We have taken extensive technical and operational precautions to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are reviewed regularly and adapted to take technological progress into account.

1 Controller for data processing

The controller pursuant to Article 4 Paragraph 7 of the EU General Data Protection Regulation (GDPR) is

Hogrefe Ltd
Hogrefe House
Albion Place
Oxford OX1 1QZ
United Kindom
+ 44 (0)1865 797920
customersupport@hogrefe.co.uk

2 Option to contact the Data Protection Officer

You can contact our Data Protection Officer via email or via our postal address, marked for the attention of The Data Protection Officer.

3 Your rights

You have the following rights with respect to personal data that relate to you:

3.1 General rights

You have a right to information, rectification, erasure, restriction of processing, objection to processing and data transferability. If processing is based on your consent, you have the right to revoke this consent with future effect.

3.2 Data processing rights based on legitimate interests

Pursuant to Article 21 Paragraph 1 of the GDPR, you have the right to object against the processing of personal data that relate to you that takes place on the basis of Article 6 Paragraph 1e of the GDPR (data processing in the public interest) or based on Article 6 Paragraph 1f of the GDPR (data processing for the purposes of legitimate interests); this also applies to profiling supported by this provision. If you object, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or if processing serves to assert, exercise or defend legal claims.

3.3 Rights for direct advertising

If we process your personal data to directly advertise to you, you have the right to object to the processing of the personal data that relate to you for the purposes of such advertising at any time, pursuant to Article 21 Paragraph 2 of the GDPR; this also applies to profiling if it relates to such direct advertising.

If you object to processing for the purposes of direct advertising, we will no longer use your personal data for these purposes.

3.4 Right to complain to a supervisory authority

You also have the right to complain to a responsible data protection supervisory authority about us processing your personal data.

4 Collecting personal data when you visit our website

When simply using the website for browsing, i.e. if you don’t register or send us information in another way, we only collect personal data that your browser sends to our server. If you want to view our website, we collect the following data that are required for technical reasons in order for us to display our website and guarantee its stability and safety. The legal basis for this is Article 6 Paragraph 1f of the GDPR:

IP  address, date and time of request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, respective volume of data transmitted, website that the request has come from, browser, operating system, and the interface, language and version of browser software.

These data cannot be used by us to identify the individual user. This information is only evaluated by us in an anonymised way for statistical purposes.

5 Contacting us by e-mail or via the contact form

When you contact us by e-mail or via the contact form, we store data you have shared to respond to your question or issue. If we ask for information via our contact form that is not required in order for you to get in touch, we mark this as optional. This information is used to clearly define your request and to improve how your concern is processed. This information is explicitly provided on a voluntary basis and with your consent; Article 6 Paragraph 1a of the GDPR. If this information relates to channels of communication (for example, e-mail address, phone number), you are also agreeing that we may contact you via these channels of communication where necessary in order to respond to your concern. You can of course withdraw this consent with future effect at any time.

We delete such data when they no longer need to be saved, or we restrict their processing if legal retention periods apply.

6 Newsletter

6.1 General information

You can subscribe to our newsletter, which shows our current offers, by providing your consent in accordance with Article 6 Paragraph 1a of the GDPR.

We use the ‘double opt-in process’ when registering for our newsletter. This means that once you have registered your e-mail address, we send you a confirmation e-mail to that e-mail address in which we ask you to confirm that you want us to send newsletters. If you do not confirm registration within 24 hours, your information will be locked and automatically deleted after a month .

We also save the IP addresses you use and the time of registration and confirmation. The purpose of this process is to provide evidence of your registration and to be able to clarify any potential misuse of your personal data, where necessary.

We only require an e-mail address to send newsletters. Once you have confirmed your registration, we save your e-mail address for the purpose of sending newsletters. The legal basis for this is Article 6 Paragraph 1a of the GDPR.

You do of course have the option of unsubscribing from the newsletter at any time, and withdrawing the consent given with future effect. In order to do so, please click on the unsubscribe button in the newsletter received.

7 Registration and client accounts

You have the option of registering with us for a client account. We collect and store the following data about you for registration:

  • Prefix/Title
  • First name
  • Last name
  • E-mail (user name)
  • Password
  • ‘Private’ or ‘Company’ account type

We use a ‘double opt-in process’ for registration, i.e. your registration is only confirmed if you have first confirmed your registration by clicking on the link in a confirmation e-mail sent to you. If you do not confirm registration within 24 hours, your registration is automatically deleted from our database. The above-mentioned data is mandatory, however all other information can be provided on a voluntary basis via our portal.

After successful registration, you are given personal, password-protected login details and you can view and manage the data you have saved. Registration is voluntary, but may be required to use our services.

8 Online orders - Shop

If you place an order with us online through our website, we collect various data required to conclude the contract. The legal basis for conclusion is the execution of a contract based on Article 6 Paragraph 1b of the GDPR. Data is stored for the duration of the contract and in accordance with legal obligations. We use a number of payment service providers to process payments, which are always specified and directly accept your input, and are therefore the recipients of your personal data collected in connection with the payment process. The legal basis for using payment service providers is contract processing pursuant to Article 6 Paragraph 1b of the GDPR. Data for payment purposes is stored for the duration of payment processing.

9 Download of supplementary materials

For some of our titles, seminars or workshops you have the possibility to download supplementary material from our website. Registration in our online shop is required for this purpose. When you register, we store the following personal data: first and last name, e-mail address, and a password to be assigned. Additional information is voluntary and marked as such.

After registration, you will receive a personal, password-protected access and can view and manage your stored data.  Registration is voluntary, but is a condition for using the download option.

By registering, you will be given an automatically generated and pseudonymous (registration) number. This number appears in the watermark of the requested files.

We store your personal data collected during registration until you permanently delete your account. The legal basis for this data processing is Art. 6 para. 1 lit. a, b and f GDPR.

10 Hogrefe Testsystem (HTS)

You can find more information about data protection within the scope of the Hogrefe Testsystem (HTS) at Data protection in the Hogrefe Testsystem online portal.

If you use our portal, we store data about you that is required to fulfil our contract, and information about the payment method, where necessary, until your access expires. We also store data provided by you on a voluntary basis for as long as you use the portal, unless you delete this beforehand. You can manage and change all information in the protected client area. The legal basis for this is Article 6 Paragraphs 1a, 1b and 1f of the GDPR.

11 Job applications

You can send an application to our company electronically, or by post. We only use your information to process your application and do not share it with third parties. Please note that unencrypted e-mails are not sent in a way that protects them against access.

Your personal data is deleted as soon as the application process comes to an end, or after a maximum of 6 months if you have given your explicit consent for us to store your data for longer, or if it results in a contract being concluded. The legal basis for this is Article 6 Paragraphs 1a, 1b and 1f of the GDPR.

12 Using social plug-ins

This website uses social plug-ins from the providers

  • Twitter (operator: Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA)
  • Google+ (operator: Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
  • LinkedIn (operator: LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA)
  • Facebook (operator: Meta Platforms Inc., 1 Hacker Way Menlo Park, CA 94025, USA)
  • Instagram (operator: Meta Platforms Inc., 1 Hacker Way Menlo Park, CA 94025, USA)
  • Youtube (operator: Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

These plug-ins normally collect data from you and send this to the respective provider’s servers by default. To ensure your privacy is protected, we have taken technical measures to ensure that your data cannot be collected by plug-in providers without your consent. If you access a page that contains plug-ins, these should first be deactivated. Plug-ins are only activated by clicking on the respective symbol, which means you consent to your data being sent to the respective provider. The legal basis for using plug-ins is Article 6 Paragraph 1a and 1f of the GDPR.

Once activated, plug-ins also collect personal data, such as your IP address, and send this to the respective provider’s servers, where this is stored. Activated social plug-ins also store a cookie with a unique ID when the respective website is accessed. Providers can also create a profile that relates to your user behaviour. This is created even if you are not a member of the respective provider’s social network. If you are a member of the provider’s social network and are logged into the social network when you visit this website, your data and information about your visit to this website can be associated with your profile on the social network. We have no influence over the exact scope of the data collected by the respective provider. You can find more information about the scope, type and purpose of data processing and about your rights and settings options to protect your privacy in the privacy policies for each social network provider. These are available on the following sites:

Twitter
Google
LinkedIn

13 Using cookies

Cookies are stored on your machine when you use our website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and used to send specific information to the party that has placed the cookie on your machine. Cookies cannot run any programs or place any viruses on your computer. They are used to make the website more user-friendly and effective overall. We  also use cookies to be able to identify you when you visit us again if you have an account with us. Otherwise, you are required to log in again each time you visit.

This website uses the following types of cookies, the extent and functionality of which is outlined below:

13.1 Transient cookies

These cookies are automatically deleted when you close your browser. This particularly includes session cookies. These store a ‘session ID’, which is used to assign requests from your browser to the overall session. This means that your machine can be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

13.2 Persistent cookies

These cookies are automatically deleted after a set period of time that the cookie can distinguish between. You can delete cookies at any time through your browser’s security settings.

14 Tracking

14.1 Google Analytics

If you have given your consent, we use Google Analytics, a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Analytics uses cookies that enable your use of our website to be analyzed. The information collected by the cookies about your use of this website is generally transmitted to a Google server in the USA and stored there.

We use the User ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze user behavior across devices.

We use the 'anonymizeIP' function (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to the website, the following data is collected: the pages you have accessed, your "click path", achievement of "website goals" (conversions, e.g. newsletter registrations, downloads), your newsletter registrations, downloads), your user behavior (e.g. clicks, dwell time, bounce rates), your approximate location (region), your IP address (in abbreviated form), technical information about your browser and the end devices you use (e.g. language setting, screen resolution), your Internet provider and the referrer URL (via which website/advertising medium you came to this website).

On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as the processor. We have concluded a data processing agreement with Google for this purpose. Google LLC, based in California, USA, and, if applicable, US authorities can access the data stored by Google.

The data sent by us and linked to cookies is deleted automatically. Data that has reached the end of its retention period is automatically deleted once a month.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by

a. Not giving your consent to the setting of the cookie or

b. downloading and installing the browser add-on to deactivate Google Analytics.

You can also prevent the storage of cookies by selecting the appropriate settings in your browser software. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. To prevent Universal Analytics from collecting data across different devices, you must opt out on all systems used.

You can find more information on the terms of use of Google Analytics and data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=en.

The legal basis for this data processing is your consent, Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

15 Advertising

We send advertising material by email to draw attention to our current developments, products and offers. The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future. You can send your revocation at any time to the contact details of our data protection officer. Your personal data will be deleted after you withdraw your consent.

15.1 Google Ads

We use the Google Ads service. Google Ads is an online advertising program from Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

This means that we place Google Ads ads and also use Google Remarketing and conversion tracking as part of this. The ads are displayed after search queries on websites in the Google advertising network. We also use Ads remarketing lists for search ads. This allows us to customize search ad campaigns for users who have already visited our website. The services allow us to combine our ads with certain search terms or to place ads for previous visitors that advertise, for example, services that visitors have viewed on our website. This allows us to display interest-based advertising to users of our website on other websites within the Google advertising network (as a "Google ad" in Google Search or on other websites).

An analysis of online user behavior is necessary for interest-based offers. Google uses cookies to carry out this analysis. When you click on an advertisement or visit our website, Google places a cookie on the user's computer. These cookies have a duration of 90 days. The information collected by the respective cookie is used to target the visitor in a subsequent search query. Further information on the cookie technology used can also be found in Google's notes on website statistics and in the privacy policy. With the help of this technology, Google and we as a customer receive information that a user has clicked on an advertisement and has been forwarded to our websites. The information obtained in this way is used exclusively for statistical analysis to optimize advertising. We do not receive any information with which visitors can be personally identified. Your IP address is transmitted to Google, but as we use Google's IP masking function on this website as part of the use of Google Analytics, your IP address is anonymized. The statistics provided to us by Google include the total number of users who clicked on one of our ads and, if applicable, whether they were redirected to a page on our website with a conversion tag. Based on these statistics, we can see which search terms were clicked on our ad particularly often and which ads lead to the user contacting us via the contact form.

Insofar as data is processed outside the EEA, where there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish a secure level of data protection.

You can find more information on data protection in the context of Google Ads at: https://policies.google.com/technologies/ads?hl=en

Data is only collected and stored with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR. This can be revoked at any time with effect for the future.

If you do not want your visit to be included in the user statistics, you can prevent this by preventing the storage of the cookie required for these technologies, e.g. via your browser settings.

You also have the option of selecting the types of Google ads or deactivating interest-based ads on Google via the ad settings. Alternatively, you can deactivate the use of cookies by third-party providers by calling up the deactivation help of the network advertising initiative. However, we and Google will continue to receive statistical information about how many users have visited this site and when. If you do not wish to be included in these statistics either, you can prevent this with the help of additional programs for your browser (e.g. with the Ghostery add-on).

16 Data transfer

Your data will not be transferred to third parties unless we are legally obliged to do so, if we are required to transfer data to execute the contractual relationship or if you have previously given your express consent for your data to be transferred.

External service providers and partner companies, such as online payment providers or shipping companies engaged for deliveries only receive data if this is required in order to process your order. In these cases, the scope of the data transfer is restricted to the required minimum. If our service providers come into contact with your personal data, we ensure that they comply with the provisions of data protection laws to the same extent that we do, as part of contract processing pursuant to Article 28 of the GDPR. Please also take note of the each provider’s privacy policy. The respective service provider is responsible for the content of third-party services, whereby we review the services for compliance with legal requirements, where this is reasonable.

17 Data security

We have taken extensive technical and operational precautions to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are reviewed regularly and adapted to take technological progress into account.

Hogrefe Ltd, May 2018