Privacy Statement

Privacy Statement

1. Responsible person

ETHOS AI Training & Consultancy Gmbh

Weihenstephaner Str.12

81673 Munich

Email: datenschutz@womenaiacademy.com

2. Questions about data protection and your rights

If you have any questions regarding the processing or protection of your data or would like to exercise your rights under applicable laws, please contact us using the contact details above.

3. Orders

When you order a service we offer, we process the data you provide to conclude and implement the relevant contract. The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. If you place an order via our website, we are required by law to send you an order confirmation by email to the email address you provided. In addition, we are subject to legal recording and storage obligations upon conclusion of the contract. The legal basis for the corresponding processing is Article 6 Paragraph 1 Letter 1 Letter c) GDPR.

We also process the data you provide to detect and prevent attempted fraud on the basis of Article 6 Paragraph 1 Letter 1 Letter f) GDPR. Our aim is to protect ourselves from fraudulent transactions.

The data will be deleted if there is a legal obligation, if the retention obligation no longer applies, unless we are entitled to further processing (e.g. in a legal dispute). Furthermore, we delete the data if it is no longer required to prove the existence or non-existence of a right.

4. Payment providers

The respective provider is responsible for data protection law for all payment options we offer. If data (name, address, purchase price to be paid) is transmitted to the respective payment provider in order to carry out a contract with you, this is done on the basis of Art. 6 para. 1 lit. b) GDPR, so that the respective payment provider has the data that it needs to carry out the payment process and select the available payment methods. If the payment service provider transmits data from you to us, we will also use this data to process the corresponding contractual relationship with you. The legal basis is therefore also Art. 6 para. 1 lit. b) GDPR.

5. Registration of a customer account

If you register a customer account on our website, we process the data you provide to set up and manage the customer account and to enable you to use the services we offer in connection with the customer account. In the customer account, in addition to the data you provided during the setup process, we can process other data related to the use of the account, such as: B. an order history. The legal basis for the corresponding processing of your data is Art. 6 para. 1 lit. b) GDPR.

We will send you an email to the email address you provided during registration asking you to confirm your registration. For your and our protection, we want to prevent third parties from opening a customer account by misusing your email address. The legal basis for this is Art. 6 para. 1 lit. f) GDPR.

This customer account data will be stored until the customer account is deleted. If we are legally obliged to store it for a longer period of time (e.g. to fulfill billing obligations or provide evidence required by law) or we are legally entitled to store it for a longer period of time (e.g. due to an ongoing legal dispute against the holder of a customer account), the Data will be deleted after the retention period or authorization has expired.

6. E-mail newsletter

When you register for our email newsletter, we process the data you provide. We process this data to create and send our newsletter. The legal basis for processing is based on your consent, Article 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with future effect. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.

To confirm your subscription to the newsletter, you must click on the confirmation link in the verification email that we send you after you subscribe. By clicking on the link provided in the verification message, we process the date and time of the click, the content of the message sent to you and the email address used. This is done to prove that you have registered for the newsletter and confirmed your consent. The legal basis for this processing is Art. 6 (1) lit. c) GDPR, as we are legally obliged to be able to prove your consent.

We will delete your personal data in connection with the newsletter subscription after you unsubscribe. We will delete data that we need to provide proof of your newsletter registration after the statute of limitations for the corresponding proof obligations has expired.

7. Contact form

If you use our contact form, we will use the data you provide to process your request. The legal basis for this is our legitimate interest in processing your request in accordance with Section 6 para. 1 lit. f) GDPR. If your request serves to conclude a contract with us, the further legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

Your data will be deleted after your request has been processed, unless we are legally obliged to retain it for a longer period. In this case, deletion takes place after the corresponding obligation has expired.

8. Zoom

We use Zoom for courses and webinars (together “online meeting”). The provider of this product is Zoom Video Communications, Inc. Zoom’s data protection declaration and business address can be found at https://zoom.us/de-de/privacy.html.
Please note that our privacy policy does not apply to the zoom.us website, but only to the use of the Zoom service. However, you are not required to visit the Website to join an online meeting unless you choose to download the Zoom software to join an online meeting, which may provide you with more advanced features than joining in a meeting via your web browser. However, you do not need to download the software to join one of our online meetings.

a. Which personal data do we process? First, we process the personal data that you send to us directly in advance of the online meeting, e.g. B. when registering for a webinar. We also process personal data that you provide to us when you participate in an online meeting. The following personal data is processed:

● Personal Information: Name, this does not have to be your real name, but providing your real name will allow participants to identify you. Optionally, you can provide the following information in a Zoom account: telephone number, email address, profile picture
● Audio or video data if you activated your microphone or video camera during the online meeting. These do not need to be activated if you do not want to actively participate in the online meeting or you can deactivate them at any time.
● Metadata for an online meeting: topic, description (optional), participant IP addresses, device/hardware information.
● For recordings of an online meeting (optional and only with advance notice, an ongoing recording is also marked with an icon in Zoom): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, a text file of the online meeting -Chats.
● When dialing into an online meeting with your phone: phone number, country name, start and end time. If necessary, additional connection data such as the IP address of the device can be processed.
● Text, audio and video data: The chat, question or survey functions can be used in an online meeting. In this case, the entries you make will be processed in order to display them in the online meeting and, if necessary, to record them.

b. Required data When registering for the online meeting, you must provide your name and, if applicable, your email address in order to gain access. In addition, the Zoom client collects data necessary to provide the service. This includes in particular technical data about your devices, your network and an internet connection, such as: B. IP address, device type, operating system type and version, client version, camera type, microphone or speaker, type of connection.
c. Purpose of processing The purpose of using Zoom is to hold online meetings. If an online meeting is recorded, this will only be done after prior notice and for the purposes previously communicated to you (e.g. in the online meeting). We may later make recordings of webinars publicly available for viewing by the general public. We use the content of the chat for an online meeting as well as content related to the question or survey function to implement the purposes apparent from the questions or surveys. If you have a Zoom user account, online meeting reports (meeting metadata, telephone dial-in data, webinar Q&A, webinar polling feature) may be retained by Zoom for up to one month. The attention monitoring option offered by Zoom is disabled. Automated decision-making within the meaning of Art. 22 GDPR is not used.
d. Legal basis for data processing If you take part in an online meeting as part of the fulfillment of a contract with us, the legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR. If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest in using Zoom is to effectively conduct “online meetings”, as we ourselves do not have the necessary technical equipment and know-how.
e. Transfer of personal data to third parties
Your personal data will only be passed on if this is necessary to carry out the online meeting, e.g. transmitting your audio or video recordings and chat entries, etc. to the participants in the online meeting. In addition, data is transferred if this is in the nature of the data transferred to us, e.g. if you send it to us for further business purposes, such as interest in certain services or contacting third parties. In addition, Zoom Video Communications, Inc. is a recipient of the data because it acts as a data processor on our behalf and provides Zoom in accordance with our processing agreement with “Zoom”.
f. Data processing outside the European Union For the use of Zoom, we have commissioned Zoom Video Communications Inc. as a service provider and processor within the meaning of Article 28 GDPR. Data processing can also take place outside the EU or EEA. An adequate level of data protection in accordance with Article 46 (2) (c) GDPR is achieved through the use of EU standard contractual clauses as well as other adequate measures (setting up end-to-end encryption and using the data routing feature; this is the ability to determine for yourself which data centers the data should flow through during meetings and webinars.). We will be happy to provide you with the concluded EU standard contractual clauses upon request.

9. Advertising Services

In order to advertise the services we offer and thus attract customers, we use the following services based on your consent, which can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a) GDPR. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation. You can revoke your consent with effect for the future by sending an email to datenschutz@womenaiacademy.com for the website. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation. In addition, the services offer you the opportunity to object to their use in general and not just for our website. We point this out to the respective services. Please note that the consent you have given relates to two circumstances:
1. the storage of cookies on the device you use;
2. the use of the respective service as such.

10. Web fonts

To display our website, we use fonts that are loaded from third-party sites. Our legitimate interest in using web fonts is to ensure a uniform presentation of our offers and thus their functionality on all devices. When you access our website, the browser you use loads the fonts required for its correct display in order to display it as specified by us. If your browser does not support web fonts, a standard font on your device will be used to display our website.

The legal basis for the processing is Art. 6 para. 1 f. GDPR.

The fonts we use are provided by companies in the Google group. If you are located in the European Economic Area or Switzerland, they are provided to you by Google Ireland Limited (“Google”), a company incorporated and operating under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street , Dublin 4, Ireland;

https://www.google.de/contact/impressum.html.
For more information about Google Web Fonts, see
https://developers.google.com/fonts/faq.
Google’s general data protection declaration applies here, which is available at
https://www.google.com/policies/privacy/

11. Warning about data transfers to third countries

For various services that are used on our website with your consent or that data is processed via the website (e.g. for advertising purposes), you will find a warning in this data protection declaration that data may be transferred to third countries.

A. What does this warning mean?
If data is transferred to a third country, your personal data will leave the scope of the GDPR there. In individual cases, a level of data protection may apply in third countries that does not meet the requirements of the GDPR. For some countries, e.g. Switzerland, there is a so-called adequacy decision. According to the EU Commission, the level of data protection in these countries corresponds to the requirements of the GDPR. They are therefore considered harmless under data protection law. Such a decision does not exist for other countries, in particular the USA, as these countries do not have a level of protection for your personal data that corresponds to the GDPR. Therefore, when data is transferred to a third country, your personal data may be transferred to a country that does not have a data protection level that complies with the GDPR.

B. What does this mean for your personal data?
Many companies use service providers to process personal data. In other cases, large companies such as Google, Amazon, Facebook or Apple have numerous different companies in different countries, each of which does not carry out data processing individually. Rather, they use group-wide IT services, so that, for example, a company in Ireland uses services from the parent company in the USA. For this purpose, personal data is either transferred to the USA or the parent company from the USA has access to the data in the EU. By concluding so-called standard contractual clauses, the GDPR allows parties to stipulate that the contractual partner, e.g. the parent company in the USA, must meet the requirements of the GDPR for the corresponding data processing, even if these requirements would otherwise not apply to the contractual partner. This is intended to contractually create a level of data protection that corresponds to the GDPR so that the persons concerned are not placed in a worse position than if their personal data were processed in the EU.

However, contracts only bind the parties and not third parties such as authorities. Therefore, government authorities in a country like the US may have the right to access EU citizens’ personal data, even if it violates their rights. This access can be very comprehensive and relate to all of your data processed there. They can take place without a judge or similar having to order them. They can be secret so that you do not know about these accesses. And you may not have the ability to defend against access and use of your data, especially in court. In addition, the data subject rights to which you are entitled under the GDPR (e.g. information, deletion) may not exist or may not be enforced. The data processed in this way can also be combined with other data relating to you from other sources, for example to create a profile about you.

Such use of your data may, but does not have to, result in disadvantages for you. Since government bodies in third countries in particular are not subject to EU law or German law, it cannot be specified what these disadvantages might consist of. Disadvantages can therefore be of any kind, e.g. economic or political. For example, you may be refused entry into a country, or your data may be used against you in foreign criminal proceedings. The disadvantages can be very serious in individual cases.

C. What are my risks?
We cannot give a general answer as to how high the risks described are in individual cases. We can only point out that the crucial question is which service and therefore which company has access to the data concerning you in connection with your use of our website. It is also important to know which personal data is affected. We assume that our website is only involved in possible processing of personal data in third countries in connection with advertising services such as Google, Microsoft or Facebook. Such data includes which website you visited and when, how long you stayed there, approximately where you accessed it from, what device or software (browser, app) was used, and what interactions you may have made on the website have transferred to the operator of the service (e.g. purchasing a product after clicking on an ad). Please read the information about the respective services. For this purpose, we refer to the respective data protection information of the services. The links to these can be found in this data protection declaration in the description of the respective service.

You must consider for yourself whether giving consent and a possible transfer to a third country could create a situation for you that you do not want to live with. In this case, please do not give your consent to use these services.

D. You will not suffer any disadvantages if you do not give your consent.
If you do not wish to give your consent to the use of certain or all services or the storage of cookies, you will not suffer any disadvantages on our website. All our offers are available to our customers on the same terms and conditions, regardless of whether they give their consent or not. Of course, you can also revoke your consent at any time with future effect.

12. Glossary of various terms

Browser – This is the software you use to surf the Internet and visit our website. EEA – is the European Economic Area. In addition to the EU states, these are the countries Iceland, Liechtenstein and Norway. Third countries – are states that do not belong to the EEA and for which there is no adequacy decision from the EU Commission
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
IP address – Every device that exchanges data over the Internet requires a unique identifier, otherwise data (e.g. websites) intended to be sent to that device cannot be delivered. The device you use, smartphone, tablet, etc. uses an IP address so that it can access and receive data from the Internet. Typically, you don’t use a separate IP address for each device, but rather the devices you use to connect to the Internet (e.g. your home Internet router) leave all devices on a network under a common IP address appear to the outside. lit. – is a Latin abbreviation for “letter”, used when quoting legal texts. This means that Section 6 Paragraph has been triggered. a) of the GDPR means “letter a).” Standard contractual clauses – are a series of contracts provided by the EU Commission that form the basis for data transfer to a third country in accordance with Art. 46 para. 2 lit. d) GDPR.

13. Your Rights

According to the GDPR, you have the following rights in particular in connection with your personal data. For details, please refer to the legal regulations (in particular Art. 15 ff. GDPR).

Right of access.

According to Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data concerning you is being processed by us. If this is the case, you have the right to information about this personal data and to further information as provided for in Art. 15 GDPR.

Right to rectification.

According to Art. 16 GDPR, you have the right to immediately request that we correct incorrect personal data concerning you. In addition, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – including by means of a supplementary statement.

Right to deletion (“right to be forgotten”).

Within the limits of Art. 17 GDPR, you have the right to request that we delete personal data concerning you immediately. We are obliged to delete personal data immediately if the relevant requirements of Article 17 GDPR are met. For details, we refer to Art. 17 GDPR.

Right to restriction of processing.

According to Art. 18 GDPR, you have the right to request that we restrict the processing of your personal data under certain conditions. For details, please see Art. 18 GDPR.

Right to data portability

Under the conditions of Art. 20 GDPR, the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. According to Art. 20 GDPR, you also have the right to transmit this data to another person responsible without hindrance from us, provided that the processing is based on consent in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or is based on a contract in accordance with Article 6 Paragraph 1 Letter b of the GDPR and the processing is carried out using automated procedures.

Existence of a right to lodge a complaint with the supervisory authority.

In accordance with Article 77 GDPR, you have the right to lodge a complaint with the supervisory authority, without prejudice to any other administrative or judicial remedy. This right applies in particular in the Member State of your residence, your place of work or the place of the alleged infringement if you believe that the processing of personal data concerning you violates the GDPR.

Right of appeal.

In accordance with Article 21 of the GDPR, you have the right to object to the processing of your personal data based on Article 6 (1) (e) or (f) of the GDPR; This also applies to profiling based on these provisions.

If we process your personal data for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purposes of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
Privacy Policy Update Date: 11/01/2021