Privacy Policy

(2) We take the protection of personal data very seriously, and comply strictly with the rules of data protection law, in particular the German Federal Data Protection Act (hereinafter “BDSG”) and the General Data Protection Regulation (hereinafter “GDPR”). Our service will only collect personal data to the extent to which this is technically or contractually required or if the User has given their expressed consent.  

(3) The Service comprises courses based on innovative online learning and teaching methods, which are open to registered learners from around the world (hereinafter: “Users”). The program is aimed at developing and implementing new forms of scientific, collaborative problem-solving methods and facilitating the peer–review of findings. To enable Users to participate in the Programme offered by the Service, EDU provides a collaborative platform with various work and communication functions (forums, blogs, message services and contact buttons). It is important to us that Users can at all times trust in EDU complying with data privacy, and that Users know which personal data EDU will collect during a visit to the Service, and how EDU processes, uses and transmits these data. The following explanations serve to provide you with information in this respect. Furthermore, we would like to make you familiar with the security measures which we have taken in order to protect your personal data from manipulation, loss, destruction and improper use. 

§ 1 Controller  

(1) In accordance with Art. 4 Nr. 7 of the GDPR, the controller is  

Digital Education Holdings Limited,  

Villa Bighi, Chaplain‘s House, Triq il-Marina, Kalkara, KKR 1320, Malta  

E-mail: gdpr@edu.edu.mt  

Telephone: +356 222 631 21  
Registration Number C 82123  

You can reach our data protection officer via gdpr@edu.edu.mt or by written mail to our address with the addition “Data Protection Officer”.  

§ 2 Data Processing Activities when visiting our websites 

(1) If you use our websites for informational purposes only, e.g. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our websites, we collect the following data, which are technically necessary in order for us to display our websites to you and to guarantee stability and security: 

– IP-address, 

– Date and time of the request, 

– Time zone difference to Greenwich Mean Time (GMT), 

– Content of the request (specific site/page), 

– Access status/HTTP-status code, 

– Respective data amount transferred, 

– Website that the request is coming from, 

– Browser, 

– Server Log Files, 

– Operating system and its interface 

– Language and version of the browser software. 

(2) The legal basis is Art. 6 Para. 1 Sent. 1 lit. f. GDPR and the data are saved only for the duration of your visit. 

§ 3 Data Processing Activities when you contact us 

§ 5 Data Processing Activities during the performance of contract 

(1) If you register with us, we process your master and contact data as well as your communication, access and contract data in order to fulfil and process the contractual services. For the aforementioned purpose, your data may be transferred to service providers who support us with our business and who we have of course selected with the utmost care and diligence. Such service providers include, in particular, providers of technical services who support us in rendering our services. In particular, this data may be shared with PRECISION MEDICINE ALLIANCE GmbH (Jens-Jacob-Eschel–Straße 17, 25938 Nieblum auf Föhr, Germany) and XPOMET Innovation in Medicine GmbH (Tucholskystraße 13; D-10117 Berlin). 

(2) The existing contractual relationship constitutes the legal basis (Art. 6 Para. 1 Sent. 1 lit. b. GDPR). 

§ 6 Usage data, statistical analyses  

(1) If, as a participant of the Service, the User takes part in its Programme, EDU will collect and store data about the Users learning habits as well as communication data generated between the User and the other Users (e.g. tests, questions and answers). This data and content will be used exclusively to conduct the online programme, including the platform functionalities provided, as well as to monitor learning success and carry out research projects and internal quality assurance measures. 

(2) In addition, User statistics will be compiled to make it possible to track participants’ activities in general, to eliminate errors and to adapt and improve the existing online programme where necessary. A corresponding role concept exists for carrying out the statistical analyses. According to this, all analytics are anonymous and not specific to a particular individual. Moreover, they may only be generated and used by the respective programme instructors, programme supervisors and organizers as well as administrators. 

(3) The legal basis is Art. 6 Para. 1 Sent. 1 lit. f GDPR – our legitimate interests to improve our service. 

§ 7 Forums, blogs, messaging services and contact buttons  

The online platform of the Service allows Users to exchange information with teaching staff, speakers, mentors and tutors as well as other programme participants via forums, blogs and messaging services. These options are to be used exclusively for communication in connection with the programmes offered by the Service and not for private purposes. Information made available by the User in this regard will be forwarded via the Internet and some of this information can be viewed by all Users. Even using the highest security standards, it is not possible to guarantee absolute protection of information when communicating via the Internet. The User should therefore give careful consideration to what personal information they would like to share with others and should not pass on any confidential information. 

(2) The legal basis is the contractual relationship (Art. 6 Para. 1 Sent. 1 lit. b GDPR). 

§ 8 Data security  

The IT equipment used for the Service is located within the EU/EWR under the scope of the EU Data Protection Directive 95/46/EC and complies with the applicable statutory data protection and data security provisions. All premises and equipment are secured to prevent both unauthorized access and loss of data, and are regularly checked and maintained. Access to the systems is subject to strict requirements and is continuously monitored and logged in such a way that it can be reviewed and verified. Authorized persons receive regular training and are required to comply with the data protection provisions. 

§ 9 Cookies  

(1) The Service uses cookies, i.e. files that are stored on your computer and that send certain information to our server (e.g. your IP address, browser configuration, log-in data, pages visited etc.) Only session cookies will be used for the Service, enabling EDU to identify the User as a known user when they logs in again and adapt the website to the User needs, for example by restoring technical settings or making it possible to switch between different page views without losing any data. EDU will use the information obtained exclusively for the purpose of structuring the website according to the needs of the Users. The information will not be made available to third parties. 

(2) The User can restrict or prevent the use and storage of cookies by changing the corresponding browser settings. In most Internet browsers, this can be done by accessing the cookie settings via the menu at the top of the screen. In this case, it may no longer be possible to access certain parts of the Service, or such access may be very limited. 

(3) The legal basis is Art. 6 Para. 1 Sent. 1 lit. f GDPR – our legitimate interests to improve our service. 

§ 10 Forwarding data to third parties  

(1) Data are only transmitted to third parties in a manner that is in compliance with the applicable statutory provisions. We only transmit user data to third parties if, for example, doing so is necessary for contractual purposes pursuant to Article 6 Para. 1 lit. b. GDPR or on the basis of legitimate interests in economic and effective business operation within the meaning of Art. 6 Para. 1 lit. f. GDPR. 

(2) In the event that we employ subcontractors in order to provide our services, we shall take appropriate legal precautions and corresponding technical and organisational measures in order to ensure that your personal Data are protected in accordance with the applicable statutory provisions.  

In particular, registration statistics may be shared with PRECISION MEDICINE ALLIANCE GmbH (Jens-Jacob-Eschel–Straße 17, 25938 Nieblum auf Föhr, Germany) and XPOMET Innovation in Medicine GmbH (Tucholskystraße 13; D-10117 Berlin).  

(3) In case contents, tools or other means of third parties (hereinafter jointly referred to as “Third Party Providers”) are used in the framework of this privacy statement and the stated registered offices of those Third-Party Providers are situated in a third country, it should be assumed that data are transferred to the countries in which the Third Party Providers have their registered offices. Third countries are to be understood as such countries in which the GDPR does not constitute directly applicable law, i. e. in general countries outside of the EU or the European Economic Area. Data are only transferred to third countries if an adequate level of data protection is ensured, the user has given explicit consent, or the law provides another form permission for such a transfer. 

(4) Any other disclosure of User data will only be made within the framework of the statutory information obligations, or upon a judicial decision. In the event of an order issued by a competent body, EDU may, in individual cases, disclose such data, provided that this is necessary for purposes of criminal prosecution, danger prevention activities by the state police authorities, in order to fulfil the statutory tasks of the federal and state offices for the protection of the constitution, the German federal intelligence service, the military counterintelligence agency or the federal criminal office within the framework of its task of preventing the dangers associated with international terrorism or in order to enforce intellectual property rights. 

§ 11 Web analysis and other third-party services  

(1) The Service uses Google Analytics on its website. Google Analytics makes it possible for website owners to obtain information on the number of visitors to their website, where they come from and their surfing habits while on the site, which can then be used to improve the website concerned. To this end, certain data is transmitted in anonymized form to Google servers in the USA where it is automatically analyzed. The version of Google Analytics used by the Service is programmed in such a way that the last 8 digits of the user’s IP address are deleted even before the data is transmitted to the USA. This makes it impossible for the transmitted data sets to be assigned to a specific User. If the User nevertheless does not want User data to be compiled and analyzed by Google Analytics, they can follow this link http://tools.google.com/dlpage/gaoptout?hl=de and install the deactivation add-on developed by Google. 

(2) The Service uses Google+, which is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). Visiting our website involves a link to the Google server, which creates and integrates a connection to the browser of the website visitor and the website displayed. The plugin transmits the visit of our website to Google. We have no influence on the scope, content or transmission of the data and IP address of the User which Google obtains through the connection. In respect of the use of data which is transmitted to Google, the User can view the guidelines set down by Google on the following website: https://developers.google.com/+/web/buttons-policy. The Service uses so-called social plug-ins of the social network facebook.com (“Facebook”). Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. For detailed information on the functions of the various plug-ins and their appearance, please go to the following website: https://developers.facebook.com/docs/plugins  

(3) The service uses plugins of the social network LinkedIn from the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter “LinkedIn”). The LinkedIn plugins are indicated by the LinkedIn logo or the “Recommend button” on the Service. When the User uses the Service, the plugin creates a direct connection between the User’s browser and the LinkedIn server. This informs LinkedIn that the User has visited the Service using a certain IP address. When the User clicks on the LinkedIn “Recommend button” while logged in to a LinkedIn account, the User can link content from the Service to the LinkedIn profile. In this way, LinkedIn allocates the User’s visit to the Service to a user account. As the owner of the Service, EDU is not informed about the content of the data transferred or its use by LinkedIn. See the LinkedIn Privacy Policy for details of data collection (purpose, extent, further processing, use) as well as the User’s rights and setting options. The User can find these details under: http://www.linkedin.com/legal/privacy-policy. 

(4) The web pages of our internet presence which contain Facebook social plug-ins establish a direct connection with the Facebook servers via the User’s browser. Facebook will then be provided with the information that the User has accessed the page of the Service which contains the social plug-in. If the User is logged into Facebook at that time, the visit to our pages as well as all of the User’s internet activities in connection with the social plug-ins (e.g. clicking the “Like” button, creating a comment etc.) can be attributed to the User’s Facebook profile and be stored on Facebook. Even if the User does not have a Facebook profile, it cannot be excluded that Facebook may store the User’s IP address. With regard to the purpose and extent of the data collection and the processing and use of such data by Facebook, we hereby make reference to the Facebook Privacy Policy: http://www.facebook.com/policy.php. There, you will also find an overview of the setting options in the personal Facebook profile in order to protect privacy, as well as the rights associated with this. In order to prevent Facebook from collecting the above data, the User can log out of Facebook prior to visiting the Service. In order to prevent the general access by Facebook to User data on the Service, the User can exclude Facebook social plug-ins by an add-on for the browser (e.g. “Facebook-Blocker”, http://webgraph.com/resources/facebookblocker). 

 (5) This website uses the services of MailChimp for sending newsletters and the analysis of advertising campaigns. Provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. 

MailChimp is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. If you enter data for the purpose of newsletter subscription (e.g. e-mail address), it will be stored on MailChimp’s servers in the USA. MailChimp is certified according to the “EU-US Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA which is intended to ensure compliance with European data protection standards in the USA. 

MailChimp allows us to analyze our advertising campaigns. Among other things, it can be determined whether a message has been opened and which links have been clicked. We also collect technical information (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective recipient. It is used exclusively for statistical analysis of campaigns. The results of these analyses can be used to better adapt future campaigns to the interests of the recipients. 

Data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO) or our legitimate interests (Art. 6 para. 1 lit. f DSGVO) to improve our offers. You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation. 

The data stored by you with us for the purpose of newsletter subscription will be stored by us until you unsubscribe from the newsletter and will be deleted both from our servers and from the servers of MailChimp after unsubscribing from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this. 

For further details, please refer to MailChimp’s privacy policy at: https://mailchimp.com/legal/privacy/ 

(7) We use a website analytics tool offered by Mouseflow ApS, Flaesketorvet 68, 1711 Kopenhagen, Denmark that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features/functionality (“Mouseflow”). Mouseflow may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser. If you’d like to opt-out, you can do so at https://mouseflow.com/opt-out. If you’d like to obtain a copy of your data, make a correction, or have it erased, please contact us first or, as a secondary option, contact Mouseflow at privacy@mouseflow.com. For more information, see Mouseflow’s Privacy Policy at http://mouseflow.com/privacy/. For more information on Mouseflow and GDPR, visit https://mouseflow.com/gdpr/. 

(8) This Service uses Twilio Sendgrid. Twilio is a cloud communications platform that provides software developers with building blocks to add communications to web and mobile applications. Twilio Sendgrid  is used for the email delivery system within our platform. Find out more about how Twilio Sendgrid collects and uses your information in their Privacy Policy, at https://www.twilio.com/legal/privacy  

We Service use Functional Software, Inc.’s dba Sentry error tracking service on our platform.  With this tool we can identify errors on our websites to fix them. For better troubleshooting, only impersonal data such as the operating system, browser version and your IP address will be transmitted.   

Find out more about how Twilio Sendgrid collects and uses your information in the Privacy Policy of Functional Software, Inc. dba Sentry can be found at: https://sentry.io/privacy/  

The EU-U.S. Privacy Shield certification from Functional Software, Inc. dba Sentry can be found at: https://www.privacyshield.gov/participant?id=a2zt0000000TNDzAAO  

 (9) This Service uses Google Compute Engine. Google Compute Engine delivers virtual machines running in Google’s innovative data centres and worldwide fibre network. Compute Engine’s tooling and workflow support enable scaling from single instances to global, load-balanced cloud computing. We use Google compute Engine for staging, production, Cloud  Hosting and design for online instruction. Find out more how Google Compute Engine  collects and uses your information in their Privacy Policy at https://cloud.google.com/security/privacy/  

 (10) This Service uses Firebase. Firebase is Google’s mobile platform that helps us quickly develop high-quality apps and grow our business. We use Firebase for staging, production , Real-time database for collaborative editor and desktop notifications. Find out more about how firebase collects and uses your information in their Privacy Policy, at https://firebase.google.com/policies/analytics  

 (11) This Service uses Newrow.  Professional Online Learning Platform Boosts Learner Success – newrow_  

Newrow Smart online virtual classrooms are purpose built for online instruction – helping remote instructors, facilitators, and teachers engage their students effectively online.  We use Newrow for their virtual classroom staging and production, Find out more how Newrow collects and uses your information in their Privacy Policy, at  https://www.newrow.com/privacy-policy/  

(12) Analytic tools serve to make your internet experience more user-friendly and effective. The legal basis is Art. 6 Para. 1 Sent. 1 lit. f GDPR – our legitimate interests to improve our service. 

§12 Lesson Recordings  

(1) In order to continuously improve the student experience, EDU reserves the right to record live classroom sessions. Such recordings may be used for the purpose of providing individualised feedback to students and evaluating the performance of instructors. No such recordings will be used for any commercial purpose and access to these materials will be restricted to authorised personnel only.  

(2) Any classroom recording will be deleted or destroyed within 18 months of recording, or at any time upon the explicit written request of an individual appearing in the recording.  

(3) The legal basis is Art. 6 Para. 1 Sent. 1 lit. f GDPR – our legitimate interests to improve our service.  

§ 13 Other Data Processing Activities 

(1) Should you have given your consent to receive our promotions (newsletters, SMS, E-mail, by post, etc.), we shall use your personal data to inform you of our offers via the respective means of communication. You can retract your approval of being approached in a promotional manner at any time. The legal basis is Art. 6 Para. 1 Sent. 1 lit. a GDPR – your consent. 

(2) We reserve the right to use your data in order to contact you should our services undergo or have undergone important changes or developments. 

§ 14 Your rights 

 (1) You have the following rights in relation to us with regard to the personal data concerning you: 

–Right of access (Art. 15 GDPR), 

–Right to rectification and erasure (Art. 16 and 17 GDPR), 

–Right to restriction of processing (Art. 18 GDPR), 

–Right to object processing (Art. 21 GDPR), 

–Right to data portability (Art. 20 GDPR). 

(2) Furthermore, you have the right to complain to a supervisory authority for data protection about the processing of your Data by us.  

(3) We would like to point out that any possible consent you have given pertaining to data protection can be revoked at any time, effective immediately. The same applies when you have given consent to be approached in a promotional manner. To do so, please contact us informally via e-mail at: gdpr@edu.edu.mt . Such revocation can result in our services no longer being available at all, or only with restrictions. 

§ 15 Data erasure, storage period 

(1) The data we store shall be deleted as soon as they are no longer needed for the purpose for which they are being stored and the law does not prescribe a statutory duty for the data to be retained. In the event that user data are not deleted on grounds that they are still required for other or legally admissible reasons, their processing shall be restricted. This means that the data shall be blocked and shall not be processed for other purposes. This applies, for instance, for user data that have to be kept for reasons pertaining to trade or tax law.  

(2) In accordance with the pertinent legal provisions, such data shall be stored for 6 years pursuant to Section 257 Para. 1 German Commercial Code (commercial books, inventories, opening balance sheets, annual financial statements, trade letters, accounting records, etc.) and 10 years pursuant to Section 147 Para. 1 of the German Fiscal Code (accounts, records, situation reports, accounting records, trade or business letters, documents relevant for taxation, etc.). 

§ 16 Final provisions 

(1) We employ technical and organizational security measures to protect the data we have gathered, especially against accidental or deliberate manipulation, loss, destruction or attack by unauthorized persons. Our security measures are subject to continuous improvement in line with technological advances and development. 

(2) Given the constant technical advances in our services, we shall update our privacy policy from time to time. Where the changes to our privacy policy do not affect the use of the user account Data that we already have, the updated privacy policy shall take effect as of the date of its publication on our website. Changes to our privacy policy that affect our use of data that have already been collected and stored are only permissible if they are reasonable and can be reasonably expected of you. In such cases, you will be informed in due time via E-mail, on our websites or via other means. You have the right to object to the new privacy policy within (4) weeks of being notified of its coming-into-force. Should you object to the new policy, we reserve the right to terminate the contractual relationship and to delete your user account. You are assumed to agree with the new policy should you not state otherwise within the given time frame. When notifying you of the new privacy policy, we shall inform you of your right to object and of the relevance of the objection deadline.