Privacy Policy

Unless otherwise stated in this Privacy Policy, the controller responsible for processing your data is:

Bildung & Begabung gemeinnützige GmbH
Kortrijker Straße 1
53177 Bonn
Phone: +49 228 959150
Email: info@bildung-und-begabung.de

For websites of other providers to which links may refer, the respective privacy notices and privacy policies provided there apply.

Riske IT GmbH
Keldenicher Straße 23
50389 Wesseling
Phone: +49 2236 3310745
Email: datenschutz@riske-it.de
Website: www.riske-it.de

3.1 Log files

When you use these websites, we process your IP address and other technical information - date and time of access, request method, requested files, data volume, status code, operating system used, browser type and version - for monitoring purposes in the log files of the web servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. The legal basis for this data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR in enabling subsequent monitoring by means of log files.

As part of the technical maintenance of the websites, our web agency schwarzdesign -  Webdesign- und Internetagentur, Dipl.-Des. Oliver Schwarz, Händelstraße 26, 50674 Cologne -  also has access to the log files.

The log files are deleted as soon as further storage is no longer required.

3.2 Data processing through cookies and local storage

Cookies are small files that are automatically created and assigned to and stored in the web browser of the visitor’s device when visiting a website. Cookies can, for example, store information about preferred settings. Alternatively, such information can also be stored in the browser’s so-called local storage.

When these websites are accessed for the first time, two cookies are stored on your device: CRAFT_CSRF_TOKEN and CraftSessionId. Each of these cookies contains a unique character string in order to recognize the browser used, increase web security and provide the functions of these websites.

If you have an account, a session cookie is stored on your device after successful login. This cookie remembers that you are already logged in and stores your session permanently if you have activated the “Stay logged in” function.

If you give or refuse consent in the consent manager - consent to the use of third-party services - your decision is stored in a cookie called “klaro”.

Where personal data is processed through technically necessary cookies or through local storage as part of providing these websites, Art. 6(1)(f) GDPR serves as the legal basis. The legitimate interests lie in the purposes stated above.

Where personal data is processed through technically non-essential cookies or through local storage as part of providing these websites, Art. 6(1)(a) GDPR serves as the legal basis. Such cookies or data in local storage may be stored on your device if you activate external services, about which information is provided below.

3.3 Matomo

For the purpose of creating statistical web analyses on these websites, we use Matomo by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo is configured so that the collected IP address is anonymized immediately and the use of cookies is disabled. Information about the use of these websites is stored on our own servers. The legal basis for processing web analyses is Art. 6(1)(f) GDPR, as we have a legitimate interest in carrying out such analyses.

3.4 AI Chat

The AI-supported chat system by OpenAI, OpenAI Ireland Ltd, 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland / OpenAI OpCo, LLC, 1455 3rd Street, San Francisco, CA 94158, USA, is integrated into this website. If you use the chat system to communicate with us, we process your data - IP address, user agent, possibly further identifying metadata processed in web server log files and through cookies, as well as the communication history in a database - on the basis of your voluntary consent, which may be withdrawn at any time, pursuant to Art. 6(1)(a) / Art. 9(2)(a) GDPR. Your chat history is stored for 3 months and then automatically deleted, unless statutory retention obligations apply.

When the chat is used, OpenAI receives the content entered by you - for example, questions or messages - in order to generate responses. Only the information actively entered by you into the chat is processed. No metadata such as IP address, user agent or comparable device information is transmitted. The transmitted content is processed by OpenAI for the duration of response generation and subsequently stored for a maximum of 30 days, unless statutory retention obligations apply. The data is not used to train the AI. Your personal data is processed by OpenAI. It is possible that data may be transferred to affiliated companies of OpenAI. However, this only takes place within the framework of a corresponding data processing agreement.

Further information on data processing by OpenAI can be found directly from OpenAI: Security and Privacy.

We recommend that you do not enter any sensitive personal data - health data, bank account details, religious or political views, or similar information - into the chat.

If you are a collaborative user of our platform, are logged in with your account and use the AI chat, we also process your username. In this case, the storage period is 3 months.

Within the meaning of the EU AI Act, the chatbot is classified as an AI application with “limited risk”, but not as a “high-risk” application. This entails transparency requirements: Implementation Guide to the AI Regulation, Version 2.0.

3.5 Virtual tour - VR-EASY

For the technical implementation and provision of virtual tours, we have integrated the online service of VR-EASY GmbH, Marienwerderstraße 48, 16225 Eberswalde, into these websites. If you use VR-EASY, we temporarily process your IP address, user agent and, where applicable, further identifying characteristics stored in web server log files for the technical provision of the service. In addition, when accessing a virtual tour, a session cookie - vr_easy_sid - is stored on your device to maintain the session. The legal basis for this is Art. 6(1)(f) GDPR. Our legitimate interests lie in the purposes stated above.

A data recipient acting as a subcontractor of VR-EASY GmbH is T-Systems International GmbH, Hahnstraße 43d, 60528 Frankfurt am Main.

3.6 YouTube videos

If you give your consent pursuant to Art. 6(1)(a) GDPR, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible and processes your data, such as your IP address, user agent and, where applicable, further identifying characteristics collected through server requests, cookies or values in local storage, in order to provide YouTube videos to you on these websites.

Further information on the processing of your data, including transfers to third countries, can be found here.

Google LLC is a US company. Where your data, including the information mentioned above, is transferred to the USA, this is done on the basis of the Data Privacy Framework.

Your consent to the processing of your data for the provision of YouTube videos is voluntary, is therefore not required for the use of these websites, and may be withdrawn at any time with effect for the future.

3.7 Mapbox

We use maps from the provider Mapbox on our website. If you give your consent pursuant to Art. 6(1)(a) GDPR, your data will be transferred to Mapbox Inc., 1133 15th St NW, Suite 825, Washington, DC 20005, USA. There, your data, such as IP address, user agent and, where applicable, further identifying characteristics collected through server requests, cookies and values in local storage, will be processed in order to provide you with the interactive map service “Mapbox” on these websites.

Further information on the processing of your data, including the transfer of your data to third countries by Mapbox Inc., can be found here.

Mapbox Inc. is a US company. Where your data, including the information mentioned above, is transferred to Mapbox Inc. in the USA, this is done on the basis of the Data Privacy Framework, of which Mapbox Inc. is a certified participant. We have concluded a data processing agreement with the provider pursuant to Art. 28 GDPR.

Your consent to the processing of your data for the provision of Mapbox on these websites is voluntary, is therefore not required for the use of these websites, and may be withdrawn at any time with effect for the future.

3.8 Vimeo videos

If you give your consent pursuant to Art. 6(1)(a) GDPR, Vimeo.com, Inc., 330 West 34th Street, 5th Floor, New York, New York 10001, USA, is responsible and processes your data, such as your IP address, user agent and, where applicable, further identifying characteristics collected through server requests, cookies and values in local storage, in order to provide videos to you on these websites. Vimeo.com, Inc. uses hosting services of Cloudflare, Inc., 101 Townsend St., San Francisco, California 94107, USA, as its own subcontractor. This means that Vimeo.com, Inc. has commissioned Cloudflare, Inc. to provide hosting on its behalf.

Further information on the processing of your data, including the transfer of your data to third countries by Vimeo.com, Inc., can be found here.

Vimeo.com, Inc. and Cloudflare, Inc. are US companies. Where your data, including the information mentioned above, is transferred to these data recipients in the USA, this is done on the basis of the Data Privacy Framework.

Your consent to the processing of your data for the provision of Vimeo videos is voluntary, is therefore not required for the use of these websites, and may be withdrawn at any time with effect for the future.

3.9 Browser-based push notifications - OneSignal

If you give your consent pursuant to Art. 6(1)(a) GDPR, OneSignal, 2850 S Delaware St, Suite 201, San Mateo, CA 94403, USA, is responsible and processes your data, such as your IP address, user agent and, where applicable, further identifying characteristics collected through server requests, cookies and values in local storage, in order to provide you with browser-based push notifications on these websites.

OneSignal uses hosting services of Cloudflare, Inc., 101 Townsend St., San Francisco, California 94107, USA, as its own subcontractor. This means that OneSignal has commissioned Cloudflare, Inc. to provide hosting.

OneSignal and Cloudflare, Inc. are US companies. Where your data, including the information mentioned above, is transferred to these data recipients in the USA, this is done on the basis of the Data Privacy Framework.

Your consent to the processing of your data for browser-based push notifications is voluntary, is not required for the use of these websites, and may be withdrawn at any time with effect for the future.

3.10 Podcasts

If you give your consent pursuant to Art. 6(1)(a) GDPR, Podigee GmbH, Schlesische Straße 20, 10997 Berlin, is responsible and processes your data, such as your IP address, user agent and, where applicable, further identifying characteristics collected through server requests, cookies and values in local storage, in order to provide podcasts to you on these websites.

Podigee uses hosting services of Cloudflare, Inc., 101 Townsend St., San Francisco, California 94107, USA, as its own subcontractor. This means that Podigee has commissioned Cloudflare, Inc. to provide hosting.

Cloudflare, Inc. is a US company. Where your data, including the information mentioned above, is transferred to this data recipient in the USA, this is done on the basis of the Data Privacy Framework.

Your consent to the processing of your data for the provision of podcasts is voluntary, is not required for the use of these websites, and may be withdrawn at any time with effect for the future.

3.11 Use of Cloudflare Turnstile

To protect the contact forms and survey tools on these websites against abusive and automated requests, we use Cloudflare Turnstile, an online service provided by Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA.

In this process, Cloudflare temporarily analyzes certain technical data, including but not limited to the IP address and user agent, in order to detect suspicious behavior and prevent automated bot activity. The purpose of the data processing is to ensure web security. The legal basis for this is Art. 6(1)(f) GDPR, whereby our legitimate interest lies in the stated purpose.

When Cloudflare services are used, your data may be transferred to the USA. For this reason, Cloudflare Inc. has submitted to the Data Privacy Framework. This is an adequacy decision pursuant to Art. 45 GDPR, which guarantees an adequate level of data protection for data transfers to the USA for certified organizations.

If you contact us - for example by email, telephone or via a web form - and transmit personal data in the process, we process your information insofar as this is necessary to respond to your contact request and any measures requested. The legal basis for this is Art. 6(1)(b) GDPR.

Where your contact request is not necessary for the performance of a contract with us or for the implementation of pre-contractual measures, Art. 6(1)(f) GDPR forms the legal basis for processing your data. Our legitimate interest lies in fully processing the message received.

If we process your personal data on the basis of your consent, Art. 6(1)(a) GDPR is the legal basis.

Your message will be stored until processing has been completed. Longer storage will only take place where we are entitled or obliged to do so in an individual case.

If you register, we process your personal data - first and last name, email address, institution/organization and address, contact details and communication history - for account creation, administration and inclusion in this public directory service.

The legal basis is your voluntary consent, which may be withdrawn at any time, pursuant to Art. 6(1)(a) GDPR.

The data collected during registration is stored by us for as long as you are registered as a provider on these websites. Statutory retention periods remain unaffected.

If you give your consent pursuant to Art. 6(1)(a) GDPR, we process your personal data - first name, last name and email address - for the purpose of sending our newsletter.

For this purpose, we use the newsletter management system Brevo by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin. You will only be added to the subscriber list after you have confirmed your initial registration through the double opt-in procedure.

Your consent also includes the processing of personal data by means of “web beacons” - so-called tracking pixels. These enable, among other things, the analysis of when and whether the newsletter and embedded hyperlinks were opened.

You may withdraw your consent at any time. After receiving your withdrawal, we will no longer process your data for the purpose of sending the newsletter. To protect our legitimate interests, we store the declaration of consent - opt-in declaration - and the corresponding personal data for evidence purposes for three years.

To conduct online surveys, we use the feedback management system “LamaPoll” by Lamano GmbH & Co. KG, Frankfurter Allee 69, 10247 Berlin. If you participate in a survey, we process your email address as well as, temporarily, your IP address, user agent and, where applicable, further identifying characteristics stored in web server log files for the technical provision of the service. The legal basis for this is Art. 6(1)(f) GDPR. The purpose of the data processing is to conduct online surveys to improve these websites. Our legitimate interest lies in this purpose. As part of subcontracting, Lamano GmbH & Co. KG also processes your data with the service providers Strato AG, Pascalstraße 10, 10587 Berlin, Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, and IONOS SE, Elgendorfer Str. 57, 56410 Montabaur.

In accordance with Art. 15 GDPR, you have the right to request information about the personal data concerning you that we process.

If inaccurate personal data is processed, you have the right to rectification pursuant to Art. 16 GDPR.

If the legal requirements are met, you have the right to erasure or restriction of processing of the data concerned pursuant to Art. 17 and Art. 18 GDPR.

Under the conditions of Art. 20 GDPR, you have the right to data portability.

You have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

Pursuant to Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you.

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint. You may exercise this right with the competent supervisory authority.