This data protection declaration informs you about the type, scope, and purpose of the processing of your personal data by the data controller under data protection law pursuant to Art. 13 and 14 of the General Data Protection Regulation (GDPR).
Data protection legislation, in particular the GDPR, defines the following terms:
Data processor
The data processor is a natural or legal person, public authority, agency, or other body who processes personal data on behalf of the data controller (Art. 4 no. 8 GDPR).
Cookies
A cookie is text information that can be stored in the browser of the viewer's end device (computer, laptop, smartphone, tablet, etc.) for each website visited (web server, server). The cookie is either sent from the web server to the browser or generated in the browser by a script (JavaScript). When you return to this website at a later time, the web server can read out this cookie information directly from the server or transfer the cookie information to the server via a script on the website. (Source: Wikipedia)
Data security
Data security is the confidentiality, availability, and integrity of personal data; this is also referred to as technical and organizational data protection (Art 32 GDPR)
Data processing
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4 no. 2 GDPR)
Third country
Third country refers to countries outside the European Union for which the European Commission has not determined a level of data protection equivalent to that of the European Union (Art. 44 GDPR).
Personal data and data subjects
Personal data is all information that relates to an identified or identifiable natural person (data subject) (Art 4 no. 1 GDPR)
Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person (Art. 4 no. 5 GDPR).
Data controller
The data controller is the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of processing personal data (Art 4 no. 7 GDPR).
Web beacons
Web beacons (also known as tracking pixels or web bugs inter alia) are small graphics in HTML emails or on websites that enable log file recording and log file analysis, which are often used for the statistical evaluation of online marketing (source: Wikipedia)
The data controller pursuant to data protection legislation is Perseus Technologies GmbH ("Perseus","we") based in Hardenbergstr. 32 in 10623 Berlin.
We have appointed a data protection officer. You can contact our data protection officer by writing to the "Data Protection Officer" at the address of the company headquarters, or via email at datenschutz@perseus.de.
If you visit our website at perseus.de ("website"), we process your personal data as follows:
To do so, we use the services of third parties. These services also include the use of cookies (essential cookies, functional cookies, analysis and statistics, and marketing and other third-party cookies). Specific information on the individual cookies and individual setting options can be found under "Individual settings" in the consent management tool.
Here you can give your consent to processing and/or object to processing on the basis of legitimate interest. You can also adjust your preferences at a later point in time or withdraw your consent with effect for the future. Please note that without your consent, individual website features may not function properly.
Purpose
Categories of data processed
Categories of recipients
Third-country data transfer
Storage duration and criteria
Legal basis
As a visitor to our website, you can use various options to contact us. Currently these include: Contact form, email, telephone, and live chat. Contact is primarily established via Freshworks applications. We use the following Freshworks systems: Freshsales as a customer relationship management system (CRM system), Freshdesk as a helpdesk system, and Freshchat as a chat system. .
Purpose
Categories of data processed
Categories of recipients
Third-country data transfer
We have concluded an agreement with Freshworks based on the EU standard data protection clauses, thus enabling data to be transferred with appropriate safeguards pursuant to Art. 46 GDPR.
Storage duration and criteria
Legal basis
We process the personal data of visitors to our website in order to optimize our website and conduct reach analysis. You can find detailed information on this type of data processing in the consent management tool under "Analysis and statistics". The legal basis for processing is Art. 6 para. 1 f) GDPR (legitimate interest).
On our website, we give you the option of sharing content directly via social media and networks. For social media sharing, we use so-called Shariff social media buttons, so that the content is shared within selected social networks while maintaining appropriate data protection. In contrast to the usual social plugins, which process data when you visit the website, Shariff only establishes direct contact with the respective social network when you actively click on a social button to share a post.
You can find detailed information on this type of data processing in the consent management tool under "Marketing and other third-party cookies". The legal basis for processing is Art. 6 para. 1 a) GDPR (consent).
If you are a Perseus customer who uses Perseus services or an employee of a Perseus customer, we process your personal data as follows:
Insofar as Perseus processes personal data on behalf of customers ("order processing"), Perseus' customers and other recipients of Perseus services are entitled to adopt the description of services, inform their own data subjects and thus fulfill their own information obligations pursuant to Articles 13 and 14 GDPR.
In particular, Perseus may provide the following services or sub-services to its customers or authorized users as part of the order processing: endpoint detection and response, phishing tests, malware scanning, and incident management – first level support. In such cases, it is important to note that the legal basis provided for the processing is the same legal basis used by Perseus to process the data. The legal basis for the customer or their authorized users as the data controller as defined by data protection legislation, on whose behalf Perseus is processing the data, may differ from this.
This includes the following Perseus services:
Prevention through awareness (human firewall):
Response and safeguarding (incident management)
The following table shows the details of the data processing, its purposes and legal basis, and if applicable, the legitimate interests, potential recipients or categories of recipients of the personal data, and any third-country transfers, as well as the storage period.
Purpose
Categories of data processed
Categories of recipients
Third-country data transfer
USA (Amazon Web Services Inc., The Rocket Science Group LLC) based on the EU standard data protection clauses
Storage duration and criteria
Legal basis
Compliance with a legal obligation pursuant to Art. 6 para. 1 c) GDPR
Legitimate interest of the data controller pursuant to Art. 6 para. 1 f) GDPR (Perseus has a legitimate interest in processing personal data for the performance of its contracts with customers and to provide services to its customers and their authorized users.)
Purpose
Categories of data processed
Categories of recipients
Third-country data transfer
No
Storage duration and criteria
Legal basis
For the purpose of payment processing, we use the external payment services Stripe, Quaderno, and FastBill.
Purpose
Categories of data processed
Categories of recipients
Third-country data transfer
No
Storage duration and criteria
Legal basis
If you are a newsletter subscriber who receives the Perseus newsletter, we process your personal data as follows:
The data you enter via the input mask provided for this purpose will be transmitted to us and processed when you register. It is mandatory to provide your email address when subscribing to the newsletter. The provision of any further data is voluntary and enables us to address you personally. At the time the message is sent, we save your IP address and the date and time of your registration via the contact form.
We use a double opt-in procedure to ensure that you only receive our newsletter if you really want to. To this end, we will send you a notification email. By clicking on the link contained in this email, you confirm that you actually want to receive our promotional emails or our newsletter.
Newsletter subscription
We use the Mailchimp system to send newsletters to the email addresses provided by subscribers.
Processing
Purpose
Categories of data processed
Categories of recipients
Third-country data transfer
We have concluded an agreement with Rocket Science based on the EU standard data protection clauses in order to provide appropriate safeguards pursuant to Art. 46 GDPR. This ensures that we are meeting the legal requirements for the adequacy of the level of data protection pursuant to Art. 45 GDPR.
Storage duration and criteria
Legal basis
We carry out statistical evaluations of our newsletter mailing process and the response to our newsletter. We use the "MailChimp" and "Mandrill" systems as well as tracking pixels. We evaluate user behavior in relation to newsletter subscriptions (e.g., when users open a message, which links they click on) and carry out statistical analysis of our newsletter campaigns.
Processing
Purpose
Categories of data processed
Categories of recipients
Third-country data transfer
We have concluded an agreement with Rocket Science based on the EU standard data protection clauses in order to provide appropriate safeguards pursuant to Art. 46 GDPR. This ensures that we are meeting the legal requirements for the adequacy of the level of data protection pursuant to Art. 45 GDPR.
Storage duration and criteria
Legal basis
If you are a webinar participant, we process your personal data as follows:
You can participate in a webinar if you have registered for this in advance on our website. Webinars are implemented and followed up using the Freshworks and Zoom systems.
In the virtual seminar rooms, the personal data of lecturers and participants (collectively "participants") is processed. The lecturers and participants are therefore data subjects pursuant to the GDPR.
When participants and lecturers log in and/or enter the virtual seminar rooms, they assign themselves a virtual name tag in order to identify themselves and to enable other webinar participants to address them.
When a webinar is held, the lecturers and participants transmit video data, audio, screen content, and chat messages to everyone involved in the webinar, provided that the respective feature is enabled or actively used by the lecturer or the participant. Data is only stored and processed for the purpose of transmission and in order to document the participants; apart from this, webinars are generally not saved once the transmission has ended.
Participants have the option of chatting one-on-one in virtual private rooms or with all participants in the main room. Only the two participants involved in a one-on-one chat or the participants in the respective webinar have access to the content of the chat messages.
We occasionally take the opportunity to record webinars and subsequently make the recorded content available to the participants, as well as to document the webinar internally. If we are going to record a webinar, we will announce this in the webinar itself so that participants can decide whether they want to enable or actively use video data, audio, screen content, and chat messages and thus make them available for the recording.
We collect personal data from participants about their presence in the virtual seminar room, the length of their stay, and their use of features. This corresponds roughly to how we would observe participants in a real room.
Purpose
Categories of data processed
Categories of recipients
Third-country data transfer
We have concluded agreements with Zoom and Freshworks based on the EU standard data protection clauses in order to provide appropriate safeguards pursuant to Art. 46 GDPR. This ensures that we are meeting the legal requirements for the adequacy of the level of data protection pursuant to Art. 45 GDPR.
Storage duration and criteria
Legal basis
Participants are regularly given the opportunity to evaluate lecturers at the end of the webinars. We use the Google Forms service for this. Organizationally, it is impossible for us to see individual participants' evaluations. We receive an aggregated evaluation of the lecturer.
Purpose
Categories of recipients
Third-country data transfer
Storage duration and criteria
Legal basis
Purpose
Categories of recipients
Third-country data transfer
We have concluded an Agreement with SurveyMonkey based on the EU standard data protection clauses in order to provide appropriate safeguards pursuant to Art. 46 GDPR. This ensures that we are meeting the legal requirements for the adequacy of the level of data protection pursuant to Art. 45 GDPR.
Storage duration and criteria
Legal basis
If you are an applicant, we process your personal data as follows:
We use the Personio recruiting system as a technical platform.
Purpose
Categories of recipients
Third-country data transfer
Storage duration and criteria
Legal basis
If your personal data is processed, you are a data subject within the meaning of the GDPR. You have the following rights with respect to the data controller:
In accordance with Art. 15 GDPR, you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you can request the following information from us: Purposes of the data processing; Categories of personal data being processed; Recipients and/or categories of recipients to whom your data has been or will be disclosed; planned storage period or, if specific information on this is not available, criteria for determining the storage period; Existence of your right to rectification or deletion of data, restriction of processing or objection to processing; Existence of your right to lodge a complaint with a supervisory authority; Source of your data, if not collected by us; Existence of automated decision-making including "profiling" and, where appropriate, meaningful information on its details; Transfer of personal data to a third country or to an international organization; appropriate safeguards in accordance with Art. 46 GDPR relating to the transfer.
In accordance with Art. 16 GDPR, you have the right to demand the immediate correction or completion of any personal data stored by us.
In accordance with Art. 18 GDPR, you have the right to demand the restriction of processing of your personal data if you contest the accuracy of the data, or if the processing is unlawful but you refuse to have the data erased. You can also demand the restriction of processing if we no longer require the data, but you require it to assert, exercise or defend legal claims, or if you have objected to the processing in accordance with Art. 21 GDPR.
In accordance with Art. 17 GDPR, you have your right to demand the erasure of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
In accordance with Art. 19 GDPR, if you have asserted your right to rectification, erasure or restriction of processing with respect to Perseus as the data controller, we are obliged to inform all recipients to whom your personal data has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to request that Perseus informs you about these recipients.
In accordance with Art. 20 GDPR, you have the right to receive the personal data that you provided to us in a structured, common and machine-readable format or to request its transfer to another data controller.
In accordance with Art. 21 GDPR, you have the right to object to the processing of your data at any time. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If your personal data is processed for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for this purpose; this also applies to "profiling" insofar as it relates to such direct marketing. If you object to the processing of your personal data for direct marketing purposes, your personal data will no longer be processed for these purposes.
In accordance with Art. 7 para. 3 GDPR, you have the right to withdraw your consent to the processing of your data at any time. Your withdrawal of consent does not affect the legality of the processing carried out on the basis of this consent up to the point of withdrawal.
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority responsible for your usual place of residence, place of work or the place of the alleged violation.
This Privacy Policy is valid as amended from time to time. You can visit our website at www.perseus.de/datenschutzerklaerung/ to access and print the current Privacy Policy at any time.
Last updated: May 2021