Privacy Policy

1. Who is accountable for processing my personal data?

Bertelsmann SE & Co. KGaA

Carl-Bertelsmann-Strasse 270

33311 Gütersloh, Germany

Phone: +49 (0) 5241-80-0

Fax: +49 (0) 5241-80-62321

Email: BCP-Feedback@bertelsmann.de

is responsible for processing your personal data on this website (referred to below as “we” or “Bertelsmann”). We process personally identifiable information (“personal data”; also referred to as “personal information”) in accordance with GDPR provisions and the German Federal Data Protection Act (BDSG).

You can contact Bertelsmann’s designated Data Protection Officer at the address indicated above by using the reference ‘For the attention of the Data Protection Officer’ or by writing to: datenschutz@bertelsmann.de.

2. What data is collected?

When you visit our website, the data of the computer you use to access our website is automatically logged (“access data”). This access data includes server log files that generally consist of information pertaining to your web browser type and version, your operating system, your internet service provider (ISP), the date and time you used the website, the websites previously visited by you and the websites you accessed from our website, in addition to the IP address of your computer. 

Generally speaking, you can access the content on our website without divulging any information about you, e.g. in order to obtain information about us. However, some features of our website require that you provide personally identifiable information to us. In this case, the information provided by you is used to provide the service requested by you or to process a matter submitted by you (e.g. search queries, entries made in forms or contracts, click data).

3. What cookies are used?

Cookies are used on our website. Cookies are small text files that are saved to your computer when visiting a website. The cookies that are saved can be attributed to the web browser used by you. When the website is visited again, your web browser returns the content of the cookies, thus enabling you, the user, to be recognized. Certain cookies are deleted when you log out or end the browser session (“transient cookies” or “session cookies”). Other cookies are saved for a specific period of time (“temporary cookies”) or indefinitely (“persistent cookies”).Our website distinguishes two types of cookies: functional cookies and non-functional (optional) cookies. Functional cookies are essential for the website to work (to provide the website in a technically and functionally flawless manner) (e.g. identifying and authenticating the user, language settings, display of recorded images). Without these functional cookies, the content offered on our website would be limited. Optional cookies, on the other hand, help to optimize what is offered on our website by collecting information on user behavior and subjecting it to statistical analysis.

As a general principle, cookies enable online recognition without reference to a specific person. Cookies may be personally identifiable when the information generated by the cookies is merged with other information, e.g. access data pursuant to section 2 (e.g. when web tracking is used). Any merging is done in a pseudonymized manner. 

Here a distinction is made between cookies that are necessary for the provision of website features, and cookies that are required for other purposes, e.g. marketing reach measurement, web analysis and market research.

The cookies that are required for the provision of website features include the following in particular:

  • Cookies that are used to identify or authenticate the user;
  • Cookies used to temporarily store user input (e.g. the content of an online form);
  • Cookies used to store user preferences (e.g. search or language settings);
  • Cookies that store data to enable the trouble-free rendering of video or audio content.

Cookies that are needed for other purposes of the website include analytics cookies to record the usage behaviour of our users and evaluate it in the form of statistics (e.g. advertising banners clicked, sub-pages visited, search queries conducted).

3.1. Functional Cookies

-

3.2. Consent-based Cookies

For information on cookies that collect and process your data on the basis of your consent, please refer to section 4.5.

Privacy Settings

Within the function “Privacy Settings” on this website you can decide whether you consent to the collection and processing of your data on your device concerning consent-based cookies and other data by the operator of this website and its partners that are used for the personalization, playout and analyzation of content within and outside this website and for the evaluation of the use of this website.

4. What data is collected and for what purpose?

The purpose of data processing may be based on technical, contractual or statutory requirements, or result from consent having been given by the user.

We use the information provided by you for the following purposes:

  • To provide website features and content and for technical security in troubleshooting technical issues, and also to ensure that unauthorized persons do not gain access to our website systems;
  • To conduct marketing reach measurements and web analyses in order to make our website more efficient and interesting for you, and for market research purposes;
  • To establish contact and engage in communication with you; and
  • To enable you to assert rights as a data subject.

 

4.1 Provision of the website

4.1.1 Description and scope of data processing

In order to enable the proper functioning of our website, security analyses to be conducted, and denial-of-service attacks to be prevented and stopped, server log files are automatically collected and saved on a short-term basis as an integral part of access data that is created by the system of the visiting computer upon accessing our website and while using it (see section 2). The content of the server log files is not merged with other data. We use the server log files for statistical analyses to troubleshoot and remedy technical issues, prevent and defend against denial-of-service attacks and attempted fraud, and to optimize the proper functioning of our website.

4.1.2 Purpose and legal basis of data processing

The legal basis for the creation of server log files follows from Art. 6 (1) (f) GDPR. Our legitimate interests lie in the proper functioning of our website, conducting security analyses and defending against threats.

4.1.3 Duration of retention or criteria applied in defining this period

When the pages of our website are accessed, information is logged to server log files that are stored on our web server; the IP address contained in them. No analysis is conducted during this time unless a denial of service or other attack occurs.

4.1.4 Options for lodging an objection and having your data removed

You have the right to lodge an objection to the processing of your data contained in the server log files provided that there are cogent reasons that arise from your specific situation. If you would like to exercise your right to lodge an objection, please write to the contact address in section 1.

 

4.2. Establishing contact with us

4.2.1 Description and scope of data processing

On our website you have the option of contacting various people at Bertelsmann about job applications, Bertelsmann’s programs by email or by telephone using the designated email address and phone number. If you take advantage of this option, the information you provide such as your email address and/or your phone number and your request/reason for contacting us are disclosed to us. Depending on the reason you are contacting us (e.g. questions about your application, training opportunities or possible degree courses), your contact details are subjected to further processing. If necessary for processing your request, this information may be shared with third parties (e.g. subsidiaries).

4.2.2 Purpose and legal basis of data processing

The legal basis for processing your contact details follows from Art. 6 (1) (f) GDPR. We have legitimate interests in processing your request and in continued communication. If the purpose for your establishing contact with us is to apply with us or to take part in a program and/or event, the legal basis for processing your contact details follows from the contract or quasicontractual relationship pursuant to Art. 6 (1) (b) GDPR / section 26 (1) (1) German Federal Data Protection Act (BDSG).

4.2.3 Duration of retention or criteria applied in defining this period

Your details are deleted once your request has been processed and further communication has been discontinued. This does not apply if the purpose of contacting us is your applying with us or taking part in a program and/or event. In this case your details remain on file until all contractual and similar obligations have been fulfilled and statutory retention periods (currently 6 months for applicant data) do not prevent this information from being deleted.

4.2.4 Options for lodging an objection and having your information removed

You have the right to lodge an objection to the processing of your information provided that there are cogent reasons that arise from your specific situation. If you would like to exercise your right to lodge an objection, please write to the contact address in section 1. If you lodge an objection, communication with you cannot be continued.

 

4.3 Asserting your rights as a data subject

4.3.1 Description and scope of data processing

In this privacy policy we advise you of the option of asserting your rights as a data subject and obtaining information on the information stored on you. In order to assert your rights as a data subject, it may be necessary that you provide information pertaining to your person and the specific information that has been processed. Without providing this information, we are not able to cater to your rights as a data subject.

4.3.2 Purpose and legal basis of data processing

Under the GDPR, we are legally obligated to process your data so that you can exercise your rights as a data subject. The legal basis for this follows from Art. 6 (1) (c) GDPR.

4.3.2 Duration of retention or criteria applied in defining this period

We retain the correspondence exchanged with you in relation to your asserting your rights as a data subject for a period of three years. This does not apply to information obtained to substantiate your identity, e.g. by way of a labeled photocopy of your personal identity card, where we have been provided one. It will be deleted once your identity has been established.

4.3.3 Options for lodging an objection and having your information removed

The processing of your information is required for complying with your rights as a data subject. To that extent you have no right to revoke your consent to its processing.

4.4 Google Tag Manager

This website uses Google Tag Manager, a service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google Inc.). Google Tag Manager enables the web tracking services integrated in this website (see section 4.4) and other services to be administered by tags (tags are placeholders for website code). Google Tag Manager only implements these tags. No cookies are used nor is any personally identifiable information collected by Google Tag Manager in a targeted manner. Google Tag Manager only triggers other tags that in turn gather other data as applicable. However, Google Tag Manager never accesses this data.

 

4.5 Google Analytics and Google Double Click (web tracking)

4.5.1 Description and scope of data processing of Google Analytics

This website uses Google Analytics. Google Analytics is a service provided by Google Inc. Google Analytics causes a usage profile to be created in order to optimize the user-friendliness of our website. A pseudonym is assigned to this profile. The information generated by the Google Analytics cookie about your use of this website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Pseudonymity is ensured by the fact that when collecting your access data your IP address is shortened within member states of the EU or in other member states of the EEA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. These usage profiles to which pseudonyms are assigned are analyzed for the purpose of optimizing user-friendliness. This data is not merged with other data by Google Inc. We ensure that Google Inc. only uses this data as instructed by us under a contract data processing agreement we have concluded with Google Inc.

For more information on data processing related to Google Analytics, refer to the Google’s privacy policy: https://policies.google.com/privacy?hl=en.

4.5.2 Purpose and legal basis of data processing

The legal basis for recording and evaluating pseudonymous user profiles is founded upon Art. 6 (1) (a) GDPR. By giving your consent to the data processing within our cookie consent tool, we are entitled to process your data in the aforementioned manner and for the aforementioned purposes.

4.5.3 Duration of retention or criteria applied in defining this period

As a general rule, the data that is collected and analyzed in association with Google Analytics is retained until you withdraw your consent in this manner. Analytics cookies are stored for a maximum of 24 months. We cannot make any statement about the storage period for Google Analytics and Google Double Click by Google itself.

4.5.4 Options for lodging an objection and having your data removed

You can raise an objection to the use of Google Analytics by changing your browser settings and/or clicking on the following link to download and install the browser plug-in: For Google Analytics https://tools.google.com/dlpage/gaoptout. For Google Double Click http://www.google.com/ads/preferences/html/opt-out.html.

Furthermore, it is possible to withdraw your consent at any time for the future via the corresponding data protection setting in our Cookie Consent Tool within the Privacy Settings.

 

4.6 External services and content

We integrate external services and content on our website. If you use one of these services or you are shown the content of third parties, communication data is exchanged between you and the provider of that service or content for technical purposes.

That provider may use your data for their own purpose. To the best of our knowledge and belief, we have configured the services and content of third-party providers who are known to use data for their own purposes so that communication for purposes other than rendering their content or services on our website is prevented or communication does not come about unless you actively decide to use the service. However, since we have no control over the data collected by third parties and its processing by them we are unable to make any binding statements pertaining to the purpose and scope of the processing of your data.

5. Who comes into possession of my personal information?

Within Bertelsmann those who need access to your information for the purposes described in section 4 will be given access to it. Service providers contracted by us may also be given access to your information (“contract data processors”, e.g. data centers, web tracking). They are bound by our directives and must provide for data security and the confidential treatment of your information under the contract data processing agreements we have concluded with them.

No information is shared with other recipients such as our subsidiaries (“third parties”) unless this is permitted by law or you have consented to this.

6. Is my personal information processed outside of the EU or EEA (“transfer to a third country”)?

Google uses if possible servers located in the EU for the Analytics and Double Click services. However, it cannot be ruled out that data may also be transferred to the USA. In this case, we ensure that the service providers guarantee an equivalent level of data protection by contract or in some other way. For example, this may secured by the conclusion of a data protection agreement stipulated by the EU Commission (so-called EU standard contractual clauses). You can request a copy of the respective guarantees via the contact data mentioned in section 1 above.

7. What data privacy rights do I have?

You have the right at any time to request access to your personal information that is currently on file with us. If this information is incorrect or not up to date, you have the right to request that it be corrected. You also have the right to have your personal information erased and/or its processing restricted as provided for in Art. 17 and Art. 18 GDPR. You also have the right to request a copy of the personal information provided by you that is held by us in a structured, commonly-used, machine-readable format (“right to data portability”).

If you have given your consent to the processing of your personal information for specific purposes, you can revoke that consent at any time with effect for the future. Your notice of revocation is to be addressed to Bertelsmann by writing to the contact address indicated in section 1 or if applicable and possible via the Cookie Consent Manager.

Pursuant to Art. 21 GDPR, you also have the right, for reasons relating to your specific situation, to raise an objection at any time to the processing of your information that is done on the basis of Art. 6 (1) (f) GDPR. You also have the right to file an objection to automated processes involving the use of individual cookies, unless they are required for providing the functionality of our website.

You also have the right to lodge a complaint with the competent data protection authority. The authority responsible for Bertelsmann is: 

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Kavalleriestr. 2-4

40213 Düsseldorf, Germany

Phone: 0211/38424-0

Fax: 0211/38424-10

Email: poststelle@ldi.nrw.de

You also have the right to contact the data protection authority at your place of residence and request support in pursuing your matter.

8. Children

This website is also intended for students. As a rule they are at least sixteen years old, meaning that Bertelsmann need not take into account any other requirements with regard to processing the data of children under the GDPR.



Last Revised: October 2021