Skip to main content
International Bilingual School MunichInternational Bilingual School Munich

Privacy notice

Privacy Notice

Name and address of the data controller

The data controller within the meaning of the European GDPR regulation and of other national data protection regulations of member states and of other legal data protection provisions is:

International Bilingual School Munich gGmbH
Fürstenrieder Strasse 267
81377 Munich, Germany

Phone: +49 89 41 11 49 - 500
E-mail: contact@ibsm-school.eu

Contacting the data protection officer

The data controller’s data protection officer can be contacted at the following address:

E-mail: datenschutz@ibsm-school.eu

General information about data processing

Scope of personal data processing

We only ever process our users’ personal data to the extent that this is required to deliver a working website and our content and services. Our users’ personal data is processed regularly only following the user’s consent. An exception applies in cases in which it is not possible to obtain consent beforehand for factual reasons and in which legal regulations permit processing of the data.

Legal basis for the processing of personal data

Insofar as we obtain consent from the data subject for procedures which process personal data, Art. 6(1)(a) of EU DSGVO [Datenschutz-Grundverordnung, German equivalent of GDPR] serves as the legal basis.

When processing personal data required to fulfil an agreement in which the data subject is a party to the agreement, Art. 6(1)(b) of DSGVO serves as the legal basis. This also applies to processing procedures required to complete measures in advance of the agreement.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6(1)(c) of DSGVO serves as the legal basis.

If processing is required to protect a justified interest of our company or of a third party, and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh those of the first interest mentioned, then Art. 6(1)(f) of DSGVO serves as the legal basis for processing.

Deletion of data and duration of storage

The data subject’s personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. Data can be stored beyond this point if this has been provided for by European or national legislators in ordinances, laws or other regulations in European Union law to which the data controller is subject. The data will also be blocked or deleted if a storage term specified by the standards mentioned expires, unless there is a requirement to continue storing the data in order to enter into or fulfil an agreement.

Notes about forwarding data to the USA

Our website includes tools operated by companies headquartered in the USA. When these tools are active, your personal data may be forwarded to the US servers of the companies in question. We would like to point out that the USA is not a secure third country within the meaning of EU data protection law. US companies are required to release personal data to the security services without you, the data subject, being able to proceed against them in law. It is therefore not possible to rule out the possibility of US authorities (for example the secret services) processing, analysing and permanently storing your data for monitoring purposes. We have no influence over these processing activities.

Provision of the website and creation of log files

a) Description and scope of data processing

Every time our website is called up, our system automatically records data and information about the computer system of the computer which is calling up the site.

The following data are recorded in this process:

  • information about browser type and the version used
  • the user’s operating system
  • the user’s Internet service provider
  • the user’s IP address
  • the date and time of the access
  • websites from which the user’s system reached our website
  • websites which the user’s system calls up via our website

The data are likewise stored in our system’s log files. These data are not stored together with the user’s other personal data.

b) Legal basis for data processing

The legal basis for temporary storage of the data and the log files is Art. 6(1)(f) of DSGVO.

c) Purpose of data processing

Temporary storage of the IP address by the system is necessary to allow the website to be delivered to the user’s computer. To this end, the user’s IP address has to be stored for the duration of the session.

Storage is effected in log files to guarantee the functionality of the website. The data furthermore help us optimize the website and guarantee the security of our information technology systems. The data are not analysed for marketing purposes in this connection.

We have a justified interest in data processing for these purposes in accordance with Art. 6(1)(f) of DSGVO.

d) Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were recorded. In the case of data recorded to deliver the website, this is the case when the respective session comes to an end.

If the data are stored in log files, this is the case after no more than seven days. It is possible that storage will take place beyond this point. In this case, the users’ IP addresses will be deleted or anonymized so that they can no longer be assigned to the client who called up the website.

e) Option to revoke consent and delete data

Recording of data to make the website available and storage of those data in log files is essential to operate the website. The user consequently has no option to revoke consent.

Use of cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files which are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters which allows the browser to be clearly identified when the website is called up again. We furthermore use cookies on our website to enable us to analyse users’ surfing behaviour.

The user data recorded in this way are anonymized by means of technical measures, so it is no longer possible to assign the data to the user calling them up. These data are not stored together with users’ other personal data.

When our website is called up, a cookie consent tool informs users that cookies are used for analysis purposes and requests their consent to this use.

Here you can change your cookie settings

b) Legal basis for data processing

The legal basis for processing personal data using technically necessary cookies is Art. 6(1)(f) of DSGVO.

c) Purpose of data processing

The cookie consent tool saves the status/the consents you selected when entering the website.

d) Duration of storage

Cookies are stored on the user’s computer and transmitted to us from there. As a user, you therefore have full control over the use of cookies.

e) Option to revoke consent and delete data

You can deactivate or limit cookie transmission by changing the settings of your Internet browser. Cookies which have already been stored can be deleted at any time. This can also be effected automatically. If cookies for our website are deactivated, it is possible that you may not be able to use all the functions of the website to their full extent.

Contact form and e-mail contact

a) Description and scope of data processing

Our website includes a contact form which can be used to contact us by electronic means. If a user takes up this option, the data entered in the input screen are transmitted to us and stored. These data are:

  • first name
  • last name
  • company
  • e-mail address
  • phone number
  • street, town, postcode
  • your message

At the time the message is sent, the following data are also stored:

  • the user’s IP address
  • the date and time of registration

As an alternative, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail are stored.

The data is used exclusively for communication with you and not for any other purposes.

b) Legal basis for data processing

The legal basis for processing data transmitted in the course of sending an e-mail is Art. 6 (1)(f) of DSGVO. If the intention of the e-mail contact is to enter into an agreement, then the additional legal basis for processing is Art. 6(1)(b) of DSGVO.

c) Purpose of data processing

Processing the personal data from the input screen is solely to enable us to process the contact. If contact is made via e-mail, this also forms the justified interest in processing data which is required.

The other personal data processed during the send process serve to prevent misuse of the contact form and to guarantee the security of our information technology systems.

d) Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were recorded. For personal data from the input screen of the contact form and those sent via e-mail, this is the case when the conversation in question with the user is at an end. The conversation is at an end when it can be assumed from the circumstances that the issue in question has been conclusively clarified.

The additional personal data recorded during the send process are deleted after no more than seven days.

e) Option to revoke consent and delete data

The user has the option of revoking consent to data processing at any time.

This revocation should be addressed to admission@ibsm-school.eu

In this case, all the personal data stored in the course of contact will be deleted.

Newsletter

If you would like to subscribe to the newsletter offered on our website, we require an email address from you as well as information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. No additional data is collected, or only on a voluntary basis. To manage the newsletter distribution, we use newsletter service providers, which are described below.

CleverReach

This website uses CleverReach for sending newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze newsletter distribution. The data you enter to subscribe to the newsletter (e.g., email address) is stored on CleverReach’s servers in Germany or Ireland.

Newsletters sent using CleverReach allow us to analyze the behavior of newsletter recipients. This analysis may include, for example, how many recipients opened the newsletter and how often which links in the newsletter were clicked. Using so-called conversion tracking, it can also be analyzed whether a predefined action (e.g., the purchase of a product on this website) was taken after clicking on a link in the newsletter. For more information on data analysis by CleverReach newsletters, please refer to:
www.cleverreach.com/en/features/reporting-tracking/

Data processing is based on your consent (Art. 6 (1) lit. a GDPR). You can revoke your consent at any time by unsubscribing from the newsletter. The legality of data processing already carried out remains unaffected by the revocation.

If you do not wish to have your data analyzed by CleverReach, you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter for this purpose.

The data you provide to subscribe to the newsletter will be stored by us or the newsletter service provider until you unsubscribe and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected.

After you have unsubscribed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider, if necessary, to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements for the sending of newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f GDPR). The storage in the blacklist is not time-limited. You may object to this storage if your interests outweigh our legitimate interest. For more details, please refer to CleverReach’s privacy policy:
www.cleverreach.com/en/privacy-policy/

Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, ensuring that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Newsletter Distribution to Prospective and Existing Customers

If you register via our contact form or if your child is already enrolled in our facility and you have provided your email address, this email address may be used by us to send newsletters, provided we have informed you about this in advance. In such cases, the newsletter will only contain direct advertising for our own services. You can unsubscribe from this newsletter at any time. A corresponding link is included in every newsletter. The legal basis for sending the newsletter in this case is Art. 6 (1) lit. f GDPR in conjunction with § 7 (3) of the German Act Against Unfair Competition (UWG).

After unsubscribing from the newsletter distribution list, your email address may be stored in a blacklist by us to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be combined with other data. This serves both your interest and ours in complying with legal requirements for newsletter distribution (legitimate interest pursuant to Art. 6 (1) lit. f GDPR). The storage in the blacklist is not time-limited. You may object to this storage if your interests outweigh our legitimate interest.

Google Maps

a) Description and scope of data processing

We use Google Maps from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe.

In order for Google Maps to be able to offer its service in full, the company has to record and store data from you. This data includes, among other things, the search terms you enter, your IP address and also the co-ordinates of latitude and longitude. If you use the route planner function, the start address you enter is also stored.

However, this data storage occurs on Google Maps web pages. We can only inform you of this, we are unable to influence it in any way. As we have incorporated Google Maps in our website, Google will set at least one cookie in your browser. This cookie stores data about your user behaviour. Google uses this data primarily to optimize its own services and to provide you with individual, personalized advertising.

Google servers are in data centres all over the world, but most servers are located in the USA. For this reason, your data will increasingly be stored in the USA. You can check here exactly where Google data centres can be found: https://www.google.com/about/datacenters/inside/locations/?hl=en

b) Legal basis for data processing

Google Maps is used to make our online services look attractive. This is a justified interest within the meaning of Art. 6(1)(f) of DSGV.

c) Purpose of data processing

Google Maps enables us to display locations better and thus adapt our service to suit your needs. Use of Google Maps transmits data to Google and stores it on Google servers.

d) Duration of storage

Google stores some data for a specified period. For other data, Google only offers the option of deleting it manually. The company also anonymizes information (such as advertising data) in server protocols by deleting part of the IP address and cookie information after 9/18 months.

e) Option to revoke consent and delete data

The automatic function for the deletion of location and activity data introduced in 2019 means that, depending on the decision you make, information determining location and web/app activity is stored for either 3 or 18 months and then deleted. This data can also be deleted from your browsing history manually at any time via the Google account. If you want to prevent recording of your location entirely, you need to pause the “Web and app activity” tab in the Google account. Click “Data and privacy” and then on the option “History settings” and select the activity to switch on or off.

YouTube

a) Scope of personal data processing

Our website uses plugins from the YouTube site operated by Google. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube is a subsidiary company of Google.

If you visit one of our pages with a YouTube plugin, your browser automatically connects to the YouTube/Google servers. A variety of data is transmitted in this process (depending on settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in the European region. If you are logged into your YouTube account, you are enabling YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

For more information on the handling of user data, go to YouTube’s data privacy statement at: www.google.com/intl/en/policies/privacy.

b) Legal basis for processing personal data

The legal basis for processing users’ personal data is Art. 6(1)(a) of DSGVO.

c) Purpose of data processing

The use of YouTube is in the interests of presenting our online offerings in an appealing manner.

d) Duration of storage

Google stores the data recorded for different amounts of time. Much of the data can be deleted at any time, whilst other data is deleted automatically after a limited period; Google stores yet other data for an extended period.

e) Option to revoke consent and delete data

In principle, you can delete data in the Google account manually. The automatic function for the deletion of location and activity data introduced in 2019 means that, depending on the decision you make, information is stored for either 3 or 18 months and then deleted.

Rights of the data subject

If your personal data are processed, you are a data subject within the meaning of DSGVO and you have the following rights with the data controller:

  • the right to information
  • the right to correction
  • the right to restriction of processing
  • the right to deletion
  • the right to being informed about processing
  • the right to data portability
  • the right to revoke consent

Right to complain to a responsible supervisory authority

IIn the event of breaches of data privacy law, the data subject has the right to complain to a supervisory authority. The supervisory authority with responsibility for us in terms of data privacy issues is the Landesdatenschutzbeauftragter [Regional Data Protection Officer] of the Federal German region where our company is headquartered.

You can find a list of Data Protection Officers and their contact details using the link below:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html [in German]

Phone: +49-89-411149-550
ENQUIRE
NOW
Cookie Extension Logo