Skip to main content

Privacy notice

Privacy Notice

Name and address of the data controller

The data controller within the meaning of the European GDPR regulation and of other national data protection regulations of member states and of other legal data protection provisions is:

International Bilingual School Munich gGmbH
Fürstenrieder Strasse 267
81377 Munich, Germany

Phone: +49 89 41 11 49 - 500
E-mail: admission@ibsm-school.eu

Contacting the data protection officer

The data controller’s data protection officer can be contacted at the following address:

E-mail: datenschutz@ibsm-school.eu

General information about data processing

Scope of personal data processing

We only ever process our users’ personal data to the extent that this is required to deliver a working website and our content and services. Our users’ personal data is processed regularly only following the user’s consent. An exception applies in cases in which it is not possible to obtain consent beforehand for factual reasons and in which legal regulations permit processing of the data.

Legal basis for the processing of personal data

Insofar as we obtain consent from the data subject for procedures which process personal data, Art. 6(1)(a) of EU DSGVO [Datenschutz-Grundverordnung, German equivalent of GDPR] serves as the legal basis.

When processing personal data required to fulfil an agreement in which the data subject is a party to the agreement, Art. 6(1)(b) of DSGVO serves as the legal basis. This also applies to processing procedures required to complete measures in advance of the agreement.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6(1)(c) of DSGVO serves as the legal basis.

If processing is required to protect a justified interest of our company or of a third party, and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh those of the first interest mentioned, then Art. 6(1)(f) of DSGVO serves as the legal basis for processing.

Deletion of data and duration of storage

The data subject’s personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. Data can be stored beyond this point if this has been provided for by European or national legislators in ordinances, laws or other regulations in European Union law to which the data controller is subject. The data will also be blocked or deleted if a storage term specified by the standards mentioned expires, unless there is a requirement to continue storing the data in order to enter into or fulfil an agreement.

Notes about forwarding data to the USA

Our website includes tools operated by companies headquartered in the USA. When these tools are active, your personal data may be forwarded to the US servers of the companies in question. We would like to point out that the USA is not a secure third country within the meaning of EU data protection law. US companies are required to release personal data to the security services without you, the data subject, being able to proceed against them in law. It is therefore not possible to rule out the possibility of US authorities (for example the secret services) processing, analysing and permanently storing your data for monitoring purposes. We have no influence over these processing activities.

Provision of the website and creation of log files

a) Description and scope of data processing

Every time our website is called up, our system automatically records data and information about the computer system of the computer which is calling up the site.

The following data are recorded in this process:

  • information about browser type and the version used
  • the user’s operating system
  • the user’s Internet service provider
  • the user’s IP address
  • the date and time of the access
  • websites from which the user’s system reached our website
  • websites which the user’s system calls up via our website

The data are likewise stored in our system’s log files. These data are not stored together with the user’s other personal data.

b) Legal basis for data processing

The legal basis for temporary storage of the data and the log files is Art. 6(1)(f) of DSGVO.

c) Purpose of data processing

Temporary storage of the IP address by the system is necessary to allow the website to be delivered to the user’s computer. To this end, the user’s IP address has to be stored for the duration of the session.

Storage is effected in log files to guarantee the functionality of the website. The data furthermore help us optimize the website and guarantee the security of our information technology systems. The data are not analysed for marketing purposes in this connection.

We have a justified interest in data processing for these purposes in accordance with Art. 6(1)(f) of DSGVO.

d) Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were recorded. In the case of data recorded to deliver the website, this is the case when the respective session comes to an end.

If the data are stored in log files, this is the case after no more than seven days. It is possible that storage will take place beyond this point. In this case, the users’ IP addresses will be deleted or anonymized so that they can no longer be assigned to the client who called up the website.

e) Option to revoke consent and delete data

Recording of data to make the website available and storage of those data in log files is essential to operate the website. The user consequently has no option to revoke consent.

Use of cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files which are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters which allows the browser to be clearly identified when the website is called up again. We furthermore use cookies on our website to enable us to analyse users’ surfing behaviour.

The user data recorded in this way are anonymized by means of technical measures, so it is no longer possible to assign the data to the user calling them up. These data are not stored together with users’ other personal data.

When our website is called up, a cookie consent tool informs users that cookies are used for analysis purposes and requests their consent to this use.

Here you can change your cookie settings

b) Legal basis for data processing

The legal basis for processing personal data using technically necessary cookies is Art. 6(1)(f) of DSGVO.

c) Purpose of data processing

The cookie consent tool saves the status/the consents you selected when entering the website.

d) Duration of storage

Cookies are stored on the user’s computer and transmitted to us from there. As a user, you therefore have full control over the use of cookies.

e) Option to revoke consent and delete data

You can deactivate or limit cookie transmission by changing the settings of your Internet browser. Cookies which have already been stored can be deleted at any time. This can also be effected automatically. If cookies for our website are deactivated, it is possible that you may not be able to use all the functions of the website to their full extent.

Contact form and e-mail contact

a) Description and scope of data processing

Our website includes a contact form which can be used to contact us by electronic means. If a user takes up this option, the data entered in the input screen are transmitted to us and stored. These data are:

  • first name
  • last name
  • company
  • e-mail address
  • phone number
  • street, town, postcode
  • your message

At the time the message is sent, the following data are also stored:

  • the user’s IP address
  • the date and time of registration

As an alternative, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail are stored.

This does not involve any forwarding of data to third parties. The data are used purely for processing the conversation.

b) Legal basis for data processing

The legal basis for processing data transmitted in the course of sending an e-mail is Art. 6 (1)(f) of DSGVO. If the intention of the e-mail contact is to enter into an agreement, then the additional legal basis for processing is Art. 6(1)(b) of DSGVO.

c) Purpose of data processing

Processing the personal data from the input screen is solely to enable us to process the contact. If contact is made via e-mail, this also forms the justified interest in processing data which is required.

The other personal data processed during the send process serve to prevent misuse of the contact form and to guarantee the security of our information technology systems.

d) Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were recorded. For personal data from the input screen of the contact form and those sent via e-mail, this is the case when the conversation in question with the user is at an end. The conversation is at an end when it can be assumed from the circumstances that the issue in question has been conclusively clarified.

The additional personal data recorded during the send process are deleted after no more than seven days.

e) Option to revoke consent and delete data

The user has the option of revoking consent to data processing at any time.

This revocation should be addressed to admission@ibsm-school.eu

In this case, all the personal data stored in the course of contact will be deleted.

Newsletter (CleverReach)

a) Description and scope of data processing

This website uses CleverReach to distribute newsletters. The supplier is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service to facilitate the organization and analysis of newsletter distribution. The data you enter for the purposes of ordering the newsletter (e.g. e-mail address) are stored on CleverReach servers in Germany/Ireland.

Distribution of our newsletters by CleverReach enables us to analyse the behaviour of recipients. Among other things, this makes it possible to analyse how many recipients have opened the newsletter message and how often a particular link in the newsletter has been clicked. With the aid of so-called conversion tracking, it is also possible to analyse whether a previously defined action has occurred once the link in the newsletter has been clicked. For more information on the data analysed by CleverReach newsletters, go to:

www.cleverreach.com/de/funktionen/reporting-und-tracking/.

The following data are recorded during registration:

  • e-mail address
  • first name
  • surname
  • IP address of the computer calling up the site
  • date and time of registration

During the registration process, your consent to processing of the data is obtained and reference is made to this privacy policy.

No data are passed on to third parties in conjunction with data processing for the distribution of newsletters. The data will only be used for distributing the newsletter.

b) Legal basis for data processing

The legal basis for data processing following the user’s registration for the newsletter, as long as the user has given consent, is Art. 6(1)(a) of DSGVO.

c) Purpose of data processing

The user’s e-mail address is recorded to enable the newsletter to be sent.

Other personal data are recorded during the registration process to prevent misuse of the services or of the e-mail address used.

d) Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were recorded. The user’s e-mail address is accordingly stored as long as subscription to the newsletter is active.

The other personal data recorded during the registration process are generally deleted after a period of seven days.

Google Maps

a) Description and scope of data processing

We use Google Maps from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe.

In order for Google Maps to be able to offer its service in full, the company has to record and store data from you. This data includes, among other things, the search terms you enter, your IP address and also the co-ordinates of latitude and longitude. If you use the route planner function, the start address you enter is also stored.

However, this data storage occurs on Google Maps web pages. We can only inform you of this, we are unable to influence it in any way. As we have incorporated Google Maps in our website, Google will set at least one cookie in your browser. This cookie stores data about your user behaviour. Google uses this data primarily to optimize its own services and to provide you with individual, personalized advertising.

Google servers are in data centres all over the world, but most servers are located in the USA. For this reason, your data will increasingly be stored in the USA. You can check here exactly where Google data centres can be found: https://www.google.com/about/datacenters/inside/locations/?hl=en

b) Legal basis for data processing

Google Maps is used to make our online services look attractive. This is a justified interest within the meaning of Art. 6(1)(f) of DSGV.

c) Purpose of data processing

Google Maps enables us to display locations better and thus adapt our service to suit your needs. Use of Google Maps transmits data to Google and stores it on Google servers.

d) Duration of storage

Google stores some data for a specified period. For other data, Google only offers the option of deleting it manually. The company also anonymizes information (such as advertising data) in server protocols by deleting part of the IP address and cookie information after 9/18 months.

e) Option to revoke consent and delete data

The automatic function for the deletion of location and activity data introduced in 2019 means that, depending on the decision you make, information determining location and web/app activity is stored for either 3 or 18 months and then deleted. This data can also be deleted from your browsing history manually at any time via the Google account. If you want to prevent recording of your location entirely, you need to pause the “Web and app activity” tab in the Google account. Click “Data and privacy” and then on the option “History settings” and select the activity to switch on or off.

Google Web Fonts

a) Description and scope of data processing

For standardized display of fonts, this page uses so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). When a page is called up, your browser loads the necessary fonts in your browser cache so that text and fonts are displayed correctly. If your browser does not support web fonts, a default font from your computer is used.

The following data are stored:

•     IP address

For more information on Google web fonts, go to developers.google.com/fonts/faq and Google’s data privacy statement: www.google.com/policies/privacy/

b) Legal basis for data processing

Google web fonts are used in the interests of a standardized, attractive display of our online offerings. This represents a justified interest within the meaning of Art. 6(1)(f) of DSGVO.

c) Purpose of data processing

Integration requires a third-party supplier of this content to process the IP address of users, as without the IP address, the content cannot be sent to their browser. The IP address is thus required to display this content or these functions.

d) Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were recorded.

e) Option to revoke consent and delete data

Recording of data to provide the plugin is essential for operation of the website. The user consequently has no option to revoke consent.

Note:
This paragraph can be omitted if fonts are incorporated in the page locally. Local storage on the server is recommended, as it is technically straightforward to implement and thus prevents the unnecessary transmission of personal data.

YouTube

a) Scope of personal data processing

Our website uses plugins from the YouTube site operated by Google. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube is a subsidiary company of Google.

If you visit one of our pages with a YouTube plugin, your browser automatically connects to the YouTube/Google servers. A variety of data is transmitted in this process (depending on settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in the European region. If you are logged into your YouTube account, you are enabling YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

For more information on the handling of user data, go to YouTube’s data privacy statement at: www.google.com/intl/en/policies/privacy.

b) Legal basis for processing personal data

The legal basis for processing users’ personal data is Art. 6(1)(a) of DSGVO.

c) Purpose of data processing

The use of YouTube is in the interests of presenting our online offerings in an appealing manner.

d) Duration of storage

Google stores the data recorded for different amounts of time. Much of the data can be deleted at any time, whilst other data is deleted automatically after a limited period; Google stores yet other data for an extended period.

e) Option to revoke consent and delete data

In principle, you can delete data in the Google account manually. The automatic function for the deletion of location and activity data introduced in 2019 means that, depending on the decision you make, information is stored for either 3 or 18 months and then deleted.

Rights of the data subject

If your personal data are processed, you are a data subject within the meaning of DSGVO and you have the following rights with the data controller:

  • the right to information
  • the right to correction
  • the right to restriction of processing
  • the right to deletion
  • the right to being informed about processing
  • the right to data portability
  • the right to revoke consent

Right to complain to a responsible supervisory authority

IIn the event of breaches of data privacy law, the data subject has the right to complain to a supervisory authority. The supervisory authority with responsibility for us in terms of data privacy issues is the Landesdatenschutzbeauftragter [Regional Data Protection Officer] of the Federal German region where our company is headquartered.

You can find a list of Data Protection Officers and their contact details using the link below:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html [in German]

Phone: +49-89-411149-550
ENQUIRE
NOW