FORUM • Institut für Management GmbH (hereinafter ‘FORUM Institut’) implements training for specialists and managers.
Collection of personal data and why it is collected
FORUM Institut collects, processes and uses personal data within the scope of data processing procedures and of its Online Service for the purpose of optimising its customer communication and services, providing training formats and enabling optimal access to products and services.
A change in the purpose of the advertising activities for professional training shall be permitted for the purpose of informing our customers/users about our services.
User personal data processed within the scope of its services shall include user-related data (such as name, company name and address of customers and prospective customers, and interest profiles) contract data (such as services used and payment information), usage data (such as web pages of our Online Service that have been visited and interest in our services) and content data (such as information provided in the contact form, booking process and chats).
The term ‘user’ shall include all categories of the data subjects. These shall include our commercial partners, customers, prospective customers and visitors of our Online Service.
We would like to indicate that the legal basis for consent shall be Art. 6 (1) lit. a and Art. 7 of the GDPR, the legal basis for processing for the fulfilment of our services and the implementation of contractual measures shall be Art. 6 (1) lit. b of the GDPR, the legal basis for processing to fulfil our legal obligations shall be Art. 6 (1) lit. c of the GDPR and the legal basis for processing to safeguard our legitimate interests shall be Art. 6 (1) lit. f of the GDPR.
We shall apply organisational, contractual and technical security measures to the latest technological standards to ensure compliance with the provisions of data protection law and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorised parties.
The security measures shall include in particular the encrypted transmission of data between your browser and our server. We use the ‘GeoTrust Primary Certification Authority – G3’ certificate for this purpose.
Data transfer and third-party providers
Data shall only be transferred to third parties within the scope of legal provisions. We shall only transfer user data to third parties if this is required for contractual purposes in accordance with Art. 6 (1) lit. b of the GDPR or if it is for the purpose of our legitimate interests in the economic and effective operation of our business in accordance with Art. 6 (1) lit. f of the GDPR, for example.
Insofar as we shall use subcontractors to provide our services, we shall resort to the appropriate legal measures and relevant technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal provisions. For the above purposes, we may transfer your data to the following companies:
1&1 IONOS SE, Elgendorfer Straße 57, 56410 Montabaur; abcdruck, Waldhofer Str. 19, 69123 Heidelberg; Bisnode Deutschland GmbH, Robert-Bosch-Straße 11, 64293 Darmstadt; camgula UG, Von-Kirn-Straße 11, 56182 Urbar; choin!, Multring 26, 69469 Weinheim; Cisco Systems International BV Amsterdam, Haarlerbergweg 13-19, 1101 CH Amsterdam-Zuidoost (Netherlands); CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede; Click&Learn GmbH, Petrinumstr. 12/3, 4040 Linz (Austria); DER Deutsches Reisebüro GmbH & Co. OHG, 60439 Frankfurt; Deutsche Post AG, Friedrich-Ebert-Allee 45, 53113 Bonn; Episerver GmbH, Wallstr. 16, 10179 Berlin; GFN AG, Kurfürsten-Anlage 64 - 68, 69115 Heidelberg; Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (USA); Horváth Akademie GmbH, Phoenixbau, Königstr. 5, 70173 Stuttgart; i42 Informationsmanagement GmbH, N4 13-14, 68161 Mannheim; IHK Rhein-Necker, L1,2, 68161 Mannheim; IQVIA, Via Fabio Filzi 29, 20124 Milano (Italia); kursfinder GmbH, P3, 1-3, 68161 Mannheim; Mapp Digital Germany GmbH, Dachauer Straße 63, 80335 Munich; MX1 GmbH, Beta-Str. 1-10, 85774 Unterföhring; Omikron Data Quality GmbH, Habermehlstr. 17, 75172 Pforzheim; Peepz GmbH, Waldhofer Str. 102, 69123 Heidelberg; Pflüger International GmbH, Uhlandstraße 175, 10719 Berlin; PLATOW Medien GmbH, Stuttgarter Str. 25, 60329 Frankfurt; Southeast Asia Competence Network Co. Ltd., 1/48 Lanna Villa, Changpuek, Muang Chiang Mai, 50300 (Thailand); SIPS, P.O.Box: 836, 11821, Amman (Jordan); SRH Holding (SdbR), Bonhoefferstraße 1, 69123 Heidelberg; t.o.p. dialog GmbH, Am Hambuch 18, 53340 Meckenheim; Techcast GmbH, Heßstraße 48b, 80798 München; tye GmbH, Kurfürsten-Anlage 52, 69115 Heidelberg; Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, WIRmachenDRUCK GmbH, Mühlbachstr. 7, 71522 Backnang, Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113 (USA)
In the broadest sense, shortened customer/participant personal data (first name, surname, position, company, location) is transferred to the other participants/speakers of the respective event in the form of a list of participants in the event documentation.
Processing user data
We process user-related data (such as user names, addresses and contact details), contract data (such as services used, names of contact persons and payment information) in order to fulfil our contractual obligations and services in accordance with Art. 6 (1) lit. b of the GDPR.
A user account shall provide users with further opportunities to make better use of our Online Service, for example, newsletter administration. Users shall be informed about the mandatory information required during registration. User accounts shall not be public and cannot be indexed by search engines. If users have terminated their account, their data in terms of the user account shall be deleted unless its storage is necessary for commercial or fiscal purposes in accordance with Art. 6 (1) lit. c of the GDPR. It shall be incumbent on the users to back up their data in the event of termination before expiry of the contract. We shall be entitled to irretrievably delete all user data stored during the term of the contract.
The IP address and the time of the respective user activity shall be stored during registration and re-registration, as well as during use of our Online Service. The data shall be stored for the purpose of our legitimate interests as well as for the user’s protection against misuse and any other unauthorised use. In principle, this data shall not be transferred to third parties unless it is necessary in pursuance of our claims or there is a legal obligation in accordance with Art. 6 (1) lit. c of the GDPR.
We shall process usage data (such as web pages of our Online Service that have been visited and interest in our products) and content data (such as information provided in the contact form or the user profile) for advertising purposes in a user profile, for example, to display product information based on the services previously used by the user.
Each time the user contacts us, we shall process the information provided by the user for the purpose of processing the request in accordance with Art. 6 (1) lit. b of the GDPR.
The information provided by the user may be stored in our customer relationship management system (‘CRM System’) or a similar enquiry management system.
We use ‘EMS’, our own corporate CRM System.
Access data and log files
We shall collect data every time the server on which this service resides is accessed (in server log files) for the purpose of our legitimate interests as set in Art. 6 (1) lit. f of the GDPR. Access data shall include the name of the visited web page, the filename, the date and time of the visit, the transmitted volume of data, notification of successful retrieval, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.
Log files shall be stored for security purposes (such as the clarification of misuse or fraud) for a period of no more than seven days and then deleted. Data that must be stored further for evidential purposes shall be excluded from deletion until the respective incident has been finally clarified.
Information about cookies
A cookie is a small piece of data that is transmitted from our web server or a third-party web server to the user’s browser and stored there for later retrieval. A cookie may be a small file or any other form of data storage that is downloaded to a computer or mobile device. The Online Service recognises a subsequent visit and the related visited pages in order to facilitate use of the pages and to personalise them.
We use the following cookies:
Session cookies, which are only stored for the duration of your current visit to our Online Service (for example, to enable storage of your login status or the booking feature, and consequently the use of our Online Service). Session cookies store a session ID—a randomly generated unique identification number. In addition, a cookie contains information about its origin and an expiry date. Such cookies cannot store any other data. Session cookies are deleted when you stop using our Online Service and log out or close your browser.
Persistent cookies, which are stored on devices even after the browser has been closed. Each subsequent visit to a web page re-enables them, making it possible to identify recurring visits.
Third-party Provider cookies, such as those stored by companies to analyse web pages in order to provide information about the number of visits to the Online Service and their duration.
Flash cookies, which are stored by web pages serving media content (such as video clips and movies). Adobe Flash software enables the faster download of services and the storage of information, for example, that the content was accessed from your device.
Social media cookies enable the sharing of our Online Service through social media channels such as Twitter and Facebook. Detailed information is available in their respective guidelines.
Cookies and their settings
Cookies enable the efficient and personalised use of all features of our Online Service. Without cookies, some functionalities and services would not be available.
Most browsers provide various options for the protection of your privacy. Disabling cookies makes the storage of new cookies no longer possible: it does not prevent previously stored cookies on the device from working until they have all been deleted through the browser settings. The browser’s help feature or the device’s user manual specifically describe how to manage the cookie settings. In addition, a company-specific policy may regulate such settings.
Google shall use this information on our behalf to evaluate users’ use of our Online Service, to compile reports about activity within this Online Service and to provide us with further services related to the use of this Online Service and the Internet. For this purpose, pseudonymous profiles may be created from the processed data.
We use Google Analytics to serve ads, which we provide to Google and serve through the advertising services of Google and its partner sites, only to users who have shown an interest in our Online Service or who exhibit certain characteristics, such as interest in specific topics or products determined as a result of the web pages the user has visited (called a ‘remarketing audience’ or ‘Google Analytics audience’). With the help of remarketing audiences, we would also like to ensure that our ads are based on the potential interests of the users and are not considered a nuisance.
We only use Google Analytics with enabled IP anonymisation. This means that Google will truncate the IP address of a user within a member state of the European Union or any other state that is a party to the EEA Agreement. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there.
The IP address provided by the user’s browser is not merged with other Google data. Users may prevent the storage of cookies by selecting an appropriate setting in their browser software.
This will store an opt-out cookie on your computer, which will prevent Google from collecting your data when you visit this website in future.
For this purpose, please click the following link
Disable Google Analytics
In addition, users may prevent Google from collecting and processing data obtained from a cookie and related to their use of the Online Service by downloading and installing the browser add-on available at http://tools.google.com/dlpage/gaoptout?hl=en
Further information on Google’s data use, settings and opt-out options is available on Google’s web pages: https://policies.google.com/technologies/partner-sites?hl=en
(‘How Google uses information from sites or apps that use our services’); https://policies.google.com/technologies/ads?hl=en
(‘Advertising’); and https://adssettings.google.com
(‘Make the ads that you see more useful to you’).
Google marketing and remarketing services
We use Google’s marketing and remarketing services (‘Google Marketing Services’) for the purpose of our legitimate interests (that is, interest in the analysis, optimisation and economic operation of our Online Service as set in Art. 6  lit. f of the GDPR).
Google Marketing Services allow us to target ads for and on our Website in order to serve only ads that are potentially based on users’ interests. For example, if ads that a user has shown interest in on other websites are served to the user, this is known as ‘remarketing’. For these purposes, when our and other web pages for which Google Marketing Services has been enabled are visited, Google directly executes a piece of code that embeds (re)marketing tags (invisible graphics or pieces of code, also known as ‘web beacons’) in the web page. With their help, an individual cookie, that is, a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). Cookies may be stored by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. This file will contain the websites the user has visited, the content the user has shown interest in, the ads the user has clicked on, additional technical information about the browser and operating system, referring web pages, the time of the visit and other information related to the use of the Online Service. The user’s IP address is also recorded. In the context of Google Analytics, we would like to inform you that Google will truncate the IP address of a user within a member state of the European Union or any other state that is a party to the EEA Agreement, and only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. The IP address is not merged with user data from other Google services. Google may also link the above information to such information from other sources. If the user subsequently visits another web page, ads based on the user’s interests may be served.
User data is processed pseudonymously within the scope of Google Marketing Services, that is, Google does not store and process data such as the user’s name or email address but processes the relevant data obtained from the cookie within pseudonymous profiles. Hence, from Google’s point of view, ads are not managed and served to a specific, identified person but rather to the cookie holder, regardless of who this cookie holder is. This does not apply if a user has explicitly permitted Google to process the data without the data having been pseudonymised. The user data collected by Google Marketing Services is transferred to Google and stored on Google servers in the USA.
The Google Marketing Services we use include the online advertising service ‘Google AdWords’. In the case of Google AdWords, each AdWords customer receives a different ‘conversion cookie’, which prevents cookies from being tracked through AdWords customer websites. The information collected with the help of the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that could be used to personally identify the users.
We may also use the ‘Google Optimizer’ service. Google optimizer allows us to track the effects of various changes to a website (such as changes in input fields, design, etc.) within the scope of ‘A/B testing’. Cookies are stored on users’ devices for the purpose of this test. In this case, only pseudonymous user data is processed.
Moreover, we may use the ‘Google Tag Manager’ to integrate and manage Google analytics and marketing services on our Website.
Further information about the use of data for marketing purposes by Google is available at https://policies.google.com/technologies/ads?hl=en
If you would like to opt out of interest-based advertising by Google Marketing Services, you may use the settings and opt-out options available at https://adssettings.google.com
Facebook social plug-ins
We use the social plug-ins (‘plug-ins’) of facebook.com, a social network, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland (‘Facebook’), for the purpose of our legitimate interests (that is, interest in the analysis, optimisation and economic operation of our Online Service as set in Art. 6  lit. f of the GDPR). The plug-ins may constitute interactive elements or content (such as videos, graphics or text) identified by one of the Facebook logos (white ‘f’ on a blue tile, the term ‘Like’ or a ‘thumbs up’ icon) or by the text ‘Facebook Social Plugin’. An exhaustive list of the Facebook social plug-ins is available at https://developers.facebook.com/docs/plugins
If a user calls a feature of this Online Service that contains such a plug-in, the user’s device establishes a direct connection to the Facebook servers. Facebook transfers the plug-in content directly to the user’s device and subsequently integrates it into the Online Service. For this purpose, user profiles may be created from the processed data. Hence, we have no influence on the amount of data Facebook collects with the help of this plug-in. We therefore inform users according to the information available to us.
Through the integrated plug-ins, Facebook is notified that a user has visited the respective page on the Online Service. If the user is logged in to Facebook, Facebook allocates the visit to the user’s Facebook account. If the user interacts with the plug-ins, such as clicking the ‘Like’ button or leaving a comment, the respective information is transferred directly from the user’s device to Facebook and stored there. If a user is not a member of Facebook, it is still possible that Facebook obtains the user’s IP address and stores it. According to Facebook, it only stores anonymised IP addresses from Germany.
The purpose and extent of the data collected, its further processing and use by Facebook, and the relevant rights and options for users to protect their privacy are available in Facebook’s data policy: https://www.facebook.com/about/privacy
If a user is a member of Facebook and does not want Facebook to collect data about this Online Service and allocate it to the user’s Facebook account, the user must log out of Facebook and delete the cookies before using the Online Service. Further settings and the option to opt out of the use of data for advertising purposes are available in the Facebook profile settings:
; on the US page for advertising choices: http://www.aboutads.info/choices; or on the EU page for advertising choices: http://www.youronlinechoices.com
. The settings are platform-independent, that is, they apply to all devices such as desktop computers and mobile devices.
Facebook marketing services
We use the ‘Facebook pixel’ of Facebook, a social network, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, if you are resident in the EU, for the purpose of our legitimate interests in the analysis, optimisation and economic operation of our Online Service, and for the pursuance of these activities.
The Facebook pixel helps make it possible for Facebook to identify the visitors of our Online Service as a target group for serving ads (called ‘Facebook ads’). Accordingly, we use Facebook pixel to serve Facebook ads, which we provide to Facebook, only to Facebook users who have shown an interest in our Online Service or who exhibit certain characteristics, such as interest in specific topics or products determined as a result of the web pages the user has visited (called a ‘Custom Audience’). With the help of the Facebook pixel, we would also like to ensure that our Facebook ads are based on the potential interests of the users and are not considered a nuisance. Moreover, the Facebook pixel helps us understand the effectiveness of Facebook ads for statistical and market research purposes by indicating whether users have been redirected to our Website after clicking a Facebook ad (called a ‘conversion’).
Facebook directly embeds the Facebook pixel when our web pages are visited and may store a cookie, that is, a small data file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, the visit to our Online Service will be recorded in your profile. The data collected about you is anonymous and gives us no indication of the user’s identity. However, the data is stored and processed by Facebook, making its allocation to the respective user profile possible, and may be used for Facebook and for Facebook’s own market research and advertising purposes. Insofar as we shall transfer data to Facebook for matching purposes, this shall be encrypted locally in the browser and then sent to Facebook over a secure https connection. This shall be solely for the purpose of matching the data with data similarly encrypted by Facebook.
Furthermore, when using the Facebook pixel, we use the additional ‘advanced matching’ feature whereby (encrypted) data (such as users’ telephone numbers, email addresses and Facebook IDs) is transferred to Facebook in order to form target groups (‘Custom Audiences’ or ‘Lookalike Audiences’). Further information on ‘advanced matching’ is available at https://www.facebook.com/business/help/611774685654668
Data is processed by Facebook in terms of Facebook’s Data Policy. General information about displaying Facebook ads is available in Facebook’s Data Policy at https://www.facebook.com/policy.php
. Specific information and details about the Facebook pixel and how it works is available in Facebook’s Help Center at https://www.facebook.com/business/help/651294705016616
You may opt out of the collection of your data through the Facebook pixel and its use to display Facebook ads. To determine the types of ads that will appear within Facebook, you may follow Facebook’s instructions on how to change the settings for usage-based advertising at https://www.facebook.com/ads/preferences
. The settings are platform-independent, that is, they apply to all devices such as desktop computers and mobile devices.
The following information shall explain the content and the subscription, mailing and statistical evaluation procedures of our newsletter, as well as your right to opt out. By subscribing to our newsletter, you shall consent to receiving it and to the described procedures.
Content of the newsletter: We shall only send newsletters, emails and other electronic notifications containing advertising information (hereinafter ‘Newsletter’) with the consent of the recipient or if it is legally permissible. Insofar as the content of a Newsletter is specifically described in the subscription process, it shall be relevant for the user’s consent. In addition, Newsletters shall include information about our products, services, promotions and company.
Double opt-in and logging: A double opt-in process is used for subscription to our Newsletter, that is, when you subscribe, we shall send you an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one subscribes with someone else’s email address. Subscription to a Newsletter is logged, to serve as evidence of the subscription process in accordance with legal requirements. This shall include records of the subscription and confirmation times, as well as of the IP address. Changes to your data stored at the mailing service provider shall also be logged.
Furthermore, the Mailing Service Provider may use this data in pseudonymous form, that is, without allocating it to a user, to optimise or improve their own services—such as the optimisation of the delivery process and Newsletter design—or to identify recipients’ countries for statistical purposes. However, the Mailing Service Provider shall not use Newsletter recipient data to contact the users themselves or disclose it to third parties.
Statistical collection and analysis: Newsletters contain a ‘web beacon’, that is, an image file that is one pixel large, which is retrieved from the Mailing Service Provider’s server when the Newsletter is opened. This will result in technical data, such as information about your browser and your operating system, as well as your IP address and the time of your visit being collected. The technical data is used to improve the technology on which the service is based, while the browsing location (identified from the IP address) and the times of the visits are used to determine the target groups and their reading habits. In addition, response data (such as when an email is opened and the clicks in the email) is collected and stored for the purpose of tracking.
The use of a Mailing Service Provider, collection and analysis of statistical data, logging of the subscription process and tracking are for the purpose of our legitimate interests in accordance with Art. 6 (1) lit. f of the GDPR. Our interest is the use of a user-friendly and secure Newsletter system that both serves our commercial interests and fulfils user expectations.
Cancellation/withdrawal: You may cancel the Newsletter, that is, withdraw your consent, at any time. Your consent for the delivery of the Newsletter by the Mailing Service Provider shall be withdrawn at the same time. It is not possible to withdraw separately from delivery by the Mailing Service Provider or from statistical evaluation. A link to cancel the Newsletter may be found at the end of each Newsletter.
Consent to being contacted by telephone
FORUM Institut also solicits your consent to being contacted by telephone with regard to events and relevant technical content in online forms and print media.
Third-party services and content
We use the content and services of Third-party Providers, such as videos and fonts (hereinafter jointly ‘Content’), in our Online Service for the purpose of our legitimate interests (that is, interest in the analysis, optimisation and economic operation of our Online Service as set in Art. 6  lit. f of the GDPR). This always implies that Third-party Providers of such content identify the user IP address, since they could otherwise not send the content to their browser. The IP address is required to serve this content. We make every effort to use only such content whose respective provider uses the IP address solely to deliver the content. Moreover, Third-party Providers may also use pixel tags (invisible graphics, also called ‘web beacons’) for statistical or marketing purposes. Information such as visitor traffic on the pages of this Website may be evaluated through the ‘pixel tags’. Moreover, the pseudonymous data may be stored in cookies on the user’s device, may include technical information about the browser and operating system, referring web pages, the time of the visit and other information related to the use of our Online Service, and may also be linked to such data from other sources.
The following list provides an overview of Third-party Providers and their content, together with links to their privacy policies, which contain further information on their processing of data and, as already mentioned in some cases, opt-out options:
; opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
. You may change your Twitter privacy settings in your account settings at http://twitter.com/account/settings
Users have the right, upon request and free of charge, to be informed about their personal data that we store.
In addition, users have the right to rectify incorrect data, to restrict its processing and to delete their personal data if applicable, to assert their rights to data portability and, in the event of the presumption of unlawful data processing, to file a complaint with the competent supervisory authority.
In principle, users may also revoke consent with future effect.
Deletion of data
The data we store shall be deleted as soon as it is no longer required for its intended purpose, provided that there are no legal obligations to retain it. Insofar as user data is not deleted because it is required for other and legally permissible purposes, its processing shall be restricted, that is, the data shall be blocked and not processed for any other purpose. For example, this shall apply to user data that must be retained for commercial or fiscal reasons.
Subject to legal guidelines, retention shall be for a period of six years in accordance with Section 257, Subsection 1 of the German Commercial Code (HGB – books of account, inventories, opening balance sheets, financial statements, commercial letters, posting documents, etc.) and for a period of 10 years in accordance with Section 147 Subsection 1 of the German Fiscal Code (AO – books, accounting records, financial reports, posting documents, commercial and business letters, tax-related documents, etc.).
The data shall be deleted entirely after no more than 30 years, the standard customer development cycle. Should a customer relationship exist or have existed, the personal customer data shall be pseudonymised and stored solely for the purpose of illustrating the customer company’s development history.
Right to revoke consent
You may revoke your declared consent at any time with future effect. You may revoke your consent by email to firstname.lastname@example.org
or by post in German to:
FORUM • Institut für Management GmbH
Right to access
You may request access to your data stored by FORUM Institut, and that it be rectified, deleted or blocked, at any time in German in the manners set above.
For further information, suggestions and requests concerning the collection, processing and use of your data, please contact us at email@example.com