1. Contact details of the controller
Scape Consulting GmbH
D-60327 Frankfurt am Main
Phone +49. 69. 71 04 56 463
Fax +49. 69. 71 04 56 464
2. Visiting our website
When using our website, cookies are stored on your computer. Cookies are small text files that are stored on your hard disk through the browser you use and through which the person or organization that places the cookie (here by us), receives certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make your experience on our website more user-friendly and effective. Our website uses transient and persistent cookies. Transient cookies are automatically deleted when you close your browser. They particularly include session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser. You can configure your browser settings according to your wishes and refuse the acceptance of third party cookies or all cookies, for example. Please note that you may not be able to use all functions of this website.
b) Server Log Files
Scape collects data about every access to our website (so-called Server-Log-Files). Such data includes: Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. We generally only use the log file for statistical evaluations for the purpose of operation, security and optimization of the offer.
c) Social Media
Scape maintains online presences within social networks and platforms to communicate with active customers, prospects and users and to inform them about our services. In this context, some of our pages link to "Xing" (Xing AG, Gänsemarkt 43, 20354 Hamburg) and "LinkedIn" (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA). Scape does not use social media plug-ins on the website, but only links. Data processing in the social networks and platforms is therefore completely independent of Scape, and we therefore have no influence on the data processing that takes place when the link is clicked.
d) Contact Form
When you contact us (e.g. via contact form or e-mail), personal data may be collected from you. In the case of data collection via the contact form provided on our website, the data concerned can be seen from the respective contact form. This data is collected and used for the purpose of responding to your request or for contacting you. We will delete the data you have provided as soon as your query has been conclusively answered. This is the case if it can be inferred from the circumstances that the facts concerned have been finally clarified and insofar as there are no legal obligations for storage that personal data.
e) Newsletter and Direct Marketing
If you subscribe to our newsletter or to our telephone interest database, we use the data (first name, surname, e-mail address, telephone number) provided by you for this purpose in order to include it in our newsletter database and/or our interested party database in accordance with your consent and to send you our e-mail newsletter regularly or to inform you by telephone about further offers. The admission into our newsletter database and our prospective customer data bank follows over the so-called Double-Opt-In procedure, in order to prevent an abuse of your data; we will be sending to your e-mail address an e-mail with an activation-link and only after confirming that link you will be included into our newsletter database. If the activation link is not properly activated within one week after the activation-link has been sent, the personal data will be deleted.
The text of your consent is as follows:
[ ] Please add me to your newsletter. I agree to the processing of my personal information to the extent required for this purpose.
If you purchase goods or services on our website and provide us with your e-mail address, we may subsequently use it for sending information as part of our direct marketing activities.
Unsubscribing from the newsletter or the receipt of information on direct marketing is possible at any time with effect for the future and can be effected either by sending a message to our e-mail firstname.lastname@example.org or via the link provided for this purpose in the newsletter.
f) Video Conferencing Solutions
We use the video conferencing solution “Teams” owned by Microsoft Corp., One Microsoft Way Redmond, WA 98052-6399 USA or its European subsidiary respectively for our online trainings or seminars. Hereby your personal data may be transferred to the USA. In the opinion of the European Court of Justice of July 16, 2020, Case C-311/18 ("Schrems II"), there is no level of data protection in the USA that is equivalent to that in the European Union (for further details, see Section 6).
We process the following of your data or data categories when “Teams” is deployed: We process the meta-data of your connection, such as your IP address, browser data and comparable data for the technical provision of Teams. We process your login data (name, e-mail address, password, etc.) for the registration on Teams. To enable you to participate in the video conference, we process your video recording (including sound), your location, the comments on the video and the chat history. We store the above-mentioned data and delete those 6 months after the end of the training or seminar, as far as no legal retention periods exist.
g) Collaboration Tools
In order to be able to provide you with an interactive experience during our online trainings and seminars we use the platform "Miro". The “Miro" platform is a software of the company RealtimeBoard, Inc. The "Miro" platform enables us to offer you and the other participants an interactive communication during the training or seminar. You therefore determine the extent of the processed data also through your actions. You can decide how to participate in the training or seminar and how you would like to work with us and the other participants on the "Miro" platform. Hereby your personal data may be transferred to the USA. In the opinion of the European Court of Justice of July 16, 2020, Case C-311/18 ("Schrems II"), there is no level of data protection in the USA that is equivalent to that in the European Union (for further details, see Section 6).
For the technical provision of the "Miro" platform, we process the meta data of your connection, such as your IP address, browser data and other device data. For registration on the platform "Miro" we process your contact data (name, e-mail address, etc.). For interactions with you and your use of the "Miro" platform, we store your questions, videos, chats and other actions. These can be seen and read by all participants of the training or seminar, as far as we do not set any restrictions. We store these data and delete them 6 months after the end of the training or seminar, as far as there are no legal retention periods.
3. Legal Basis
The aforementioned processing is based on Art. 6 Para. 1 lit. b) GDPR, insofar as it is carried out to fulfil our obligations arising from the user relationship through the use of our website. Furthermore, the processing is based on Art. 6 Para. 1 lit. f) GDPR. Our legitimate interests are to maintain an attractive internet offer for the users of our website and provide the users with a user friendly, modern and technically flawless website. Our legitimate interests also are to be able to answer your concerns and to defend against and exercise of our legal claims.
Furthermore, the legal basis is the execution of the event within the framework of the contract concluded between you and the organizer, Art. 6 para. 1 lit. b) GDPR; this also applies to the establishment of such a contractual relationship.
In the case of training or seminars booked by your employer or organisation, the legal basis is Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the execution of the contract with our contractual partner as well as in the cost- and resource-effective implementation of this purpose. The legal basis can also be the consent of the participant, Art. 6 para. 1 lit. a) GDPR, to the processing of his/her data by means of a specific video conferencing solution or a collaboration tool.
The legal basis for the storage of the data required within the framework of the legal storage obligations is Art. 6 para. 1 lit. c) GDPR in connection with the respectively applicable regulation.
If you have registered to receive our newsletter, the legal basis is your consent, Art. 6 para. 1 lit a) GDPR. We furthermore have the legitimate interests to inform you through direct marketing concerning our newest products and services, the legal basis here is Art. 6 para. 1 lit f) GDPR.
In certain cases, the above-mentioned personal data can be viewed by our service providers (website providers, cloud providers, business centers, newsletter providers, providers of video conferencing or collaboration solutions) who are active in the operation, organization, maintenance and update of our website, or in the provision of video conferencing solutions and collaboration tools. These external service providers only act according to our instructions and are constantly monitored.
5. Period for which the personal data will be stored
As far as it is not otherwise stated in section 2 and no legal storage obligations exist, the following applies for the period for which the personal data will be stored: Transient cookies are automatically deleted when you close your browser. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. Server-Log-Files are deleted or stored in anonymous form after statistical evaluation – but after 6 months at latest, starting from the date of their collection. The data provided by you within the context of the contact request will be deleted by us as soon as your contact request has been finally answered. The data that is collected on the basis of your consent will be deleted immediately after withdrawal of such consent.
6. Transfer of personal data to third countries
Your personal data may possibly be transferred to the USA as part of the cloud-based office solution used by Scape as well as the video conferencing solutions and the collaboration tools. According to the decision of the European Court of Justice of July 16, 2020, Case C-311/18 ("Schrems II"), there is no level of data protection in the USA that is equivalent to that in the European Union. There is no adequacy finding by the European Union for the transfer to the USA, nor are there any suitable guarantees. US authorities may access and use your data. Neither the access nor the use of your data are regulated under US law in such a way that this is equivalent to the European law. Neither do these laws contain restrictions on the access or the use of your data, nor, unless you are a U.S. citizen, there is any effective legal protection available to you against the access and the use of your data.
The transfer of data to the USA is therefore based on your expressly declared consent in accordance with Art. 49 para. 1 lit. a) GDPR. If you are our contractual partner, the data transfer is carried out in accordance with Art. 49 para 1) lit. b) GDPR.
Furthermore, we stipulate agreements on order processing with our service providers compliant to the EU standard contract clauses. The processing of your personal data is therefore only carried out on the basis of and within the frame of our instructions to the service provider. You can obtain an extract from the contracts concerning you at the contacts provided in section 1.
7. Necessity of data collection
The collection of the data described here is neither contractually nor legally required. However, without your consent we cannot offer you the online trainings or seminars with the tools "Teams" and "Miro".
8. Rights of the data subject
According to the GDPR, you have the following rights and claims against the controller:
- the right of access (Article 15 GDPR)
- the right to rectification (Article 16 GDPR)
- the right to erasure (Article 17 GDPR)
- the right to restriction of processing (Article 18 GDPR)
- the right to data portability (Article 20 GDPR)
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
10. Right to object, Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time, when the processing is based on Article 6 para. 1 lit. f) GDPR. We shall no longer process your personal data unless we are able to demonstrate legitimate grounds for the processing which override your interests, rights and freedoms or are necessary for the establishment, exercise or defence of legal claims.
Unsubscribing from the newsletter or the receipt of information on direct marketing is possible at any time with effect for the future and can be effected either by sending a message to email@example.com or via a link provided for this purpose in the newsletter.
11. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
The data protection supervisory authority responsible for the controller is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (the data protection officer of Hessen)
You are also welcome to contact us first.
Scape Consulting GmbH