SHOP

Data Protection Declaration

As of: March 2018

Legal Note:

The only legally binding language of this Data Protection Declaration is German.

Preamble

With the following Data Protection Declaration we would like to inform you about the type, scope and purpose of the collection, processing and use of personal data when using the data collected by the International Union of Marine Insurance e. V., Große Elbstraße 36, 22767 Hamburg, Germany, phone: +49 40 2000 747-0 (hereinafter also referred to as "IUMI") on the websites https://iumishop.mycoracle.com/.

Personal data is all data that can be referred to you personally, e.g. name, address, email address, user behaviour.

1. Who is responsible for data processing and who can I contact

Responsible pursuant to Article 4, para. 7 of the EU General Data Protection Regulation (hereinafter referred to as "GDPR")

International Union of Marine Insurance e.V.

Große Elbstraße 36

22767 Hamburg, Germany

phone: +49 40 2000 747-0

fax: +49 40 2000 747-0

email: data-protection@iumi.com

(see imprint https://iumi.com/imprint)

2. Your rights

You have the following rights vis-à-vis IUMI with regard to the personal data concerning you:

- Right of access pursuant to Article 15 GDPR,

- Right to rectification pursuant to Article 16 GDPR,

- Right to erasure (right to be forgotten) pursuant to Article 17 GDPR,

- Right to restriction of processing pursuant to Article 18 GDPR

- Right to restriction of processing pursuant to Article 21 GDPR (for more information see Clause 13),

- Right to data portability pursuant to Article 20 GDPR.

With regard to the right of access and the right to erasure, the restrictions pursuant to Sections 34 and 35 German Federal Data Protection Act (hereinafter referred to as “BDSG”) apply.

You also have the right to complain to a data privacy supervisory authority about the processing of your personal data by IUMI (Article 77 GDPR in conjunction with Section 19 BDSG).

3. Collection of personal data when contacting us

When you contact us by e-mail or via a contact form, the data provided by you (your e-mail address, possibly your name and telephone number) will be stored by IUMI in order to answer your question. IUMI deletes the data arising in this context after storage is no longer necessary or restricts the processing if legal storage obligations exist.

In case we use contracted service providers for individual features of our service or if we intend to use your data for commercial purposes, we will inform you in detail about the respective processes below. We also state the specified criteria for the storage duration.

4. Collection of personal data when visiting our website

If you use the website purely for informational purposes, i. e. if you do not register or otherwise provide us with information, IUMI only collects the personal data that your browser transmits to IUMI's server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to guarantee stability and security (the legal basis for which is Article 6, para. 1, p. 1, lit. f GDPR):

- IP address

- Date and time of the request

- Time zone difference to Greenwich Mean Time (GMT)

- Content of the request (concrete page)

- Access status/HTTP status code

- The amount of data transferred in each case

- Website from which the request originates

- Browser

- Operating system and its interface

- Language and version of the browser software

In addition to the above-mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using and through which certain information flows to the site that places the cookie (IUMI in this case). Cookies cannot run programmes or transmit viruses to your computer. They serve to make the internet offer more user-friendly and effective. We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.

This website uses the following types of cookies:

- Transient cookies (see a.)

- Persistent cookies (see b.)

a. Transient cookies

Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This means that your computer can be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

b. Persistent cookies

Persistent cookies are automatically deleted after a specified period of time, which can vary depending on the cookie. You can delete cookies in the security settings of your browser at any time.

You can configure your browser settings according to your wishes and, for example, refuse the acceptance of cookies. Please note that in this case you may not be able to use all of the website's features.

The flash cookies used are not captured by your browser, but by your flash plug-in. We also use HTML5 storage objects that are stored on your end device. These objects store the required data independently of your browser and do not have an automatic expiration date. If you do not want the flash cookies to be processed, you must install a corresponding add-on. You can prevent the use of HTML5 storage objects by using the private mode in your browser.

5. Collection of personal data for additional services

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. In order to do this, you will usually be asked to provide further personal data that we use to provide the respective service and for which the aforementioned data processing principles apply.

a. User registration

We store and use data provided by you when opening a user account for the purpose of providing our services in accordance with the contract. This data usually includes, among other things, email address, password, name, title, employer.

b. Paid educational content

Should you use paid educational content on https://iumishop.mycoracle.com/, you must provide us with additional information such as your bank, credit card or other payment processing data (e. g. PayPal) and your address as well as any further information if necessary.

c. Learning progress monitoring

In order to provide you with the best possible support for your learning, IUMI collects data on your personal usage patterns. Under no circumstances will your learning progress data be passed on to third parties.

d. Payment processing

Payment processing data may be passed on to third parties to the extent permitted by law in order to be able to process payments. For the payment process we use the following external service providers:

In case of payment by credit cards we use the external service provider Stripe, Inc. (www.stripe.com) to process your payments. The personal data relevant for payment processing provided by you is subject to Stripe's security and data protection regulations. The service provider is certified as Level 1 PCI-DSS compliant. For more information about the security of your personal information regarding credit card payments, please see https://stripe.com/de/terms.

Information about this external service provider:

Stripe, Inc.185 Berry Street, Suite 550San Francisco, CA 94107

E-Mail: privacy@stripe.com

Terms & conditions: https://stripe.com/payment-terms/legal

An overview of the data protection policy is available here: https://stripe.com/de/privacy

Alternatively, we offer payment via the external service provider PayPal (Europe) S.à r.l. et Cie, S.C.A. ("PayPal). In this case, the personal data that you provide and that are relevant for the processing of payments are subject to the security and privacy policy of PayPal. For the payment methods direct debit via PayPal or - if offered - "purchase on account" via PayPal, PayPal reserves the right to conduct a credit check. The result of the credit check on the statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values ​​(so called score values). Insofar as score values ​​are included in the results of the credit rating, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values ​​includes, among other things, address data. Further data protection information, please refer to the privacy policy of PayPal.

Information about this external service provider:

PayPal (Europe) S.à r.l. et Cie, S.C.A.

22-24 Boulevard RoyalL-2449 Luxembourg

Email: impressum@paypal.com

Terms of use: https://www.paypal.com/de/webapps/mpp/ua/useragreement-full?locale.x=de_DE

An overview of the data protection policy can be found here:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE

e. Online exams

If you wish to sit an online exam for our online tutorials, certain data such as your name and email address will be processed by the online exam service provider TestReach. For more information about the security of your personal information regarding the online exam, please see https://www.testreach.com/testreach-privacy.html.

Information about this external service provider:

TestReach

NexusUCD

Block 9-10

Belfield Office Park

Clonskeagh

Dublin 4

Ireland

Email: info@testreach.com

Terms of service: https://www.testreach.com/testreach-terms.html

The legal basis for the above data usage is

Article 6, para. 1, p. 1, lit. b GDPR.

6. Web Analytics, Adobe Connect and Osprey-VLE

a. Google-Analytics

This website uses Google Analytics, a web analytics service of Google Inc. (“Google”). Google Analytics uses so-called “Cookies” (text files that are stored on your computer and enable an analysis of the use of the website). The information generated by the cookies about your use of our website (including your IP address) is usually transferred to a server of Google and stored in the USA.

However, by activating the IP anonymisation we have carried out, your IP address will be shortened by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address is transferred to a Google server in the USA and shortened there. Google will use this information to evaluate your utilisation of our website, to create a report about the website activities for the website owners, and to deliver further services that are linked to the utilisation of the website and internet.

The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

You can avoid the installation of cookies through a specific setting in your browser software; though we point out that you might not be able to use all features of this website to full extent.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of our website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available for deactivation under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

This website uses Google Analytics with the extension "_anonymizeIp ()". As a result, IP addresses are further processed in a shortened form, eliminating the possibility of direct personal references. Insofar as the data collected about you refers to a person, this personal reference will be excluded immediately and the personal data will be deleted promptly.

This website also uses Google Analytics for a cross-device analysis of visitor flows conducted via a user ID. You can deactivate the cross-device analysis of your usage under "My data", "Personal data" in your customer account.

We use Google Analytics to analyse and regularly improve the use of our website. We use the statistics gained to improve our service and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield,

https://www.privacyshield.gov/EU-US-Framework

The legal basis for the use of Google Analytics is Article 6, para. 1, p. 1, lit. f GDPR.

Third party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Terms of use:

https://www.google.de/analytics/terms/de.html

An overview of data privacy law can be found here:

http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data privacy declaration:

https://www.google.com/intl/de/policies/privacy/.

b. Adobe Connect

Our website uses Adobe Connect to host the webinars. For more information on Adobe Connect privacy terms, please visit http://www.adobe.com/de/privacy

c. Osprey-VLE

This website is using Osprey-VLE to provide the learning material, an online learning tool provided by Coracle Online Ltd. („Corcale“).

Information about this service provider: Coracle Online Ltd, St John’s Innovation Centre, Cowley Road, Cambridge CB4 0WS, United Kingdom

Phone: +44 (0)1223 422016

Email: info@mycoracle.com

More information about the data protection policy of Coracle are available here: https://www.mycoracle.com/article/terms-and-conditions and https://www.coracleonline.com/article/cookies

7. Social-Media-Plugins

We currently use the following social media plugins:

a. Twitter

b. LinkedIn

We use the so-called two-click solution. This means that when you visit our website, no personal data will be passed on to the providers of the plugins. The provider of the plugin can be identified by the marking on the box above its initial letter or the logo. We offer you the possibility to communicate directly with the provider of the plugin via the button. Only if you click on the marked field and activate it the plugin provider will receive the information that you have accessed our website. In addition, the data mentioned under 3. to 5. of this Data Protection Declaration will be transmitted. This personal data of yours will be transmitted to the plugin providers and stored there.

We have neither influence on the collected data and data processing procedures, nor are we aware of the full extent of data collection, the purposes of processing, or the storage periods. In addition, there is no information available to us for the deletion of the collected data by the plug-in provider.

The plug-in provider stores the data collected about you as user profiles and uses them for advertising, market research and/or the needs-based design of its website (also for users who are not logged in). If you are logged in to the plugin provider, your data collected by us will be assigned directly to your existing account with the plugin provider. If you click on the activated button and, for example, hyperlink the page, the plugin provider also stores this information in your user account and communicates it publicly to your contacts.

You have a right of objection to the creation of these user profiles, whereby you must contact the respective plugin provider to exercise this right.

Via the plugins we offer you the possibility to interact with social networks and other users, so that we can improve our service and make it more interesting for you as a user. The legal basis for the use of the plugins is Article 6, para. 1, p. 1, lit. f GDPR.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the following data protection declarations of these providers. There you will also find more information about your rights and preferences for privacy protection:

a. Twitter

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA

Data privacy declarations:

https://twitter.com/privacy

Twitter has submitted to the EU-US Privacy Shield,

https://www.privacyshield.gov/EU-US-Framework

b. LinkedIn

LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA

Data privacy declarations:

https://www.linkedin.com/legal/privacy-policy

LinkedIn has submitted to the EU-US Privacy Shield,

https://www.privacyshield.gov/EU-US-Framework

8. Purpose of processing and its legal basis

We process the aforementioned personal data in accordance with the provisions of GDPR and the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). In detail:

a. For the fulfilment of contractual obligations (Article 6 para. 1 b DSGVO)

The processing of personal data is carried out for the purpose of providing educational content (live webinars, recordings, online tutorials) and accompanying materials as part of the execution of our contracts with our user or for carrying out pre-contractual measures that are carried out upon your request.

The purposes of data processing may include, among other things, the creation of a member account, the provision of educational content, the processing of user content and the execution of transactions. Further details on the purpose of data processing can be found also in the General Terms and Conditions.

b. In the context of the balancing of interests (Article 6, para. 1, p. 1, lit. f GDPR)

As far as necessary, we process your data beyond the actual fulfilment of the contract to protect legitimate interests of us or third parties. Examples:

  • Advertising or market and opinion research, as far as you have not objected to the use of your data

  • Ensuring IT security

  • Prevention of crime

  • Measures for business management and further development of services and products

c. On the basis of your consent (Article 6, para. 1, p. 1, lit. a GDPR)

Insofar as you have given us your consent to the processing of personal data for certain purposes (such as fulfilling contractual obligations), the legality of this processing is based on your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent issued to us prior to the application of the EU General Data Protection Regulation, i. e. before 25 May 2018. Please note that the revocation will only take effect in the future. Processing carried out prior to revocation shall not be affected. You can request a status overview of the consents you have given at any time from us.

9. Is data transferred to a third country

We work with certain external service providers to process your data. Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the fulfilment of our contractual obligations, if it is legally required, if you have given us your consent or if the data transfer is carried out within the scope of commissioned data processing. If service providers are deployed in the third country, they are obliged to comply with the data protection level in Europe by the agreement of the EU standard contractual clauses.

The legal basis for this is Article 46, para. 1 GDPR.

10. How long is my data stored

We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its further processing - limited in time - is necessary for the following purposes:

  • Fulfilment of commercial and fiscal retention periods: The Commercial Code (Handelsgesetzbuch) and the Tax Code (Abgabenordnung) are to be mentioned.

Preservation of evidence under the statute of limitations. According to Sections 195 et seq. of the German Civil Code ( Bürgerliches Gesetzbuch, BGB), these periods of limitation can be up to 30 years, whereas the regular period of limitation is three years.

11. Is there an obligation for me to provide data

Within the scope of our business relationship, you must provide personal data that is necessary for the initiation and execution of our business relationship and the fulfilment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will usually have to reject the conclusion of the contract or will no longer be able to carry out an existing contract and may have to terminate it.

12. Miscellaneous

You may contact us any time if you have questions regarding the data protection practices or want us to delete your profile or any personal data.

In the course of the continuous development of our services and the implementation of new technologies, IUMI reserves the right to update this Data Protection Declaration any time. Therefore we suggest you read our Data Protection Declaration again once in a while on https://iumishop.mycoracle.com/.

Please do not hesitate to contact us if you have any questions about data protection. Simply send us an email to: data-protection@iumi.com or write to us at the above address.

13. Right of revocation and objection against the processing of your data

a. Revocation

If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation influences the admissibility of the processing of your personal data only after you have expressed it to us.

b. Objection

Your right of objection follows from Article 21 GDPR.

For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data relating to you on the basis of Article 6, para. 1, p. 1, lit. e GDPR (data processing in the public interest) and Article 6, para. 1, p. 1, lit. f GDPR (data processing on the basis of a balance of interests).

If you exercise your right of objection, we will no longer process your personal data, unless we can prove compelling grounds worthy of protection for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Furthermore you have the right to object at any time to the processing of personal data concerning you for the purpose of direct advertising.

If you object to the processing for purposes of direct advertising, we will no longer process your personal data for these purposes.

The objection and revocation can be made without observing formal requirements under the following contact data:

International Union of Marine Insurance e.V.

Große Elbstraße 36

22767 Hamburg, Germany

phone: +49 40 2000 747-0

fax: +49 40 2000 747-0

email: data-protection@iumi.com