Privacy Policy for St. Marys PPU – May 25th, 2018

The use of the St. Marys College PPU website may involve the processing of personal information. Our intention is for the following information to provide you with an overview of these processes so that you can understand them. In order to ensure fair processing, we would like to inform you about your rights under the European General Data Protection Regulation (GDPR).

Bopworx (hereinafter referred to as “we” or “us”) is responsible for the data processing.

Table of Contents:

  1. Contact Us
  2. General Information on the Processing of Personal Data
  3. Duration of Storage
  4. Transmission of data
  5. Contact Form
  6. Registration and Login
  7. Facebook Connect
  8. Payments made on our Website
  9. Newsletter
  10. Processing Server Log Files
  11. Combating Fraud
  12. Facebook (Visitor Action Pixel)
  13. Google Analytics
  14. Google Marketing Services
  15. Microsoft Bing Ads
  16. Twitter Conversion Tracking
  17. Integrated Services and Third-Party Content
  18. Your Rights
  19. The Right to Object
  20. Complaints to Government Authorities

1.      Contact Us

If you have any questions or suggestions about this information or would like to contact us to exercise your rights, please contact us via the contact form on our website: http://stmarysppu.com/contact-us/ 

2.      General Information on the Processing of Personal Data

The use of the products and services we offer may result in the processing of personal data. The term “personal data” under data protection law refers to all information relating to a specific or identifiable person. An IP address can also be considered personal data. An IP address is assigned to each device connected to the internet by the internet service provider, so that it can send and receive data. When you use the website, we collect data that you provide yourself. In addition, when you use the website, we automatically collect certain information about your use of it.

We process personal data in compliance with the relevant data protection regulations of the GDPR. We will only process data where we are legally permitted to do so. When you use this website, we will process personal data only with your consent (Art. 6 paragraph 1 sentence 1 letter a GDPR), for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract (Art. 6 paragraph 1 sentence 1 letter b GDPR), for compliance with a legal obligation (Art. 6 paragraph 1 sentence 1 letter c GDPR) or if the processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data (Art. 6 paragraph 1 sentence 1 letter f GDPR).

3.      Duration of Storage

Unless otherwise stated in the following sections, we will store the data only as long as necessary to achieve the purpose of processing or to fulfil our contractual or statutory obligations.

4.      Transmission of Data

Unless otherwise stated in the following sections, data will be processed on the servers of technical service providers commissioned by us for this purpose. These service providers will only process the data after having received express instructions and they are contractually obliged to guarantee adequate technical and organisational measures for data protection.

Insofar as we refer to integrated services of other providers in this Data Protection Declaration, it can be assumed that personal data will be transmitted to the specified headquarters of these providers. These providers may be based in a so-called third country outside the European Union or the European Economic Area. Further information can be found in the sections describing each service.

5.      Contact Form

Our website contains a contact form with which you can send us messages. The transfer of your data is encrypted.

The legal basis for processing this data is Art. 6 paragraph 1 sentence 1 letter b GDPR. All data fields marked as mandatory are required for processing your request. If they are not provided, your request cannot be carried out. The provision of any additional data is voluntary. Alternatively, you can also send us a message to the contact e-mail address.

6.      Registration and Login

In order to use certain functions within the website, registration is required. The information required can be seen on the registration screen. It is absolutely essential to provide the information marked as mandatory in order for you to complete the registration process. The data provided will be processed for the purpose of providing the service. The legal basis of this processing is Art. 6 paragraph 1 sentence 1 letter b GDPR. We store your data for as long as you are registered with us, unless you delete it beforehand.

7.      Facebook Connect

We also offer you the option of easier registration for our website and services through Facebook. You can use your existing Facebook user account for this purpose. By clicking the “Log in with Facebook” link, you can use this registration method via our online portal. To do this, you need to already have a Facebook account or have access to Facebook.

If you would like to register for one of our services using your Facebook account, the first step in the registration process will immediately redirect you to Facebook. Facebook will then ask you to log in or to register. Under no circumstances will we receive your personal access data (user name and password).

In a second step, you will connect your Facebook profile with the service for which you would like to register. At this point, you will be told what data from your Facebook profile will be transmitted to us. This information is usually your “public information” on Facebook and information which you have made available to the public or authorized for the application in question. Information of this type generally includes your name, profile picture and cover photo, your gender, your networks, your username (Facebook URL), and your user ID number (Facebook ID). We will also use the email address you have saved with Facebook in order to contact you outside of Facebook. You can see an overview of information in your profile that is available to the public via the General Account Settings menu of your Facebook profile (https://www.facebook.com/settings?tab=applications).

The legal basis for data collection and storage is your consent, within the meaning of Art. 6 paragraph 1 sentence 1 letter a GDPR. If you would like to remove the connection between Facebook Connect and our service, please log in to Facebook and make the required changes to your profile. We will then no longer have the right to use information from your Facebook profile.

8.      Payments made on our Website

You can enjoy our website without having to provide personal contact data. If you pay for chargeable activities in our website, your personal data will be collected by the corresponding payment service provider.

All payment-relevant data, such as your contact and payment data, are initially collected and processed by the corresponding payment provider. The legal basis for this data processing is Art. 6 paragraph 1 sentence 1 letter b GDPR.

For payments, we collect the geolocation of your IP address, which allows us to determine in which country you are located. The legal basis for this data collection is Art. 6 paragraph 1 sentence 1 letter c GDPR, as the processing is necessary for compliance with a legal obligation. The legal obligation arises from Directive 2006/112/EC (MOSS Directive).

We also receive information from payment providers related to payment fraud prevention. The legal basis for this data collection is Art. 6 paragraph 1 sentence 1 letter f GDPR, as the processing serves the legitimate interests of our company.

9. Newsletter

In the following section, we will inform you about our newsletter as well as other types of business emails and electronic communications and your right to object. By subscribing to our newsletter, you agree to receive it and you agree to the processes described below. The legal basis is your consent pursuant to Art. 6 paragraph 1 sentence 1 letter a GDPR.

We do not include the following information under the term “advertising communication”: Information about technical and organisational processes and information relating to the provision of services to our users.

The newsletters contain cookies that are retrieved by the server of the service provider that sends the newsletter, as soon as the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for technical improvement or to analyse the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined using the IP address) or access times. The statistical data collection also includes determining if and when the newsletters are opened, and which links are clicked and when they are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. These analyses are primarily intended to help us to identify the reading habits of our users and to adapt our content to them or to send different content based on user interests. The legal basis is Art. 6 paragraph 1 sentence 1 letter f GDPR.

You can stop receiving our newsletter at any time in the future just by letting us know that you wish to cancel. You can do so easily by using the link at the bottom of each of our communications or by using our support form. Unfortunately, you cannot request separate cancellations for the service provider that sends the newsletter or for the statistical analysis. If you wish to cancel, you must cancel the entire subscription.

10. Processing Server Log Files

When using our website for informational purposes only, general data is initially stored automatically (i.e. not via registration) and transmitted to our server by your browser. By default, these include: The browser type/version, the operating system used, the page accessed, the page previously visited (referrer URL), the IP address, the date and time of the server request and the HTTP status code.

The processing is carried out for the purposes of our legitimate interests, the legal basis of which is Art. 6 paragraph 1 sentence 1 letter of GDPR. This processing is used for technical administration and website security.

11. Combatting Fraud

We process pseudonymous information, such as the IP address or device ID, for the analysis of signals in order to identify fraud by third parties in the context of customer acquisition. To accomplish this, we are supported by external service providers whom we have ensured are committed to the same statutory requirements.

The legal basis is Art. 6 paragraph 1 sentence 1 letter f GDPR. This processing contributes to the organizational security of the website.

12. Facebook (Visitor Action Pixel)

We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website.

This allows user behaviour to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.

Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

13. Google Analytics

We use the Google Analytics service from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) to analyse our website visitors. Google uses cookies. The information generated by the cookie about the use of the online product or service by users is generally transferred to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of our online products and services by users, to compile reports on the activities within these online products and services and to provide us with further services associated with the use of these online products and services and the use of the internet. Pseudonymous user profiles can be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being stored by adjusting the settings to their browser software accordingly.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Users can prevent the collection of data generated by cookies by downloading and installing the browser plug-in that is available at the following link:  http://tools.google.com/dlpage/gaoptout?hl=en.

If you visit our website using a mobile device, you can deactivate Google Analytics by clicking on the following link: Click here.

Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

14. Google Marketing Services

On our website we use the marketing and remarketing services of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). These services allow us to display advertisements in a more targeted manner in order to present advertisements of interest to users. Through remarketing ads and products are displayed to users relating to an interest established by activity on other websites within the Google Network. For these purposes, a code is used by Google when our website is accessed and what are referred to as (re)marketing tags are incorporated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which apps users have visited, which content they are interested in and which offers have been used. In addition, technical information about the browser and operating system, referring websites, the length of the visit as well as any additional data about the use of the online products and services are stored. The IP address of users is also recorded, although we would like inform you that within the framework of Google Analytics, IP addresses within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area are truncated.

All user data will only be processed as pseudonymous data. Google does not store any names or e-mail addresses. All displayed ads are therefore not displayed specifically for a person, but for the owner of the cookie. This information is collected by Google and transmitted to and stored by servers in the USA.

One of the Google marketing services we use is the online advertising program Google AdWords. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. Cookies can therefore not be tracked through the websites of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users.

We may include third-party advertisements based on the Google Marketing Service called DoubleClick. DoubleClick uses cookies to enable Google and its partner websites to place ads based on users’ visits to this website or other websites on the Internet.

Google services make use of Google’s Tag Manager. For more information about Google’s use of data for marketing purposes, please see the summary page:  https://www.google.com/policies/technologies/ads, Google’s privacy policy is available at https://www.google.com/policies/privacy.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. If you wish to object to interest-based advertising by Google marketing services, you can do so using the settings and opt-out options provided by Google:  http://www.google.com/ads/preferences.

Google is certified under the Privacy Shield Agreement and thus guarantees its compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

15. Microsoft Bing Ads

We use the conversion and tracking tool Bing Ads from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, “Microsoft”) as part of our website. Microsoft stores a cookie on the user’s computer to enable an analysis of the use of our online services. The prerequisite for this is that the user has accessed our website through an ad from Microsoft Bing Ads. This enables Microsoft and us to know that someone has clicked on an ad, has been redirected to our online services and has reached a predetermined target page. We only see the total number of users who clicked on a Bing ad and were then forwarded to the target page (conversions). No IP addresses are stored. No other personal information about the identity of the user will be disclosed.

Users can find further information on data protection and the cookies used at Microsoft Bing ads in Microsoft’s data protection declaration: https://privacy.microsoft.com/de-de/privacystatement.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. If you do not wish to participate in the Bing Ads tracking process, you can communicate your objection to Microsoft here: http://choice.microsoft.com/de-DE/opt-out.

Microsoft is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation

(https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).

16. Twitter Conversion Tracking

On our website, we use the Conversion Tracking Service of Twitter Inc. (1355 Market Street #900, San Francisco, California 94103, “Twitter”). Twitter stores a cookie on the user’s computer to enable an analysis of the use of our online products and services. Twitter Conversion Tracking tracks the actions of users after they have viewed ads or interacted with ads on Twitter. Twitter’s Conversion Tracking allows you to assign conversions such as link clicks, retweets or “like” data.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. If you wish to object to tracking, you can do so using the Digital Advertising Alliance tool at optout.aboutads.info.

Twitter is certified under the Privacy Shield Agreement and thus guarantees its compliance with European data protection legislation: (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active)

17. Integrated Services and Third-Party Content

We use services and content provided by third parties on our website (hereinafter collectively referred to as “content”). For this kind of integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address will therefore be transmitted to the respective third party provider.

In each case, this data processing is carried out to safeguard our legitimate interests in the optimization and the commercial operations of our website, the legal basis of which is Art. 6 paragraph 1 sentence 1 letter of GDPR.

The Java programming language is regularly used to integrate content. Therefore, you can object to data processing by deactivating Java operations in your browser.

We have integrated contents from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) into our website:

“Google Maps” for displaying maps;

“Google Web Fonts” for using Google’s fonts;

“YouTube” for displaying videos.

Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

18. Your Rights

As the person concerned, you are entitled to exercise your rights against us. In particular, you have the following rights:

In accordance with Article 15 GDPR and Section 34 BDSG, you have the right to request information as to whether or not, and to what extent, we process personal data about you.

You have the right to have us correct your data in accordance with Article 16 GDPR.

You have the right to have us delete your personal data in accordance with Article 17 GDPR and Section 35 BDSG.

You have the right to have the processing of your personal data restricted in accordance with Article 18 GDPR.

You have the right, in accordance with Article 20 GDPR, to receive the personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller.

19. The Right to Object

In accordance with Article 21 GDPR, you have the right to object to any processing operations executed that use Art. 6 paragraph 1 sentence 1 letter e and letter f GDPR as their legal basis.

20. Complaints to Government Authorities

If you believe that the processing of your personal data constitutes an infringement of the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR.