Privacy Policy

Name and Address of the Controller

hydra newmedia GmbH

Seidenstraße 57

D-70174 Stuttgart

Germany

Tel.: +49 (0)711 699 467 60

E-Mail: hello@hydra-newmedia.com

Website: www.hydra-newmedia.com

is the Controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws.

Name and Address of the Data Protection Officer

AGOR AG

Niddastraße 74

60329 Frankfurt

Tel: +49 (0)69 9494 32 410

E-Mail: info@agor-ag.com

Website: www.agor-ag.com

General Information on Data Processing

Scope of Processing of Personal Data

We only collect and use personal data of users of our homepage to the extent necessary to provide a functional website, our content and services.

In principle, the collection and use of personal data of our users only takes place with their consent. An exception to this principle applies in cases where data processing is permitted by law or the prior obtaining of consent is not possible for factual reasons.

Legal Basis for the Processing of Personal Data

The legal basis for the processing of personal data is generally derived from:

• Art. 6(1)(a) GDPR when obtaining consent from the data subject.
• Art. 6(1)(b) GDPR for processing necessary for the performance of a contract to which the data subject is a party. This also includes processing operations required to carry out pre-contractual measures.
• Art. 6(1)(c) GDPR for processing necessary for compliance with a legal obligation.
• Art. 6(1)(d) GDPR, if processing is necessary in order to protect the vital interests of the data subject or of another natural person.
• Art. 6(1)(f) GDPR, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Data Deletion and Storage Duration

The user's personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may continue beyond this if provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Use of our Website, General Information

Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the user's computer system. The following information is collected:

1. Information about the browser type and version used
2. The user's operating system
3. The user's IP address
4. Date and time of access
5. The URL of the accessed page
6. Websites from which the user's system accessed our website

The data described is stored in the log files of our system. This data is not stored together with other personal data of the user.

Purpose and Legal Basis for Data Processing

The temporary storage of the IP address by our system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. In addition, the data serves to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.

The collection of your personal data for the provision of our training platform and the storage of data in log files is essential for the operation of the website. Therefore, there is no possibility of objection for the user.

Duration of Storage

Your data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session is ended.

If your data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible, whereby the IP addresses of the users are deleted or alienated in this case. An assignment of the calling client is then no longer possible.

General Information on the Use of Cookies

We use cookies on our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When you visit a website, a cookie can be stored on your operating system. Cookies can contain character strings that enable clear identification, but they do not have to.

We use cookies to make our homepage more user-friendly. Some elements of our website require that the browser can be identified even after a page change.

The following data is stored and transmitted:

1. User ID

The legal basis for the processing of personal data using cookies is Art. 6(1)(f) GDPR. The purpose of using technically necessary cookies is to simplify the use of our website.

We point out that some functions of our website can only be offered using cookies. These are the following applications:

1. Opening training content

We do not use user data collected by technically necessary cookies to create user profiles.

Cookies are stored on the user's computer and transmitted from there to our site. As a user, you therefore have control over the use of cookies. You can restrict or deactivate the transmission of cookies by making changes to the settings of your internet browser. Stored cookies can also be deleted there. Please note that if you deactivate cookies, you may not be able to use all the functions of our website.

Your Rights / Rights of the Data Subject

According to the EU General Data Protection Regulation, you have the following rights as a data subject:

Right of Access

You have the right to obtain from us confirmation of whether or not we are processing personal data concerning you.

In addition, you can request information on the following:

1. the purposes of the processing;
2. the categories of personal data concerned;
3. the recipients or categories of recipient to whom the personal data have been or will be disclosed;
4. the envisaged period for which the personal data will be stored, or, if specific information is not possible, the criteria used to determine that period;
5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
6. the right to lodge a complaint with a supervisory authority;
7. where the personal data are not collected from the data subject, any available information as to their source;
8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Finally, you also have the right to request information on whether your personal data is transferred to a third country or to an international organisation. In this case, you may request information on the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

You can assert your right of access at: gdpr@hydra-newmedia.com

Right to Rectification

If the personal data processed concerning you is inaccurate or incomplete, you have the right to obtain from us without undue delay the rectification and/or completion of the inaccurate personal data. Rectification will be carried out without undue delay.

Right to Restriction of Processing

The right to restriction of processing may be exercised in the following cases:

1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
4. the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted according to the principles set out above, you will be informed by us before the restriction is lifted.

Right to Erasure (“Right to be Forgotten”)

You can request the erasure of personal data concerning you without undue delay where one of the following grounds applies. The controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. Processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) and you withdraw your consent and there is no other legal ground for the processing.
3. You object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2).
4. The personal data have been unlawfully processed.
5. The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
6. The personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

Where we have made the personal data public and are obliged pursuant to Article 17(1) to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Please note that the right to erasure does not apply to the extent that processing is necessary:

1. for exercising the right of freedom of expression and information;
2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
5. for the establishment, exercise or defence of legal claims.

Right to Notification

If you have exercised the right to rectification, erasure or restriction of processing, we are obliged to communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You also have the right to be informed about these recipients.

Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

1. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
2. the processing is carried out by automated means.

In exercising your right to data portability, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to Withdraw Consent

You have the right to withdraw your consent at any time. Please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, this does not apply if the decision:

1. is necessary for entering into, or performance of, a contract between you and a data controller;
2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
3. is based on your explicit consent.

In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

Decisions referred to in paragraphs (1) to (3) above shall not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Registration

To use our services, you have the option to register on this platform by providing the data you received from us. The data is entered into an input mask, transmitted to us and stored. The data will not be passed on to third parties. The following data is collected during the registration process:

• E-mail address
• Password

The following data is also stored at the time of registration:

• Date and time of registration

Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case for data collected during the registration process if the registration on our website is cancelled or modified.

Electronic Contact

If you wish to contact us, a contact form is available on our website which you can use for electronic contact. The data entered in the input mask is transmitted to us and stored. This data is:

1. Selected title
2. First name entered
3. Surname entered
4. Company entered
5. E-mail address entered
6. Message entered

It is also possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored.

Your data will not be passed on to third parties in this context, the data will only be used for processing the communication.

The legal basis for the processing of the data is Art. 6(1)(a) GDPR if the user has given consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6(1)(f) GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6(1)(b) GDPR.

In this context, the processing of personal data serves solely to process the contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

If further personal data is processed during the sending process, this only serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the facts in question have been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

You have the option to revoke your consent to the processing of personal data at any time. You can also object to the storage of your personal data at any time when contacting us by e-mail. However, we would like to point out that in such a case the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

Use of an Error Tracking Tool

With the help of an error tracking tool, we ensure the availability and integrity of our online services and use the data processed thereby to technically optimize our online services.

For these purposes, we use the Sentry service from Functional Software, Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105. Sentry is an open-source real-time error tracking platform for web apps, mobile apps and games, providing developers with the insight they need to reproduce and fix errors and crashes.

Sentry processes aggregated performance data, i.e. performance, load and comparable technical values, which provide information about the stability and any abnormalities of our online services. In the event of errors and anomalies, individual requests from users of our online services are recorded pseudonymously in the form of metadata (device ID, device data, IP addresses) in order to identify and rectify problem sources. Pseudonymized in this case means in particular that the users' IP addresses are stored truncated by the last two digits (so-called IP masking). The aggregated data is deleted after three months, the pseudonymized data after seven days.

We use Sentry on the basis of our legitimate interests in the security, error-free nature and optimization of our online services pursuant to Art. 6(1)(f) GDPR.

Further information on the processing of personal data by Sentry can be found in the service's privacy policy: https://sentry.io/privacy/

Data Transfer Outside the EU

The GDPR guarantees an equally high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union when using the services of third parties. We only permit processing of your data in a third country if the special requirements of Art. 44 et seq. GDPR are met.

This means that the processing of your data may then only take place on the basis of special guarantees, such as the officially recognized determination by the EU Commission of a level of data protection corresponding to that of the EU or compliance with officially recognized special contractual obligations, the so-called "standard data protection clauses".