Privacy Statement

1. Controller

ETHOS AI Training & Consultancy Gmbh

Weihenstephaner Str.12

81673 München

Email: datenschutz@womenaiacademy.com

2. Questions about privacy and your rights

In case you have any questions with respect to the processing or protection of your data or if you wish to exercise your rights under the applicable laws, please contact us using the contact details above.

3. Purchase orders

By ordering a service offered by us, we process the data provided by you for the conclusion and execution of the corresponding contract. The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. Due to legal requirements, when you place an order via our website, we are obliged to send an order confirmation by e-mail to the e-mail address you have provided. In addition, there are legal record-keeping and storage obligations for us with the conclusion of a contract. The legal basis for the corresponding processing is in each case Article 6 para. 1 lit. c) GDPR. 

We also process the data provided by you for the detection and defense against fraud attempts on the basis of Article 6 para. 1 lit. f) GDPR. We herewith pursue the goal of protecting ourselves against fraudulent transactions.

The data will be deleted if a legal obligation exists when the storage obligation ceases to exist unless we are entitled to further processing (e.g. in a legal dispute). Otherwise, we delete the data when they are no longer required to demonstrate the existence or non-existence of a right.

 

4. Payment provider

For all payment options offered by us, the respective provider is the responsible party in terms of data protection. Insofar as data is transferred to the respective payment provider for the execution of a contract with you (name, address, purchase price to be paid), this is done on the basis of Art. 6 para. 1 lit. b) GDPR, so that the respective payment provider has the data at its disposal that it requires for the execution of the payment transaction and the selection of the available means of payment. If the payment service provider transfers data relating to you to us, we will also use this data for the performance of the corresponding contractual relationship with you. The legal basis is therefore also Art. 6 para. 1 lit. b) GDPR.

 

5. Registration of a customer account

When you register a customer account on our website, we process the data you provide to set up and manage the customer account and to enable you to use the services we offer in connection with the customer account. In the customer account, in addition to the data you provided during the set-up process, we may process other data related to the use of the account, such as an order history. The legal basis for the corresponding processing of your data is Art. 6 para. 1 lit. b) GDPR.

We will send an e-mail to the e-mail address you provided when registering with the request to confirm your registration. Hereby we want to prevent for your and our protection that third parties open a customer account under the misuse of your e-mail address. The legal basis for this is Art. 6 para. 1 lit. f) GDPR. 

This data related to the customer account will be stored until the deletion of the customer account. If we are legally obligated to store the data for a longer period of time (e.g. to fulfill accounting obligations or legally required evidence) or if we are legally entitled to store the data for a longer period of time (e.g. due to an ongoing legal dispute against the owner of a customer account), the data will be deleted after the storage obligation or entitlement has expired. 

6. Email newsletter

With your registration for our email newsletter, we process the data you have provided. We process this data for the creation and dispatch of our newsletter. The legal basis of the processing is based on your consent Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

To confirm your registration to the newsletter, you must click on the confirmation link in the verification email that we send to you after your registration. By clicking on the specified link in the verification message, we process the date and time of the click, the content of the message sent to you, and the email address used. This is carried out in order to be able to demonstrate that you have subscribed to the newsletter and confirmed your consent. The legal basis for this processing is Art. 6 (1) lit. c) GDPR, as we are required by law to be able to demonstrate that you have given your consent. 

We delete your personal data related to the newsletter subscription upon your unsubscription. We delete data that we need to demonstrate that you have subscribed to the newsletter after the expiry of the limitation period for corresponding obligations to provide evidence. 

 

7. Contact form

If you utilize our contact form, we utilize the data you provide to us to process your request. The legal basis for this is our legitimate interest in processing your request in accordance with Art. 6 para. 1 lit. f) GDPR. If your request serves the conclusion of a contract with us, the further legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. 

Your data will be deleted after your request has been dealt with unless we are legally obliged to store it for a longer period. In this case, the deletion takes place after the expiry of the corresponding obligation. 

 

8. Zoom

For classes and webinars (collectively, "online meeting"), we utilize Zoom. The provider of this product is Zoom Video Communications, Inc. Zoom's privacy notice and business address can be found at https://zoom.us/de-de/privacy.html.

Please note that our privacy notice does not apply to the zoom.us website, but only to the use of the Zoom service. However, you are not required to visit the website to participate in an online meeting unless you choose to download the Zoom software to participate in an online meeting, which may provide you with more advanced functionality than participating in a meeting via your web browser. However, you are not required to download the software to participate in one of our online meetings. 

 

a. What personal data do we process?

First, we process the personal data that you directly transfer to us in advance of the online meeting, e.g., when registering for a webinar. 

In addition, we process personal data that you provide to us when you participate in an online meeting. The following personal data are subject to processing:

  • Personal details: name, this does not have to be your real name, but providing your real name enables participants to identify you. Optionally, the following data may be provided by you in a Zoom account: telephone number, e-mail address, profile picture

  • Audio or video data, if you have activated your microphone or video camera during the online meeting. There is no need to activate these if you do not want to actively participate in the online meeting or you can deactivate them at any time.

  • Metadata for an online meeting: Topic, description (optional), participant IP addresses, device/hardware information.

  • For recordings of an online meeting (optional and only after advance notice, in addition, a running recording is indicated with an icon in Zoom): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, a text file of the online meeting chat.

  • When dialing into an online meeting with the telephone: phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be processed.

  • Text, audio, and video data: In an online meeting, the chat, question or survey functions may be utilized. In this case, the entries you make are processed in order to display them in the online meeting and log them if necessary. 

b. Required data

When registering for the online meeting, you must provide your name and, if applicable, your e-mail address in order to gain access. In addition, the Zoom client collects data that is required to provide the service. This includes, in particular, technical data about your devices, network, and an internet connection, such as IP address, device type, operating system type and version, client version, camera type, microphone or speaker, type of connection.

 

c. Purpose of processing

The purpose of using Zoom is to conduct online meetings. If a recording is made of an online meeting, this will only be done after prior notice and for the purposes previously communicated to you (e.g. in the online meeting). Recordings of webinars may later be made publicly available by us for visiting by the general public. 

We utilize the content of the chat for an online meeting, as well as content related to the question or survey function, for implementing the purposes evident with the questions or surveys.

If you have a Zoom user account, reports of online meetings (meeting metadata, phone dial-in data, questions and answers in webinars, survey function in webinars) may be stored by Zoom for up to one month.

The possibility of attention monitoring offered by Zoom is deactivated.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

d. Legal basis for data processing

If you participate in an online meeting as part of the performance of an existing contract with us, the legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR. If no contractual relationship should exist, the legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest in the use of Zoom is the effective implementation of "online meetings", as we do not have the necessary technical equipment and the required know-how ourselves. 

 

e. Transfer of personal data to third parties

Your personal data will only be passed on if this is necessary for the execution of the online meeting, e.g. transmission of your audio or video recordings and chat entries, etc. to the participants of the online meeting. In addition, the data will be transferred if this is in the nature of the data transferred to us, e.g. if you transfer it to us for further business purposes, such as interest in certain services or establishing contact with third parties. 

In addition, Zoom Video Communications, Inc. is a recipient of the data as it acts as a processor on our behalf and provides Zoom as stipulated in our processing agreement with "Zoom."

 

e. Data processing outside the European Union

We have commissioned Zoom Video Communications Inc. as a service provider and processor within the meaning of Article 28 of the GDPR for the use of Zoom. In this context, data processing may also take place outside the EU or the EEA. An adequate level of data protection pursuant to Art. 46(2)(c) GDPR is assumed through the use of EU standard contractual clauses as well as other adequate measures (establishment of end-to-end encryption and through the use of the data routing feature; This is the ability to determine for yourself through which data centers the data should flow during meetings and webinars.). We will gladly provide the closed EU standard contractual clauses upon request.

9. Advertising services

In order to advertise the services we offer and thus acquire customers, we use the following services based on your consent, which can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a) GDPR. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can revoke your consent with effect for the future by revoking it on for website send an email to datenschutz@womenaiacademy.com. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

In addition, the services offer you a way to object to the use in general, and not only for our website. We point this out at the respective services. 

Please note that the consent you have given relates to two circumstances:

  1. the storage of cookies in the device you use;

  2. the use of the respective service as such.

 

10. Web Fonts

We use fonts which are loaded from third-party sites for the display of our website. Our legitimate interest in using web fonts is to ensure a uniform appearance of our offerings and thus their functionality on all devices. When you visit our website, the browser you use loads the fonts required for their correct display in order to display them as we specified. If your browser does not support web fonts, a standard font of your device will be utilized to display our website. 

The legal basis for the processing is Art. 6 para. 1 f. GDPR.

The fonts we use are offered by companies of the Google group. If you are in the European Economic Area or Switzerland, they are provided to you by Google Ireland Limited ("Google"), a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland; https://www.google.de/contact/impressum.html.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq

Google's general privacy policy applies here, which is available at https://www.google.com/policies/privacy/

 

11. Warning about data transfers to third countries

For various services that are used on our website with your consent or process data by means of the website (e.g. for advertising purposes), you will find a warning in this privacy notice that data transfers to third countries may occur. 

 

a. What does this warning mean?

In the event of a data transfer to a third country, your personal data will leave the local scope of the GDPR. In the third country, a level of data protection may apply in individual cases that does not meet the requirements of the GDPR. For some states, e.g. Switzerland, there is a so-called adequacy decision. In these states, in the opinion of the EU Commission, the level of data protection law meets the requirements of the GDPR. They are therefore considered safe for data protection purposes. For other countries, in particular the USA, there is no such decision, as in these countries no level of protection applies to your personal data that corresponds to that of the GDPR. Therefore, when transferring data to a third country, your personal data may be transferred to a country that does not have a level of data protection that is consistent with the GDPR. 

 

b. What does this mean for your personal data?

A lot of companies use service providers to process personal data. In other cases, large companies, such as Google, Amazon, Facebook, or Apple, have numerous different companies in different countries that do not each performs data processing on their own. Rather, these utilize group-wide IT services, so that, for example, a company in Ireland utilizes services of the parent company in the USA. For this purpose, either personal data is transferred to the USA or the parent company from the USA has access to the data in the EU.

By concluding so-called standard contractual clauses, the GDPR allows parties to stipulate that the contractual partner, e.g. the parent company in the USA, must comply with the requirements of the GDPR for the corresponding data processing, even if these requirements would otherwise not apply to the contractual partner. This is to create a level of data protection contractually that corresponds to that of the GDPR, so that the data subjects are not placed in a situation inferior to if their personal data were processed in the EU.

However, contracts only bind the parties to them and not third parties, such as government agencies. Therefore, in one country, such as the U.S., government agencies may have the right to access the personal data of EU citizens, even if it violates their rights. These accesses can be very broad and can relate to all of your data that is processed there. They can take place without a judge or similar having to order them. They can be secret so that you do not know about these accesses. And you may have no way to defend yourself against access and any use of your data, especially in a court of law. In addition, the data subject rights to which you are entitled under the GDPR (e.g., information, deletion) may also not exist or can not be enforced. The data processed in this manner may also be combined with other data concerning you from other sources, for example, to create a profile about you. 

Such use of your data could, but does not have to, be associated with disadvantages for you. Since government agencies in third countries, in particular, are not subject to EU law or German law, it is not possible to specify exactly what these disadvantages might be. Disadvantages can therefore be of any nature, e.g. economic or political. For example, it could be that you are denied entry into a country, but it could also be that the data is used against you in foreign criminal proceedings. The disadvantages can be very serious in individual cases. 

 

c. How high are my risks?

We cannot give a general answer as to how high the risks described are in individual cases. We can only point out that the decisive question is which service, and thus which company, has access to the data concerning you in connection with your use of our website. In addition, it is important to know which personal data is affected. We believe that our website is only involved in the potential processing of personal data in third countries in connection with advertising services such as Google, Microsoft, or Facebook. Such data will be which website you visited and when, how long you stayed on it, from where the access took place approximately, which device or software (browser, app) was used for this purpose, which interactions you made on the website if this is transferred to the operator of the service (e.g. the purchase of a product after clicking on an advertisement. Please read the information on the respective services. For this purpose, we refer you to the respective privacy notices of the services. The links to these can be found in this privacy policy in the description of the respective service.

You must consider for yourself whether granting consent and a possible transfer to a third country could create a situation for you that you do not wish to live with. In this case, please do not give your consent to the use of these services. 

 

d. You will not suffer any disadvantages if you do not give your consent.

If you do not want to give your consent to the use of certain or all services or storage of cookies, there will be no disadvantages for you on our website. All our offers are available to our customers under the same conditions, regardless of whether they give consent or not. Of course, you can also revoke your consent at any time with effect for the future.

 

12. Glossary of various terms

Browser - this is the software you use to browse the internet and visit our website.

EEA - is the European Economic Area. These are, in addition to the EU countries, the countries of Iceland, Liechtenstein, and Norway.

Third countries - are countries that do not belong to the EEA and for which there is no adequacy decision of the EU Commission  https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. 

IP address - any device that exchanges data over the internet needs a unique identifier, otherwise, data (e.g. websites) to be sent to that device cannot be delivered. The device you use, the smartphone, tablet, etc., therefore uses an IP address so that it can retrieve and receive data from the internet. As a rule, you do not use a separate IP address for each device, but the devices used to connect to the internet (e.g. your internet router at home), lets all devices in a network appear to the outside world under a common IP address. 

lit. - is a Latin abbreviation for "letter" used when quoting legal texts. Thus, Article 6 para. lit. a) of the GDPR means "letter a)." 

Standard Contractual Clauses - are a set of contracts provided by the EU Commission that can be the basis for a data transfer to a third country according to Art. 46 para. 2 lit. d) GDPR.

13. Your rights

Under the GDPR, you are entitled to the following rights in particular in connection with your personal data. For details, please refer to the legal regulations (in particular Art. 15 ff. GDPR).


Right of access.

You have the right under Art. 15 of the GDPR to request confirmation from us as to whether personal data relating to you is being processed by us. If this is the case, you have the right to be informed about this personal data and to receive further information, which is mentioned in Art. 15 GDPR. 


Right of rectification. 

Pursuant to Art. 16 GDPR, you have the right to request us to rectify inaccurate personal data concerning you without undue delay. In addition, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.


Right to erasure ("right to be forgotten").

Within the limits of Art. 17 GDPR, you have the right to demand that we delete personal data relating to you without undue delay. We are obliged to delete personal data without undue delay, provided that the relevant requirements of Art. 17 GDPR are met. For the details, we refer to Art. 17 GDPR. 


Right to restriction of the processing. 

In accordance with Art. 18 GDPR, you have the right, under certain conditions, to demand that we restrict the processing of your personal data. For the details, please refer to Art. 18 GDPR. 


Right to data portability

Under the conditions stipulated in Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, common, and machine-readable format. Pursuant to Art. 20 GDPR, you further have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out with the help of automated procedures.


Existence of a right of appeal to the supervisory authority.

Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority, without prejudice to any other administrative or judicial remedy. This right exists in particular in the Member State of your residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.


Right of Appeal. 

Under Article 21 of the GDPR, you have the right to object to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.


If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.

Privacy Policy update date: 01.11.2021