Privacy Policy effective 3/16/2020

You can view past versions in the archive.

Why we capture personal data

Serlo.org uses personal data for the following purposes:

  • to improve the services of serlo.org
  • to analyse and thus gain understanding of how users use serlo.org; this is important in order to ensure that serlo.org works properly and to develop useful new features and functionalities
  • to collect feedback on our content, which enables us to improve and further develop the platform
  • in order to organize the work in our community and establish contact with our authors

How we capture and process personal data

Serlo.org uses external providers for capturing and processing of the relevant data. In the following these external providers and the way of working will be identified and described.

Processing of user data

Cookies

Our website may use so-called cookies. Cookies don't do any damage to your computer and do not include viruses. We use cookies to make our services more user friendly, more effective and safer. Cookies are little text files that are saved by your browser on your computer.

Most of the Cookies we employ are so called “session cookies”. These are automatically deleted after the end of your visite. Other cookies stay on your device until you delete them. These cookies allow us to recognize your browser on your next visit.

You can adjust your browser so that you will be made aware of the placement of any Cookies, will be able allow or disable the placement of Cookies individually, automatically disable all Cookies, or automatically delete all Cookies at the end of your browser session. When cookies are disabled the functionality of this website can be restricted.

Cookies for the provision of the electronic communication-procedure or for the provision of certain desired functionalities are saved on basis of Art. 6 Sec. 1 lit. f DSGVO. We as the website provider have a legitimate interest in saving Cookies for the error free technical delivery and optimization of our services. If other Cookies (for example Cookies for the analysis of your browsing behaviour) are implemented, these will be treated separately in this privacy policy.

Server-log files

We as the provider of the websites collect and save automatically all information in the so called server-log files that your browser automatically transmits to us. These are:

  • browser type and browser version
  • operating system
  • referrer URL
  • hostname of the accessing device
  • time of the server request
  • IP address

There is no consolidation of this data with any other data we may hold on you.

The collection of this data is based on Art. 6 Sec. 1 lit. f DSGVO. We as the website provider have a legitimate interest in the error-free technical delivery and optimisation of our services - for this the server log files have to be captured.

Hotjar

This website uses the web-analysis tool Hotjar. Provider is the Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. Hotjar uses so called “Cookies”, text files that are saved on your computer and that allow an analysis of your use of the website. The information thus gathered includes:

  • IP address
  • device type
  • browser type/browser version
  • your location (country only)

The information procured from the cookie about your use of this website is usually transmitted to a server of Hotjar in Ireland and saved there. Your IP address, that is transmitted from your browser, is anonymised and not consolidated with any other data of Hotjar. The collected data are saved in a user profile under a pseudonym that is not used, by either Hotjar or us, to identify single users. In addition, Hotjar is contractually obliged to follow the European General Data Protection Regulation with regard to our user data.

The analysis carried out by Hotjar includes the saving of cursor- and scroll-movements as well as clicks. Hotjar can also record how long your cursor remains stationary in a specific place. This allows us to create heat maps which help us identify website areas favoured by users. Furthermore, the analysis determines how long you stayed on a site and when you left it. It also allows us to determine at which point you stopped your input into a contact form (so called Conversion Funnels). It is also possible to request direct feedback from website visitors via Hotjar.

You can always deactivate the tracking through Hotjar by following these instructions. An opt-out-cookie is then set, that prevents the future capturing of your data, when visiting this site.

You can find the privacy policy of Hotjar here.

The use of Hotjar bases on Art. 6 Sec. 1 lit. f DSGVO. We as the website provider have a legitimate interest in an analysis of the website use, for the optimization of our services.

Google Analytics

This website uses tools of the web analytics tool Google Analytics. Provider is the Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so called “Cookies”, text files that are saved on your computer and that allow an analysis of your use of the website. The information thus collected includes:

  • IP address
  • device type
  • browser type/browser version
  • used operating system
  • referrer URL (previously visited website)
  • time of server request

This data is transmitted to servers of Google in the US and saved there. The IP address transmitted from your browser is not consolidated with other data from Google. We also configured Google Analytics with the code „anonymizeIP”, so that the IP address is cut from Google while still within the European Union or another participating state of the European General Data Protection Regulation (GDPR). Thus, all collected data is completely anonymised. In exceptional cases, the full IP address may be transmitted to a Google server in the US and cut there. The IP address transmitted from your browser within Google Analytics is not consolidated with other data from Google.

This website uses the Google Analytics function “demographic characteristics”. With this, reports can be created that contain statements about age, gender and interests of website users. This data is construed based on interest-related ads from Google as well as from user data of third parties and cannot be allocated to any individual person. You can deactivate this function at all times through your ad settings in your Google account or disable by default the collection of your data through Google Analytics as shown in the point „Objection to Data Collection”.

Google will use the information collected to evaluate on our behalf your use of serlo.org, to create reports about the website activity and render further services connected to the web and website activity to us.

Generally, Google will not make this information available to third parties. In some exceptional cases Google may pass on this information to third parties. These cases include i) the consent of the website provider (us), ii) legal obligation or the protection of rights, property and/or safety of Google, its users or the public or iii) when required for Google to fulfill tasks. As per point (iii), any third party involved is contractually obliged to process your data exclusively as instructed, in accordance with this privacy agreement and under application of adequate data protection and safety measures.

Google has signed a data processing agreement governed by the European General Data Protection Regulation with us and is fully compliant with the strictest standards of the German Data Protection Agency in its application of Google Analytics. Moreover, Google Analytics is certified under the EU-US Data Protection Agreement and thereby obliged to observe EU data protection legislation.

You can disable the collection of data through Google Analytics by clicking the following Link: This activates an opt-out Cookie which will block the collection of any data during future visits to our website. This Cookie is effective only for this browser and the use of our website. In case of deletion of the Cookie this function will cease to work and you need to reactivate the Cookie: Disable Google Analytics. You can also use a Browser Add-On to disable Google Analytics and stop Google from collection and processing of your data. You can download the add-on here: http://tools.google.com/dlpage/gaoptout?hl=de. Check here to preview Google’s Privacy Policy. You can find more information on how Google uses your data here.

The use of Google Analytics occurs on the basis of our legitimate interest in the analysis of user behaviour for the purpose of optimizing our services in accordance with Art. 6 Sec. 1 lit. f. GDPR.

Sentry

This website uses the third-party service Sentry to improve the technical stability of our services through monitoring of system stability and identification of dysfunctional code. Provider of this service is Functional Software, Inc. dba Sentry, 132 Hawthorne Street, San Francisco, CA 94107. The information collected includes:

  • browser type and version
  • device type
  • operating system
  • URL of the website which displayed a disfunction
  • time of the server request

In case of error or disfunction, this data will be transmitted to the Sentry server located in the USA.

Sentry has signed a data processing agreement governed by the European General Data Protection Regulation with us. Moreover, Sentry is certified under the EU-US Data Protection Agreement and thereby obliged to observe EU data protection legislation.

You can preview their privacy policy here.

Youtube with extended privacy protection

Our website uses plugins for the website YouTube. Provider of the website is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

We use YouTube in the Extended Privacy Protection Mode. According to YouTube, this mode stops YouTube from saving user information before the user watches a video. The transmission of data to YouTube Partners, however, is not necessarily prohibited through the activation of this mode. For example, YouTube will connect you to the Google DoubleClick Network irrespective of whether you watched a video.

When starting a YoutTube video on our website, this creates a connection to the YouTube servers and initiates the transmission of information about the websites you have visited on serlo.org. If you are logged into a personal YouTube Account while doing so, this enables YouTube to directly relate your online activities to your personal profile. You can disable this by logging out from your YouTube Account before visiting our website.

Furthermore, starting a YouTube Video can cause YouTube to several different Cookies on your device. This enables YouTube to gather user data from our website. This information is used among other things to create video stats, improve user experience and prevent fraud. The Cookies will remain on your device until you delete them.

Starting a YouTube Video on our website may trigger further data processing beyond our knowledge or influence.

You can find more information in YouTube’s on Privacy Statement here.

We use YouTube within the provisions of Art. 6 Abs. 1 lit. f GDPR, namely out of legitimate interest to provide attractive audiovisual content within our online offer.

Vimeo

Our website uses plugins provided by the videoportal Vimeo. Provider of this service is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When visiting one of our websites that are fitted with a Vimeo plugin, this creates a connection to the Vimeo servers located in the US and initiates the transmission of information about the websites you have visited on serlo.org. It also shares your IP address with Vimeo. This will happen regardless of whether you are logged into your Vimeo account and whether you are even registered with Vimeo.

If you are logged into a personal Vimeo account while accessing a Vimeo plugin fitted website, this enables Vimeo to directly relate your online activities to your personal profile. You can disable this by logging off from your Vimeo account before visiting our website.

You can find more information in Vimeo’s on Privacy Statement here.

We use Vimeo within the provisions of Art. 6 Abs. 1 lit. f GDPR, namely out of legitimate interest to provide attractive audiovisual content within our online offer.

Google Web Fonts

In order to provide a uniform presentation of fonts, this website uses so-called ‘web fonts’ povided by Google. When accessing our website, your browser will load the required web fonts into your browser cache to correctly render and display texts and fonts.

This requires your browser to form a connection with Google servers. This informs Google that our website has been accessed via your IP address. We use Google Web Fonts based on our legitimate interest in providing a uniform and attractive presentation of our online services in accordance with the provisions of Art. 6 Abs. 1 lit. f GDPR.

If your browser does not support web fonts, your standard browser font will be displayed.

You can find more information about Google Web Fonts here and in Google’s Privacy Statement here.

Google Recaptcha

We use Google reCAPTCHA (referred to as ‘reCAPTCHA’ in the following) on our websites. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google”).

We use reCAPTCHA to verify, whether input on our website is contributed by a human or an automated machine (e.g. in a contact form). To do this, reCAPTCHA analysis the behaviour of website visitors with regard to certain characteristics. The analysis is initiated automatically when a website user accesses the website and involves the processing of various kinds of data (e.g. IP address, duration of stay on website or cursor movements performed by the website visitor). The data captured in the process of this analysis are transmitted to Google.

All reCAPTCHA analyses operate in the background and users are not made aware of the process.

The use of this tool is justified by our legitimate interest to protect our services from improper or fraudulent use, spying software and spam in accordance with the provisions of Art. 6 Abs. 1 lit. f GDPR.

Further information about Google reCAPTCHA and the privacy statement of Google you can access via the links: https://policies.google.com/privacy?hl=en und https://www.google.com/recaptcha.

Registration on the Website

You can create an account on our website to use additional features and functionalities. The data entered will be used only in order to provide the services or features for which you have registered. The information requested in the registration process must be completed fully, otherwise the registration will be rejected.

In case of important changes concerning the scope of our services or necessary technical adjustments we will use the e-mail adress provided upon registration to inform you of such changes.

The processing of your data entered upon registration occurs based on your consent in accordance with Art. 6 Abs. 1 lit. a GDPR. You can retract your consent at any time by way of a formless e-mail to en@serlo.org. The legitimacy and lawfulness of the processing of your data up to the point of retraction of consent will not be affected by this in any way.

The information provided during registration will remain saved and stored by us for as long as you hold an account on our website and will be deleted afterwards. Legally required retention periods are not affected by a deletion of your account.

Activity data

If you are registered on Serlo.org and active as author or reviewer, we store your editing history in our database. Serlo processes your user name and the timestamp of the activity. Analysis of this data allows Serlo to improve the support of our online community and assures therefore that every contribution can be addressed with feedback. Serlo evaluates this captured data using monitoring and analysis software.

The intention of the data processing is to improve the functionality of the platform. We process your personal data pursuant to Article 6(1)(f) GDPR. The legitimate interest of the website owner lies in the improvement of the online-experience of the user.

Google Cloud

This website uses Google Cloud Platform, a cloud computing service der Google Inc. („Google”), to store data which you enter during the registration process on serlo.org. The data collected including your user name, your email address and your editing history will be transferred to US based Google servers and saved there. Google does not use or process this data in any way. This occurs based on your consent in accordance with Art. 6 Abs. 1 lit. a GDPR. You can retract your consent at any time by deleting your account from serlo.org. The information provided during registration will remain saved and stored by us for as long as you hold an account on our website and will be deleted afterwards. Legally required retention periods are not affected by a deletion of your account.

You can preview Google’s Privacy Statement here.

Processing of Donor Data

PayPal

We use PayPal as a means of payment on our website. This service is provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg („PayPal”).

If you choose to make a donation using PayPal, your payment details will be transmitted to PayPal.

This occurs in accordance with the provisions of Art. 6 Abs. 1 lit. a GDPR (consent) und Art. 6 Abs. 1 lit. b GDPR (processing for fulfillment of contractual obligation). You can retract your consent at any time. The legitimacy and lawfulness of the processing of your data up to the point of retraction of consent will not be affected by this in any way.

You can preview PayPal’s Privacy Statement here.

Sofortüberweisung (Instant Transaction)

We offer Instant Transaction (‘Sofortüberweisung’) as a payment method on our website. Provider of this service is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.

Sofortüberweisung as a payment method provides us with a real-time confirmation of the transaction and allows us to start fulfilling our liabilities instantaneously.

If you choose to make a donation using Sofortüberweisung, your PIN and a valid TAN are transmitted to Klarna, who use it to log into your online banking account. Klarna the automatically checks your account balance, effects the desired transaction using the TAN you provided, and consequently confirms the transaction with us. After logging in this way, Klarna will also automatically check your transactions, the credit limit of your overdraft and the existence of further accounts and their balance.

Besides your PIN and TAN, information transmitted to Klarna also includes your payment details and personal details you may have entered. This may include your first and last name, address, phone number(s), email address, IP address and further data necessary for the processing of the transaction. This is necessary to confirm beyond reasonable doubt your identity in order to prevent fraud.

The transmission of your data to Klarna GmbH is based on the provisions of Art. 6 Abs. 1 lit. a GDPR (consent) und Art. 6 Abs. 1 lit. b GDPR (processing for fulfillment of contractual obligation). You can retract your consent at any time. The legitimacy and lawfulness of the processing of your data up to the point of retraction of consent will not be affected by this in any way.

You can preview Klarna’s privacy statement here.

Stripe inc.

This website uses services provided by Stripe Inc (‘Stripe’), 510 Townsend Street, San Francisco, CA 94103 to process credit card payments. The data entered in the donation process, namely the amount and rhythm of your donation as well as your contact and credit card details will be transmitted to Stripe and stored on their US servers. Stripe uses this data to effect the transaction and to carry out measures to avoid fraud.

The transmission of your data to Klarna GmbH is based on the provisions of Art. 6 Abs. 1 lit. a GDPR (consent) und Art. 6 Abs. 1 lit. b GDPR (processing for fulfillment of contractual obligation). You can retract your consent at any time. The legitimacy and lawfulness of the processing of your data up to the point of retraction of consent will not be affected by this in any way.

You can preview Stripe’s privacy statement here.

twingle

This website uses twingle in order to process donations. Twingle is an online fundraising software provided by the twingle GmbH, based in Berlin, Germany. The data captured by this software comprise:

  • browser type
  • device type
  • IP address
  • date of donation
  • donation amount
  • donation cycle
  • your contact data
  • your payment type

This data is saved on servers located in Germany. Twingle uses the personal data in order to process donations within our contractual agreement. Furthermore, twingle analyses anonymised data for reporting and statistical purposes as well as further use and processing by twingle.

The transmission of your data to twingle is based on the provisions of Art. 6 Abs. 1 lit. a GDPR (consent) und Art. 6 Abs. 1 lit. f GDPR (legitimate interest). You can retract your consent at any time by retracting your donation. The legitimacy and lawfulness of the processing of your data up to the point of retraction of consent will not be affected by this in any way.

You can preview twingle’s privacy statement here.

Google Cloud

This website uses Google Cloud Plattform, a cloud computing service der Google Inc. („Google”), to store data which you enter during the donation process in our donation form. The data collected including your name, your email address as well as the amount and cycle of your donation will be transferred to US based Google servers and saved there. Google does not use or process this data in any way. This occurs based on your consent in accordance with Art. 6 Abs. 1 lit. a GDPR. You can retract your consent at any time by retracting your donation. The legitimacy and lawfulness of the processing of your data up to the point of retraction of consent will not be affected by this in any way.

You can preview Google’s Privacy Statement here.

Highrise

When you decide to make a donation to us through our donation form, we will save the data provided on Highrise. Highrise is a US-based constituent relationship management service. The data we save comprise:

  • your contact data
  • the amount, cycle and date of your donation
  • when you started donating

Highrise does not use and does not usually pass on your data. Only in exceptional cases, namely i) with our consent, ii) to oblige with legal requirements or iii) in case of merger of acquisition of Highrise with a different enterprise or similar business transactions, may Highrise share data with third parties.

Highrise has signed a data processing agreement governed by the European General Data Protection Regulation with us and is, moreover, certified under the EU-US Data Protection Agreement and thereby obliged to observe EU data protection legislation. This processing of your data within this framework occurs based on your consent in accordance with Art. 6 Abs. 1 lit. a GDPR and our legitimate interest in managing donor relationships as per Art. 6 Abs. 1 lit f . You can retract your consent to having your data stored this way at any time. The legitimacy and lawfulness of the processing of your data up to the point of retraction of consent will not be affected by this in any way.

You can preview Highrise’s Privacy Statement here.

Duration of Data Retention

The duration of the retention of your data depends on the nature of the respective data. All data will be deleted once Serlo Education no longer has a legitimate interest in the retention and processing of the data.

The data of registered users will be stored as long as the corresponding user account is not deleted. When deleting a user profile, all related personal data will be deleted without delay. Anonymised data may be retained for user activity analysis and other statistical investigation relevant to the development and improvement of the product and activities of Serlo Education until no longer relevant.

Your rights

Users of this website as well as registered users have the following rights:

  • Right to access your data: You have the right to be informed free of charge about the personal data we hold on you, how we received and process them and to access this data.

  • Right to have your data corrected: You have the right to request the correction of incorrect data and the right to request the completion of incomplete personal data.

  • Right to object to processing of your data: where the processing of your data occurs on the basis of Art. 6 Sec. 1 lit.e or f GDPR you are entitled to object to the processing of your personal data based on your personal situation. You can find the legal basis for the processing of your data in this privacy policy. When you retract your consent or voice objection to to the processing of your personal, data we will cease to process your personal data, except in cases where we have legitimate reasons to persist. Such legitimate reasons may include among other things the enforcement, execution and protection of legal claims.

  • Right to limited processing of personal data: You are entitled to request a limited processing of all or parts of your personal data. This applies in the following circumstances:

    • When you contest the correctness of personal data held by us it may take us some time to verify this. For the duration of the verification process you are entitled to request the limitation of the processing of your personal data.
    • When your personal data has been or is being processed illegitimately, you can request the limitation of processing, instead of deletion, of this personal data.
    • When we no longer require your personal data, but you still require this data for the assertion, enforcement or protection of legal claims, you are entitled to request the limitation of processing, instead of deletion, of this personal data.
    • When you have voiced objection in accordance with Art. 21 Sec. 1 GDPR there may be a period where different interests are weighed and considered before a decision is reached. Until then you are entitled to request the limitation of processing of your personal data.
  • If you limit the processing of your personal data, we can process this data (beyond storage) only with your explicit consent or in order to assert, enforce or protect another natural or legal person’s legal claims, or in the light of an important public interest of the European Union or one of its member states.

  • Right to data transferability: You are entitled to receive your personal data held by us in a common, machine readable format and to transfer your data set to a third party. Should you request the transmission of your personal data to a third party by us, we will comply only if this is can be effected with reasonable time and effort with the technology in place.

  • Right to deletion of your data: You have the right to undelayed and complete deletion of all your personal data.

  • The right to file a complaint with a regulating authority: In case of violation of the GDPR you can file a complaint with the regulating authority. They will investigate the case and inform you about the outcome.

  • The right to file a complaint is unaffected by any other administrative or judicial right of appeal.

If you have any questions, concerns or suggestions regarding our privacy policy, please contact us on en@serlo.org.