Privacy Policy

effective
You can view past versions in the archive

💁 Consent for external content

You can check and revoke your given consent here.

This data protection notice informs you about how we handle your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Serlo Education, Rosenheimer Straße 139, D-81671 Munich, Germany, is responsible for data processing.

Why we capture personal data

Serlo.org processes personal data for the following purposes:

  • to provide and improve the services of serlo.org
  • to analyse and thus gain understanding of how users use serlo.org; this is important in order to ensure that serlo.org works properly and to develop useful new features and functionalities
  • to collect feedback on our content, which enables us to improve and further develop the platform
  • in order to organize the work in our community and establish contact with our authors

How we capture and process personal data

Serlo.org uses external providers for capturing and processing of the relevant personal data. In the following these external providers and the way of working will be identified and described.

In the case of using the service in school, we process your data as a data processor. The responsible entity is your school or the school authority.

Loading third party content

For third-party content that is loaded based on consent in accordance with Art. 6(1)(a) GDPR, the permission can be withdrawn at any time at serlo.org/consent.

Processing of user data

Cookies

Our website may use so-called cookies. Cookies are little text files that are saved by your browser on your computer. Cookies don't do any damage to your computer and do not include viruses. We use cookies to make our services more user friendly, more effective and safer.

Most of the cookies we employ are so called “session cookies”. These are automatically deleted after the end of your visit. Other cookies stay on your device until you delete them. These cookies allow us to recognize your browser on your next visit.

You can adjust your browser so that you will be made aware of the placement of any cookies, will be able to allow or disable the placement of cookies individually, automatically disable all Cookies, or automatically delete all cookies at the end of your browser session. When cookies are disabled the functionality of this website may be restricted.

Cookies for the provision of the electronic communication-procedure or for the provision of certain desired functionalities are saved on basis of Art. 6 Sec. 1 lit. f DSGVO. Our legitimate interest in saving cookies lies in the facilitation of an error free technical delivery and the optimization of our services. If other cookies (for example cookies for the analysis of your browsing behaviour) are implemented, these will be treated separately in this privacy policy.

Server-log files

We as the provider of the websites collect and save automatically all information in the so called server-log files that your browser automatically transmits to us. These are:

  • browser type and browser version
  • operating system
  • referrer URL
  • hostname of the accessing device
  • time of the server request
  • IP address

There is no consolidation of this data with any other personal data we may hold on you.

The collection of this data is based on Art. 6 Sec. 1 lit. f DSGVO. Our legitimate interest in the processing of server log files lies in the facilitation of an error-free technical delivery and optimization of our services.

Simple Analytics

To get critical information about the behavior of our visitors, we use Simple Analytics. This analytics software gives us insight about our visitors only in general, but not about individuals by itself, as it does not track visitors and does not store any personal identifiable information.

You can find out what Simple Anaytics collects (and most importantly what they don’t) in their documentation.

Sentry

This website uses the third-party service Sentry to improve the technical stability of our services through monitoring of system stability and identification of dysfunctional code. Provider of this service is Functional Software, Inc. dba Sentry, 132 Hawthorne Street, San Francisco, CA 94107, USA. The information collected includes:

  • browser type and version
  • device type
  • operating system
  • URL of the website which displayed a disfunction
  • time of the server request

In case of error or disfunction, this data will be transmitted to the Sentry server located in the USA.

Sentry has signed a data processing agreement governed by the European General Data Protection Regulation with us. Moreover, Sentry is certified under the EU-US Data Protection Agreement and thereby obliged to observe EU data protection legislation.

You can preview their privacy policy here.

The legal basis for the processing of personal data is Art. 6 Sec. 1 lit. f GDPR. Our legitimate interest lies in the improvement of the technical stability of our services.

Youtube with extended privacy protection

Our website uses plugins for the website YouTube. Provider of the website is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

We use YouTube in the Extended Privacy Protection Mode. This mode stops YouTube from saving user information before the user watches a video. The transmission of data to YouTube Partners, however, is not necessarily prohibited through the activation of this mode. For example, YouTube will connect with the Google DoubleClick Network irrespective of whether you watched a video.

When starting a YoutTube video on our website, this creates a connection to the YouTube servers and initiates the transmission of information about the websites you have visited on serlo.org. If you are logged into a personal YouTube Account while doing so, this enables YouTube to directly relate your online activities to your personal profile. You can disable this by logging out from your YouTube Account before visiting our website.

Furthermore, starting a YouTube Video can cause YouTube to save several different cookies on your device. This enables YouTube to gather user data from our website. This information is used among other things to create video stats, improve user experience and prevent fraud. The cookies will remain on your device until you delete them.

Starting a YouTube Video on our website may trigger further data processing beyond our knowledge or influence.

You can find more information in YouTube’s own Privacy Statement here.

The use of YouTube is based on Art. 6(1)(a) GDPR, after explicit consent from the user is obtained. Videos and content from third-party providers are only loaded when the user has given consent to view the media.

Vimeo

Our website uses plugins provided by the video portal Vimeo. Provider of this service is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When visiting one of our websites that are fitted with a Vimeo plugin, this creates a connection to the Vimeo servers located in the US and initiates the transmission of information about the websites you have visited on serlo.org. It also shares your IP address with Vimeo. This will happen regardless of whether you are logged into your Vimeo account or if you are even registered with Vimeo. Vimeo is certified under the Data Privacy Framework, which ensures an adequate level of data protection in accordance with GDPR requirements.

If you are logged into a personal Vimeo account while accessing a website fitted with a Vimeo plugin, this enables Vimeo to directly relate your online activities to your personal profile. You can disable this by logging off from your Vimeo account before visiting our website.

You can find more information in Vimeo’s own Privacy Statement here.

The use of Vimeo is based on Art. 6(1)(a) GDPR, after explicit consent from the user is obtained. Videos and content from third-party providers are only loaded when the user has given explicit consent to view the media.

Wikimedia Commons

Our website uses content provided by Wikimedia Commons. Provider of this service is the Wikimedia Foundation, 1 Montgomery St., Suite 1600, San Francisco, CA 94104, USA.

When visiting one of our websites that are fitted with a Wikimedia Commons plugin, this creates a connection to the Wikimedia Foundation's servers located in the US and initiates the transmission of information about the websites you have visited on serlo.org. It also shares your IP address with Wikimedia.

You can find more information in Wikimedia’s own Privacy Statement here.

The use of Wikimedia Commons is based on Art. 6(1)(a) GDPR, after explicit consent from the user is obtained. Content from third-party providers is only loaded when the user has given consent to view the media.

GeoGebra

Our website uses plugins provided by the dynamic mathematics software GeoGebra. Provider of this service is GeoGebra GmbH, Altenbergerstraße 69, 4040 Linz, Austria.

When visiting one of our websites that are fitted with a GeoGebra applet, this creates a connection to the GeoGebra servers and initiates the transmission of information about the websites you have visited on serlo.org. It also shares your IP address with GeoGebra. This will happen regardless of whether you are logged into your GeoGebra account and whether you are even registered with GeoGebra.

If you are logged into a personal GeoGebra account while accessing a website fitted with a GeoGebra plugin, this enables GeoGebra to directly relate your online activities to your personal profile. You can disable this by logging off from your GeoGebra account before visiting our website.

You can find more information in GeoGebra's own Privacy Statement here.

The use of Geogebra is based on Art. 6(1)(a) GDPR, as explicit consent from the users is obtained. Content from the third-party provider is only loaded when the user has given explicit consent to view the media.

Google Custom Search

We use on our website the Google Custom Search Engine „Google CSE“ as our central search service. It provides a full text search of our content. You can access this search service by using the search box in the header of our website.

Generally, no personal data is transmitted to the provider of the search service (Google) if websites are viewed that contain the Google Custom Search Engine. Data will only be send via this functionality to the provider of the search service (Google) after the user activates the search box by clicking on it. By using the search box personal data is send to Google. This includes:

  • the search terms you are using
  • your IP address

With the usage of our search service you also accept the usage of the Google Custom Search and the transfer of data to Google. We expressly point out the the processing of personal data, in particular the retention, deletion and usage falls under the responsibility of the provider of the search service. We do not have any influence over the nature and scope of the data transmitted nor its further processing.

When you are simultaneously logged into Google, the Google service is able to link the data transmitted to your user profile. You can log out from Google if you want to avoid this.

You can find Google’s privacy policy at http://www.google.com/intl/de/policies/privacy.

Google Custom Search and other products of Google LLC are certified under the Data Privacy Framework, which ensures an adequate level of data protection in accordance with GDPR requirements.

Registration on the Website

You can create an account on our website to use additional features and functionalities. The data entered will be used only in order to provide the services or features for which you have registered. The information requested in the registration process must be completed fully, otherwise the registration will be rejected.

In case of important changes concerning the scope of our services or necessary technical adjustments we will use the e-mail adress provided upon registration to inform you of such changes.

The processing of your data entered upon registration occurs based on your consent in accordance with Art. 6 Abs. 1 lit. a GDPR. You can retract your consent at any time by way of a formless e-mail to en@serlo.org. The legitimacy and lawfulness of the processing of your data up to the point of retraction of consent will not be affected by this in any way.

The information provided during registration will remain saved and stored by us for as long as you hold an account on our website and will be deleted afterwards. Legally required retention periods are not affected by a deletion of your account.

Activity data

If you are registered on Serlo.org and active as author or reviewer, we store your editing history in our database. Serlo processes your user name and the timestamp of the activity. Analysis of this data allows Serlo to improve the support of our online community and assures therefore that every contribution can be addressed with feedback. Serlo evaluates this captured data using monitoring and analysis software.

The intention of the data processing is to improve the functionality of the platform. We process your personal data pursuant to Article 6(1)(f) GDPR. The legitimate interest of the website owner lies in the improvement of the online-experience of the user.

Google Cloud

This website uses Google Cloud Platform, a cloud computing service der Google Inc. („Google”), to store data which you enter during the registration process on serlo.org. The data collected including your user name, your email address and your editing history will be transferred to Google servers in Germany and saved there. Google does not use or process this data in any way. This occurs based on your consent in accordance with Art. 6 Abs. 1 lit. a GDPR. You can retract your consent at any time by deleting your account from serlo.org. The information provided during registration will remain saved and stored by us for as long as you hold an account on our website and will be deleted afterwards. Legally required retention periods are not affected by a deletion of your account.

You can preview Google’s Privacy Statement here.

Cloudflare

This website uses the service by Cloudflare, Inc., located in 101 Townsend St, San Francisco, CA 94107, USA. This website uses cloudflare as a content delivery network and a proxy for all website requests. This means that each visit to our website will be handled or delivered through Cloudflare. Each personal data you send to our website will therefore also be transmitted to Cloudflare. This is necessary in order to handle your browser requests to our site. The transmitted information include:

  • browser type/browser version
  • used operating system
  • referrer URL (previously visited website)
  • IP address
  • time of server request
  • cookies

The data is transferred to the closest server of the client. Cloudflare is certified under the Data Privacy Framework, which ensures an adequate level of data protection in accordance with GDPR requirements.

You can find Cloudflare’s privacy policy at https://www.cloudflare.com/privacypolicy/.

The collection of this data is based on Art. 6 Sec. 1 lit. f DSGVO. We as the website provider have a legitimate interest in an effective and secure delivery and the analysis and optimization of our website.

Vercel

This website uses the service by Vercel. Provider is Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel is a cloud platform, through which we make our website available. This means that each visit to our website will be handled or delivered through Vercel. Personal data you send to our website will therefore also be transmitted to Vercel. This is necessary in order to handle your browser requests to our site. The transmitted information include:

  • browser type/browser version
  • used operating system
  • referrer URL (previously visited website)
  • IP address
  • time of server request
  • cookies

Depending on the server location, these information may also be sent to the USA. Vercel has signed a data processing agreement governed by the European General Data Protection Regulation with us. Vercel is certified under the Data Privacy Framework, which ensures an adequate level of data protection in accordance with GDPR requirements.

You can find Vercel’s privacy policy at https://vercel.com/legal/privacy-policy.

The collection of this data is based on Art. 6 Sec. 1 lit. f DSGVO. The delivery of the personal data is necessary in order for you to use our website.

Processing of Donor Data

PayPal

We use PayPal as a means of payment on our website. This service is provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg („PayPal”).

If you choose to make a donation using PayPal, your payment details will be transmitted to PayPal.

This occurs in accordance with the provisions of Art. 6 Abs. 1 lit. a GDPR (consent) und Art. 6 Abs. 1 lit. b GDPR (processing for fulfillment of contractual obligation). You can retract your consent at any time. The legitimacy and lawfulness of the processing of your data up to the point of retraction of consent will not be affected by this in any way.

You can preview PayPal’s Privacy Statement here.

Sofortüberweisung (Instant Transaction)

We offer Instant Transaction (‘Sofortüberweisung’) as a payment method on our website. Provider of this service is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.

Sofortüberweisung as a payment method provides us with a real-time confirmation of the transaction and allows us to start fulfilling our liabilities instantaneously.

If you choose to make a donation using Sofortüberweisung, your PIN and a valid TAN are transmitted to Klarna, who use it to log into your online banking account. Klarna the automatically checks your account balance, effects the desired transaction using the TAN you provided, and consequently confirms the transaction with us. After logging in this way, Klarna will also automatically check your transactions, the credit limit of your overdraft and the existence of further accounts and their balance.

Besides your PIN and TAN, information transmitted to Klarna also includes your payment details and personal details you may have entered. This may include your first and last name, address, phone number(s), email address, IP address and further data necessary for the processing of the transaction. This is necessary to confirm beyond reasonable doubt your identity in order to prevent fraud.

The transmission of your data to Klarna GmbH is based on the provisions of Art. 6 Abs. 1 lit. a GDPR (consent) und Art. 6 Abs. 1 lit. b GDPR (processing for fulfillment of contractual obligation). You can retract your consent at any time. The legitimacy and lawfulness of the processing of your data up to the point of retraction of consent will not be affected by this in any way.

You can preview Klarna’s privacy statement here.

Stripe Inc.

This website uses services provided by Stripe Inc (‘Stripe’), 510 Townsend Street, San Francisco, CA 94103 to process credit card payments. The data entered in the donation process, namely the amount and rhythm of your donation as well as your contact and credit card details will be transmitted to Stripe and stored on their US servers. Stripe uses this data to effect the transaction and to carry out measures to avoid fraud.

The transmission of your data to Stripe Inc. is based on the provisions of Art. 6 Abs. 1 lit. a GDPR (consent) und Art. 6 Abs. 1 lit. b GDPR (processing for fulfillment of contractual obligation). You can retract your consent at any time. The legitimacy and lawfulness of the processing of your data up to the point of retraction of consent will not be affected by this in any way. Stripe is certified under the Data Privacy Framework, which ensures an adequate level of data protection in accordance with GDPR requirements.

You can preview Stripe’s privacy statement here.

twingle

This website uses twingle in order to process donations. Twingle is an online fundraising software provided by the twingle GmbH, based in Berlin, Germany. The data captured by this software comprise:

  • browser type
  • device type
  • IP address
  • date of donation
  • donation amount
  • donation cycle
  • your contact data
  • your payment type

This data is saved on servers located in Germany. Twingle uses the personal data in order to process donations within our contractual agreement. Furthermore, twingle analyses anonymised data for reporting and statistical purposes as well as further use and processing by twingle.

The transmission of your data to twingle is based on the provisions of Art. 6 Abs. 1 lit. a GDPR (consent) und Art. 6 Abs. 1 lit. f GDPR (legitimate interest). You can retract your consent at any time by retracting your donation. The legitimacy and lawfulness of the processing of your data up to the point of retraction of consent will not be affected by this in any way.

You can preview twingle’s privacy statement here.

Google Cloud

This website uses Google Cloud Plattform, a cloud computing service der Google Inc. („Google”), to store data which you enter during the donation process in our donation form. The data collected including your name, your email address as well as the amount and cycle of your donation will be transferred to US based Google servers and saved there. Google does not use or process this data in any way. This occurs based on your consent in accordance with Art. 6 Abs. 1 lit. a GDPR. You can retract your consent at any time by retracting your donation. The legitimacy and lawfulness of the processing of your data up to the point of retraction of consent will not be affected by this in any way. Google Cloud and other products of Google LLC are certified under the Data Privacy Framework, which ensures an adequate level of data protection in accordance with GDPR requirements.

You can preview Google’s Privacy Statement here.

Hubspot

When you get in contact with us, or decide to make a donation through our donation form, we will save the provided data on Hubspot. Hubspot is a US-based customer relationship management service. The data we save comprise:

  • your contact data
  • the amount, cycle and date of your donation
  • when you started donating

The processing of your data occurs based on your consent in accordance with Art. 6 Abs. 1 lit. a GDPR and our legitimate interest in managing donor relationships as per Art. 6 Abs. 1 lit f . You can retract your consent to having your data stored this way at any time. The legitimacy and lawfulness of the processing of your data up to the point of retraction of consent will not be affected by this in any way. Hubspot is certified under the Data Privacy Framework, which ensures an adequate level of data protection in accordance with GDPR requirements.

You can preview Hubspot’s Privacy Statement here.

Duration of Data Retention

The duration of the retention of your data depends on the nature of the respective data. All data will be deleted once Serlo Education no longer has a legitimate interest in the retention and processing of the data.

The data of registered users will be stored as long as the corresponding user account is not deleted. When deleting a user profile, all related personal data will be deleted without delay. Anonymised data may be retained for user activity analysis and other statistical investigation relevant to the development and improvement of the product and activities of Serlo Education until no longer relevant.

Your rights

Users of this website as well as registered users have the following rights:

  • Right to access your data: You have the right to be informed free of charge about the personal data we hold on you, how we received and process them and to access this data.

  • Right to have your data corrected: You have the right to request the correction of incorrect data and the right to request the completion of incomplete personal data.

  • Right to object to processing of your data: where the processing of your data occurs on the basis of Art. 6 Sec. 1 lit.e or f GDPR you are entitled to object to the processing of your personal data based on your personal situation. You can find the legal basis for the processing of your data in this privacy policy. When you retract your consent or voice objection to to the processing of your personal, data we will cease to process your personal data, except in cases where we have legitimate reasons to persist. Such legitimate reasons may include among other things the enforcement, execution and protection of legal claims.

  • Right to limited processing of personal data: You are entitled to request a limited processing of all or parts of your personal data. This applies in the following circumstances:

    • When you contest the correctness of personal data held by us it may take us some time to verify this. For the duration of the verification process you are entitled to request the limitation of the processing of your personal data.
    • When your personal data has been or is being processed illegitimately, you can request the limitation of processing, instead of deletion, of this personal data.
    • When we no longer require your personal data, but you still require this data for the assertion, enforcement or protection of legal claims, you are entitled to request the limitation of processing, instead of deletion, of this personal data.
    • When you have voiced objection in accordance with Art. 21 Sec. 1 GDPR there may be a period where different interests are weighed and considered before a decision is reached. Until then you are entitled to request the limitation of processing of your personal data.
  • If you limit the processing of your personal data, we can process this data (beyond storage) only with your explicit consent or in order to assert, enforce or protect another natural or legal person’s legal claims, or in the light of an important public interest of the European Union or one of its member states.

  • Right to data transferability: You are entitled to receive your personal data held by us in a common, machine readable format and to transfer your data set to a third party. Should you request the transmission of your personal data to a third party by us, we will comply only if this is can be effected with reasonable time and effort with the technology in place.

  • Right to deletion of your data: You have the right to undelayed and complete deletion of all your personal data.

  • The right to file a complaint with a regulating authority: In case of violation of the GDPR you can file a complaint with the regulating authority. They will investigate the case and inform you about the outcome.

  • The right to file a complaint is unaffected by any other administrative or judicial right of appeal.

If you have any questions, concerns or suggestions regarding our privacy policy, please contact us on en@serlo.org.