Privacy

HHL Leipzig Graduate Schoole of Management is pleased to welcome you on our website.

Protecting your personal data and therefore your privacy is a top priority for our institution. With this privacy statement, we would like to inform you which data HHL Leipzig Graduate School of Management (HHL gemeinnützige GmbH) collects and processes when you visit and use its website.

Responsible authority in accordance with the Data Protection Act:

HHL gGmbH
Jahnallee 59
04109 Leipzig

T: +49 (0)341 9851-60
Email: info@hhl.de

Purpose of collection

HHL processes personal data solely to pursue its own business purposes. Personal data is processed solely to the extent which is required to render or provide the services you have ordered. Your personal data will not be forwarded to third parties without your express consent.

Collecting general information

When you visit our website, information of a general nature is automatically collected. This relates to details about your browser, operating system, internet service provider, time of access, IP address and similar information. None of the collected information can be used to identify you directly.

The collected information is used for the statistical evaluation, maintenance, safety and optimization of the website.

Regarding the storage, we observe the general regulations for deletion and the principles of data avoidance and minimization. According to these, personal data is deleted when the purpose of continued storage ceases to exist and there is no more reason to store personal data.

Personal data

Personal data is information with which a natural person is or can be clearly identified. This relates to details of personal or material circumstances which allow for a direct identification of an individual.

We process personal data only insofar as the data protection regulations will allow us. When doing so, we strive to comply with all necessary technical and organizational measures to appropriately ensure the safety of your personal data and protect against unauthorized access or misuse.

If we process personal data, we use security measures such as firewalls, encryption technology and physical access barriers for the IT department. We take the necessary precautions using state-of-the-art technology to minimize the risk of manipulation, unauthorized access, data loss etc.

Contacting us

If you contact us via the contact form or e-mail, your data will be stored in order to process the inquiry and any subsequent questions. Please note that this information is transmitted unencrypted. Your data will not be forwarded to third parties without your consent.

Salesforce

We use cloud-based services to process personal data during the admission and study process. Agreements in accordance with section 11 of BDSG have been concluded with the provider of these services (Salesforce) regulating the processing of the data as well as allowing for processing outside the scope of the EU Data Protection Directive. Due to sovereign authorities outside the EU being able to access to your data, we recommend that you do not upload particularly sensitive data (in accordance with section 3, paragraph 9 of BDSG) to the system but instead send them to your contact person vial e-mail.

By confirming you have read and accepted our Terms and Conditions and the Privacy Statement, your consent to the processing of personal data as described above will be logged. The consent may only be revoked with effect for the future. At this stage, we can only assure logical deletion of the data stored so far. Revoking your consent will be accompanied by further limitations during the application and study process of which we will gladly inform you on a case-by-case basis. Salesforce participates in the EU-U.S. Privacy Shield Framework. For further information, please visit https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK

Integration of third-party services and content

At times, we also integrate third-party content into our online offer. This includes, among other things, graphics from other websites or Google Maps. These third-party providers will be notified of your IP address; otherwise the content could not be displayed. We do not have any influence on whether the third-party providers store your e-mail address (e.g., for statistical purposes) but we seek to only use images where no such data is stored. As soon as we learn about IP addresses being stored, we will inform the user of this circumstance.

Registration feature

If you wish to use our offer, we require the data which you submitted during the registration process. The data entered into the input during registration is collected.

Cookies

To be able to offer you certain features on our website, we use cookies. These are small text files which allow for specific device-related information to be stored on your access device (PC, smartphone, etc.). Cookies serve the purpose of increasing the user-friendliness of our website (e.g., saving login data) as well as collecting statistical data about the website use to improve our offer following an analysis of the data. You can limit or prevent cookies from being stored on your computer by changing your browser settings. Please note, however, that you might no longer be able to use all the features on our website to their full extent when doing so.

Newsletter/MailChimp

To sign up for the newsletter offered on our website, we need an e-mail address from you as well as information which allows us to verify that you are the owner of the e-mail address as indicated and that you agree to receiving the newsletter. We use this data exclusively for the newsletter service and do not forward this information to third parties.

You may revoke your consent to the storing and processing of your personal data and the newsletter subscription at any time. You can do so by clicking the respective link which is included in every newsletter.

We use MailChimp as a list provider to send out our newsletter. MailChimp is a service provided by The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318. Arrangements in accordance with section 28 of the GDPR on data processing are in place with the provider. MailChimp participates in the EU-U.S. Privacy Shield Framework. For further information on data protection at MailChimp, please visit mailchimp.com/legal/privacy/.

Google Ads Conversion

This website uses Google Ads and, in doing so, its conversion tracking feature as well, from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. If you come to our website by clicking on a Google ad, Google Ads will add cookies to your computer. These cookies become invalid after 30 days and do not serve as a means of personal identification. If you visit specific pages of the AdWords customer’s website and the cookie has not yet expired, both Google and we, the customer, can see that the user clicked on the advertisement and was redirected to the current page. Every AdWords customer receives a different cookie. Cookies can therefore not be tracked over AdWords customer websites. The information collected with the help of the conversion cookies are used in the creation of conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers receive information about the total number of users which have clicked on their advertisement(s) and also how many of these customers were redirected to a website with a conversion tracking tag. However, these AdWords customers do not receive any information which could personally identify the users. If you do not wish to participate in the tracking process, you can block the Google AdWords conversion tracking cookie by changing your browser settings (block cookies from the www.googleadservices.com domain). Google’s privacy statement on conversion tracking is available at https://services.google.com/sitestats/en_US.html.

Google Remarketing

In addition to Adwords Conversion, we use the Google Remarketing application. This is a process by which we aim to address you again. The application allows you to see our ads after visiting our website as you continue to use the Internet. This is done by means of using cookies stored in your browser, through which your usage behavior when visiting various websites is recorded and evaluated by Google.

In this way, Google is able to detetct your previous visit to our homepage. A combination of the data collected during the remarketing with your personal data, which may be stored by Google, does not occur according to Google. In particular, pseudonymization is used in remarketing according to Google.

Google also processes your personal data in the USA. Before you give your consent in accordance with Art. 49 para. 1 a GDPR, we would like to point out in particular that in the USA there may not be an adequate level of data protection without a decision on appropriateness and without suitable guarantees, as data protection laws do not comply with the provisions of the GDPR and in particular the rights of data subjects may not be enforceable.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lt. a GDPR (“Consent”). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages.

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. We have activated IP anonymization.

On this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states of the Treaty on the European Economic Area. The full IP address will be transmitted to a Google Server in the USA and shortened there only on an exceptional basis. On behalf of the operator of this website, Google will use this information for evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet use to the website operator. Google will not associate the IP address transmitted under Google Analytics by your browser with other data held by Google. You may prevent the storage of cookies by selecting the appropriate settings on your browser software; however, we must advise you that in this case, you might not be able to use, to the full extent, all functions of this website. You may prevent Google from recording the data generated by the cookie and pertaining to your use of the website (including your IP address), or processing these data by downloading and installing the following browser plug-in available through the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Click  here to be excluded from Google Analytics measurement.

GA Connector

We use GA Connecor, GA Connector, 32, L. Tolstoy Street, 65020 Odesa, Ukraine on our website. GA Connector is a specialized CRM & Google Analytics integration software.. GA Connector complies with the requirements of the EU basic data protection regulation. HHL Leipzig Graduate School of Management uses the product GA-to-CRM v.1.0.

GA-to-CRM v1.0

When you visit our website, the tracking script, using GA Connector GA-to-CRM v1.0 tracking codes, collects information about the referral URL and landing page URL and sends it to GA Connector via an encrypted http protocol. GA Connector data is processed and stored at Digital Ocean, 101 6th Ave, New York, NY 10013, United States. Industry-standard security measures are implemented to protect this data.

The server returns parameters to the script and stores them in cookies and hidden form fields. After that, no further data processing is performed by GA Connector, and the website forms deliver the information in the cookie or hidden fields to the cloud based CRM system of the website called Salesforce.

Salesforce-to-Google-Analytics:

GA Connector Salesforce-to-Google Analytics integration is a managed Salesforce package that monitors changes in our Salesforce records, such as:

  • Lead status
  • Opportunity stage
  • Opportunity amount.

In the event of any changes, GA Connector sends data directly to the Google Analytics account of our website via secure HTTPS protocol.

This package doesn’t store any of your data on GA Connector servers. Furthermore, because of the way Salesforce security was built, it’s technically impossible for GA Connector to gain access to your data through this package. You can read more about that here.

For further data protection information, please visit automattic.com/privacy/.https://gaconnector.com/docs/gdpr-and-gaconnector/

Revocation, changes, corrections and updates

You have the right to demand information at any time regarding the personal data HHL gGmbH has stored about you. You also have the right to have your data corrected, limited, transferred or deleted or object to the processing of your data as far as this is permitted and does not violate any legal stipulations.

To exercise your rights, please contact gdpr@gaconnector.com

Use of social media plug-ins

We currently use the following social media plug-ins: Facebook, Xing, Youtube, LinkedIn, Twitter, Instagram.

We use the two-click solution. In other words, when you visit our site, no personal data is initially passed on to the providers of the plug-ins. The provider of the plug-in can be identified by the marking on the box above its initial letter or by its logo. We provide you with the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and activate it, the provider of the plug-in receives the information that you have accessed the corresponding website of our online service. In addition, the data mentioned above under “Purpose of processing personal data when visiting our website” is transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, personal data will be transmitted by you to the respective plug-in provider and stored there (with US providers in the USA).

We have no influence on the collected data and data processing operations, nor are we aware of the full extent of data collection, the purpose of the processing, the retention periods. We also have no information on how to delete the data collected by the plug-in provider.

The plug-in provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and / or customized website design. Such an evaluation is carried out in particular (also for non-logged-in users) for the presentation of customized advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise it. Through the plug-ins we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user.

The data transfer takes place regardless of whether you have an account with the plug-in provider and whether you are logged in. If you are logged in, the data collected from us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it with your contacts publicly. We recommend logging out regularly after using a social network, but especially before activating the button, as this will prevent your data from being associated with your profile with the plug-in provider.

The plug-in provider may also process your personal data in the USA. Before giving your consent in accordance with Art. 49 para. 1 a GDPR, we would like to point out in particular that in the USA, without an adequacy finding and without suitable guarantees, there may not be an adequate level of data protection, as data protection laws do not comply with the provisions of the GDPR, and in particular the rights of data subjects may not be enforceable.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lt a GDPR (“Consent”). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect, without having to fear any disadvantages.

For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy declarations of these providers provided below. There you will also find further information about your rights and settings options for the protection of your privacy.

Addresses of the respective plug-in providers and URL with their privacy notices:

  • acebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA, www.facebook.com/policy.php weitere Informationen zur Datenerhebung: www.facebook.com/help/186325668085084   facebook.com/about/privacy/your-info-on-other#applications sowie www.facebook.com/about/privacy/your-info#everyoneinfo
  • Xing AG, Gänsemarkt 43, 20354 Hamburg, Deutschland, www.xing.com/privacy
  • YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, vertreten durch: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, policies.google.com/privacy?hl=de&gl=de
  • LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; www.linkedin.com/legal/privacy-policy
  • Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, help.instagram.com/155833707900388/?helpref=hc_fnav&bc[0]=Instagram-Hilfe&bc[1]=Datenschutz%20und%20Sicherheitsbereich
  • Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA, twitter.com/privacy

Facebook

HHL gGmbH operates a Facebook company page and uses the Facebook Insights service for this purpose. According to the June 2018 ruling of the European Court of Justice (ECJ), together with Facebook we are “jointly responsible for the processing” within the meaning of Art. 26 DSGVO.
In the following we would like to inform you, as far as possible, about the processing of personal data when using this page:

Type and purpose of data processing

We only receive an anonymous evaluation within the scope of the Insights data. This data is only used for HHL gGmbH, e.g. for the analysis of general user behaviour, in order to better tailor our services to the needs of our customers. A passing on to third parties does not take place. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) DSGVO. Facebook processes your data for its own commercial purposes. Facebook also uses cookies for this purpose. We do not know what Facebook data are used for. We refer in this respect to the data protection provisions of Facebook at: https://www.facebook.com/policy.

Categories of personal data that are processed

Facebook provides us with the following data for evaluation purposes. Please note that this data is anonymous and grouped:

  • age
  • sex
  • place of residence (nation and region or city)

In addition, the following data are stored in anonymised form with regard to overall use is processed:

  • time of use
  • interactions in context with posts (e.g. reactions, comments, click rates, views, shares)
  • video life
  • used equipment, operating systems, software
  • user history (referencing websites)
  • language
  • interests/topics
  • location of use

 Twitter

Our website uses features provided by Twitter Inc., 795 Folsom St, Suite 600, San Francisco, CA 94107, USA. If you use the Twitter button, Twitter will link your Twitter account to the website used by you. This information is shared with other Twitter users, especially your followers. As a part of this process, data is transmitted to Twitter.

HHL as the operator of this website does not obtain any information from Twitter about the content or use of the transmitted data. For further information, please click the following link: https://twitter.com/en/privacy

You can change your Twitter privacy settings in the account settings at twitter.com/account/settings.

YouTube

Our website uses at least one plug-in by YouTube, which is a part of Google Inc., San Bruno, California, USA. As soon as you visit a page which is equipped with a YouTube plug-in on our website, a connection is established to the YouTube servers. In the process, the YouTube server will be notified of which specific website you have visited. If you are logged into your YouTube account, YouTube may link this information directly to your personal YouTube profile. If you wish to prevent this, please log out of your YouTube account before visiting the HHL website. For further information, please refer to the privacy policy at www.youtube.com.

Xing

This website uses the XING Share button. Therefore, a connection to the browsers of XING AG, Gänsemarkt 43, 20354 Hamburg, Germany, is established through your browser when you access this website. XING does not store any personal data about your visit to this website. Your IP address is not stored either. For the latest information on data protection, please visit www.xing.com/app/share.

LinkedIn

On our website, we use plug-ins of the social network LinkedIn by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA (hereinafter referred to as “LinkedIn”). The plug-in establishes a connection between your internet browser and the LinkedIn server every time you visit our website. Consequently, LinkedIn receives the information that you visited our website with your IP address. By clicking the LinkedIn button, you can link content from the HHL website to your LinkedIn profile page. In this case, LinkedIn can link your visit to our website to your user account. HHL does not have any knowledge of what kind of data is transmitted or how it is used by Facebook.

More details on how the data is collected, your legal options and possible settings are provided by linked in at this address: www.linkedin.com/static.

LinkedIn Insight Tag

This website uses the LinkedIn Insight tag of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Pl, Dublin, 2, Ireland (“LinkedIn”), subject to your consent. The LinkedIn Insight tag is a small JavaScript code snippet that we have added to our website to enable detailed campaign reporting and to gain valuable information about visitors to our website. Specifically, we use the LinkedIn Inside tag to track conversions, retarget our site visitors, and gather additional information about LinkedIn members who view our ads.

In particular, the LinkedIn Insight tag allows us to collect information about visits to our site, including URL, referrer URL, IP address, device and browser characteristics (user agent), and timestamps. IP addresses are truncated or (if used to reach members across devices) hashed. The direct identifiers of members are removed within seven days to pseudonymize the data. This remaining pseudonymised data is then deleted within 180 days. LinkedIn does not share any personally identifiable information with us, but only provides reports (in which you are not identified) about website audience and ad performance. LinkedIn also provides retargeting for site visitors, which allows us to use this data to display targeted advertising outside of our site without identifying the member. We also use data that does not identify you to improve the relevance of ads and reach members across devices. LinkedIn members can also control the use of their personal information for advertising purposes in their account settings.

LinkedIn also processes your personal data in the USA. Before giving your consent in accordance with Art. 49 para. 1 a GDPR, we would like to point out in particular that in the USA there may not be an adequate level of data protection without a decision on appropriateness and without suitable guarantees, as data protection laws do not comply with the provisions of the GDPR and in particular the rights of data subjects may not be enforceable.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lt. a GDPR (“Consent”). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect, without having to fear any disadvantages.

For more information about LinkedIn’s processing of your personal data and your rights and options for protecting your privacy, please refer to LinkedIn’s privacy policy at www.linkedin.com/legal/privacy-policy.

Facebook Pixel

This website uses the Facebook pixel of Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA (“Facebook”), if you have given your consent.

As a result, users of the website can be shown interest-related advertisements (“Facebook Ads”) when visiting the social network Facebook or other websites that also use the procedure. In this way, we pursue the interest in displaying advertisements that are of interest to you in order to make our website more interesting for you.

Via the Facebook pixel we process in particular information about the activities of website visitors outside of Facebook. This includes information about the website visitor’s device, the websites visited, purchases made, advertisements that the website user sees and information about how the visitor uses our website. This happens regardless of whether you have a Facebook account or are logged in to Facebook as a visitor to our website. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or are not logged in, there is a possibility that the provider will find out and store your IP address and other identifying features.

The Facebook pixel records these five types of data:

  • Http headers – everything that is present in HTTP headers. HTTP headers are a standard web protocol that is sent between any browser request and any server on the Internet. HTTP headers contain IP addresses, web browser information, page location, document, referrer, and information about the website visitor.
  • Pixel-specific data – this includes the pixel ID and the Facebook cookie.
  • Button-click data – this includes any buttons clicked by visitors to the site, the labels of those buttons, and any pages viewed as a result of clicking on the button.
  • Optional values – developers and marketers can optionally send additional information about the visit through personalized data events. Examples of personalized data events are the conversion value, page type, etc.
  • Form field names – these include the names of website fields such as “email”, “address” and “quantity” that are filled in when a product or service is purchased. The pixel generally does not capture field values.

Facebook also processes your personal data in the USA. Before giving your consent in accordance with Art. 49 para. 1 a GDPR, we would like to point out in particular that in the USA there may not be an adequate level of data protection without a decision on appropriateness and without suitable guarantees, as data protection laws do not comply with the provisions of the GDPR and in particular the rights of data subjects may not be enforceable.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lt. a GDPR (“Consent”). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect, without having to fear any disadvantages.

You can also deactivate the Facebook Marketing function as a logged in Facebook user at http://www.facebook.com/settings/.

Further information on the processing of personal data by Facebook as well as on your rights and options for protecting your privacy can be found in the Facebook privacy policy at www.facebook.com/about/privacy/.

Links to other websites

This website contains links to other websites. We have no influence over whether the operators of external websites comply with the data protection regulations.

Duration of data processing

The maximum duration of storage depends on the purpose of the data processing. The duration of storage depends in particular on the period for which the processing is necessary to fulfil the purpose or to comply with legal obligations. The statutory storage obligations, in particular in accordance with § 257 HGB and § 147 AO (6 or 10 years), remain unaffected.

Revocation, changes, corrections and updates

You have the right to demand information at any time regarding the personal data HHL gGmbH has stored about you. You also have the right to have your data corrected, limited, transferred or deleted or object to the processing of your data as far as this is permitted and does not violate any legal stipulations.

To exercise your rights, please contact the Data Protection Officer of HHL.

Furthermore, you also have the right to file a complaint with the responsible supervisory authority.

We reserve the right to update this privacy statement occasionally so that it complies with the legal requirements and to reflect any changes made to our offer. For any subsequent visit to our website, the new privacy statement shall then apply.

Data Protection Officer
For any queries regarding data protection at HHL gGmbH, please contact our Data Protection Officer directly or send us an e-mail.

Data Protection Officer:
MGID
Mitteldeutsche Gesellschaft für Informationssicherheit und Datenschutz mbH
Lars Nöcker
Mozartstraße 10
04107 Leipzig

Telephone: +49 (0) 341 96273553
Email: datenschutz@hhl.de

Last update: August 31, 2020