On this page you will find our data protection information. epicoa academy is a brand of epicoa GmbH. The controller within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (GDPR), is: epicoa GmbH, Ulmer Str. 160, D-86156 Augsburg.
Rights of data subjects
You can exercise the following rights at any time using the contact details provided for our data protection officer:
- Information about your data stored by us and its processing (Art. 15 GDPR),
- Correction of incorrect personal data (Art. 16 GDPR),
- Erasure of your data stored by us (Art. 17 GDPR),
- Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR)
- Objection to the processing of your data by us (Art. 21 GDPR) and
- Data portability if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).
If you have given us your consent, you can revoke it at any time with effect for the future.
You can lodge a complaint with a supervisory authority at any time, e.g. with the competent supervisory authority in the federal state of your place of residence or with the authority responsible for us as the controller.
A list of supervisory authorities (for the non-public sector) with addresses can be found at : https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
Collection of general information when visiting our website
Nature and purpose of the processing:
When you access our website, i.e., when you do not register or otherwise provide information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address, and similar data.
This information is processed particularly for the following purposes:
Ensuring a trouble-free connection to the website,
Ensuring the smooth use of our website,
Evaluating system security and stability, and
Optimising our website.
We do not use your data to draw any conclusions about your identity. Information of this kind is, where necessary, anonymised and statistically evaluated by us to optimise our online presence and the underlying technology.
Legal Basis and Legitimate Interest:
The processing is carried out in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in improving the stability and functionality of our website.
Recipients:
Recipients of the data may include technical service providers who act as data processors for the operation and maintenance of our website.
Third-country transfers:
No collected data is transferred to third countries.
Storage duration:
The data will be deleted as soon as it is no longer required for the purpose of its collection. For data serving the provision of the website, this is generally the case when the respective session has ended. The IP address is anonymised by our provider after 24 hours; the last octet is set to zero for this purpose. Deletion occurs no later than 7 days afterwards. A data processing agreement (DPA) exists with our provider Alfahosting GmbH, Ankerstraße 3b, 06108 Halle (Saale).
Provision required by law or contract:
The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website cannot be guaranteed. Additionally, some services and functions may not be available or may be limited. For this reason, objection is excluded.
Cookies
No cookies are set on our website for marketing, advertising purposes, or extended tracking.
Technically necessary cookies
Type and purpose of processing:
We use cookies to make our website more user-friendly. Some elements of our internet site require that the calling browser can also be identified after a page change. The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our internet site cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.
We need cookies for the following applications:
Legal basis and legitimate interest:
The processing is carried out in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in a user-friendly design of our website.
Recipients:
Recipients of the data may include technical service providers who act as data processors for the operation and maintenance of our website.
Provision required by law or contract:
The provision of the aforementioned personal data is neither legally nor contractually required. However, without this data, the service and functionality of our website cannot be guaranteed. Additionally, some services and functions may not be available or may be limited.
Right to Object
For more information on your right to object under Article 21 GDPR, please see below.
Enquiries by Email, Telephone, or Fax
If you contact us by email, telephone, or fax, your enquiry, including all resulting personal data (name, enquiry), will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of these data is based on Article 6(1)(b) of the GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent (Article 6(1)(a) of the GDPR) and/or on our legitimate interests (Article 6(1)(f) of the GDPR), as we have a legitimate interest in the effective processing of enquiries addressed to us.
The data you send to us via contact requests will remain with us until you request us to delete it, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Processing of Data (Customer and Contract Data)
We collect, process, and use personal data only to the extent necessary for the establishment, content arrangement, or modification of the legal relationship (inventory data). This is done on the basis of Article 6(1)(b) of the GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process, and use personal data relating to the use of our internet pages (usage data) only to the extent necessary to enable or charge the user for the use of the service.
The collected customer data will be deleted after the order has been completed or the business relationship has ended. Statutory retention periods remain unaffected.
Plugins and Tools
Matomo
We use the analysis tool Matomo (formerly Piwik) on our website, an open-source software for the statistical evaluation of visitor access. The provider of the Matomo software is InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. We host Matomo Analytics and the Matomo database locally on our servers, meaning no data is transferred to third countries. By anonymising the IP address by six digits, we take into account the interest of website visitors in the protection of personal data. The data is not used to personally identify the user of the website and is not combined with other data. We also do not use cookies. These settings mean we do not need to obtain your consent and can avoid annoying cookie banners.
The use of Matomo is for the purpose of improving the quality of our website and its content. This helps us understand how the website is used and allows us to continuously optimise our offerings.
Third-country transfer:
No collected data is transferred to third countries.
Google Web Fonts
This site uses web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. No connection to Google servers takes place.
Brevo (formerly Sendinblue)
We use the GDPR-compliant tool Brevo (formerly Sendinblue) as a marketing tool for newsletters and email distribution. The service provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin. A Data Processing Agreement (DPA) exists with Sendinblue. The data for the newsletter tool is stored on German servers. Sendinblue is a service that organises and analyses, among other things, the sending of newsletters and mailings. The mailings and newsletters are sent based on your consent. Registrations are conducted via double opt-in. All data you enter in a form during the registration process, such as your name or email address, is stored on our server as well as with Sendinblue. If consent is not necessary, the dispatch is based on the legitimate interest in direct marketing. Unsubscriptions are always guaranteed via every sent email. With Sendinblue, we collect data that allows us to analyse our mailing/newsletter campaigns. For example, we can see whether messages were opened and clicked. This allows us to better tailor our content to your interests. If you do not want an analysis by Sendinblue, please unsubscribe from our newsletter. You will find the corresponding link in the footer of every mailing. For more information about the features, please see this link:
https://www.brevo.com/information-for-email-recipients/
The terms of use of Sendinblue can be found here:
https://www.brevo.com/legal/termsofuse/
The technical and organisational measures (TOMs) of Sendinblue are reviewed by TÜV Rheinland as an independent third party. Proof can be found here (website only available in German):
https://www.brevo.com/de/datenschutz-uebersicht/
Own Services
Applications
We offer you the opportunity to apply to us (e.g., by email, post, or via an online application form). Below, we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data is carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated with strict confidentiality.
Scope and Purpose of Data Collection
If you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, notes from interviews, etc.) as far as necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-new under German law (initiation of an employment relationship), Article 6(1)(b) of the GDPR (general contract initiation), and – if you have given consent – Article 6(1)(a) of the GDPR. Consent is revocable at any time. Your personal data will only be shared within our company with persons involved in processing your application.
If the application is successful, the data you have submitted will be stored in our data processing systems on the basis of § 26 BDSG-new and Article 6(1)(b) of the GDPR for the purpose of carrying out the employment relationship.
Data Retention Period
If we cannot offer you a position, you reject a job offer, withdraw your application, revoke your consent to data processing, or request us to delete the data, the data you have submitted, including any remaining physical application documents, will be stored or retained for a maximum of 6 months after the conclusion of the application process (retention period) to be able to trace the details of the application process in case of discrepancies (Article 6(1)(f) of the GDPR).
YOU CAN OBJECT TO THIS STORAGE IF THERE ARE LEGITIMATE INTERESTS ON YOUR PART THAT OUTWEIGH OUR INTERESTS.
After the retention period has expired, the data will be deleted unless there is a legal retention obligation or another legal basis for further storage. If it is evident that the retention of your data will be required after the retention period has expired (e.g., due to an imminent or pending legal dispute), deletion will only take place when the data has become irrelevant. Other statutory retention obligations remain unaffected.
SSL Encryption
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL) over HTTPS.
Information on Your Right to Object under Article 21 GDPR
Right to Object on a Case-by-Case Basis
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is based on Article 6(1)(f) of the GDPR (data processing based on a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4 No. 4 of the GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defence of legal claims.
Recipient of an Objection
Leena Volland, Managing Director of epicoa GmbH, Ulmer Str. 160, D-86156 Augsburg
Changes to Our Privacy Policy
We reserve the right to adapt this privacy policy to ensure it always complies with the current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will apply to your renewed visit.
Questions to the Data Protection Officer
If you have any questions about data protection, please email us or contact the person responsible for data protection in our organisation directly:
epicoa GmbH
Leena Volland
Ulmer Straße 160
D-86156 Augsburg
Email: info@epicoa.de
Phone: +49 821 – 8999 6810
Information Obligation for Customers in accordance with Articles 13 & 14 of the GDPR
For epicoa GmbH, Ulmer Str. 160, D-86156 Augsburg
The General Data Protection Regulation defines a data controller for each data processing activity. For epicoa GmbH, this is Ms Leena Volland, Managing Director of epicoa GmbH.
If you have any questions regarding the processing of your data, we are here to help. Please contact us at our email address: info@epicoa.de
The company epicoa GmbH works with an external data protection officer who advises us on data protection matters. You can find the contact details above in these data protection notices on the website.
epicoa GmbH is committed to supporting other companies and organisations, their customers, employees, and partners in the field of further education. This pertains to corporate training, with a focus on e-learning and blended learning. epicoa GmbH provides support both in a consultative and operational capacity. The business field also includes the distribution of IT solutions and media, including learning software and systems, as well as other products in the Learning & Development sector.
As part of our activities in the Learning & Development sector, we process personal data based on a contract or consent. Protecting your personal information is of utmost importance to us, and therefore, we do not transfer any data outside European borders. Our cooperation partners, who support us in organisational matters, are contractually bound to confidentiality and have data processing agreements in compliance with data protection regulations.
During the implementation of joint projects with cooperation partners, it is possible that we receive data from business partners.
As soon as we no longer need your data, we will delete it. If legal regulations require us to retain the data for a longer period, we will delete your data after this period has expired.
The main objective of the GDPR is to strengthen data subject rights. You have the right to be informed about the processing of your data, as well as the right to rectification, withdrawal of consent, restriction of processing, erasure, data portability, and the right to lodge a complaint with a supervisory authority.