Privacy Policy
Data Protection Regulation according to the GDPR
Name and Address of the Responsible Party
Responsible under the terms of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states and other relevant data protection regulations is:
General Information about Data Processing
Extent of Processing of Personal Data
In principle, we process personal data of our users only to the extent necessary to provide a functional website, our content, services, or to optimize the technical functionality of the website. The processing of personal data occurs regularly only after obtaining the user’s consent, except in cases where consent is not feasible due to factual reasons, and the processing is permitted by law.
-
Legal Basis for the Processing of Personal Data
- Insofar as we obtain the consent of the data subject for the processing of personal data, the legal basis for this processing is Art. 6 para. 1 lit. a GDPR.
- Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is a party, including pre-contractual measures.
- If the processing of personal data is required to fulfill a legal obligation to which Bon Sentiment (Paradigm Pioneers Limited) is subject, the legal basis is Art. 6 para. 1 lit. c GDPR.
- Art. 6 para. 1 lit. d GDPR applies when the processing is necessary for the protection of vital interests of the data subject or another person.
- If the processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not outweigh those interests, Art. 6 para. 1 lit. f GDPR is the legal basis.
-
Deletion of Data and Storage Duration
Personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Additionally, data may be stored if required by European or national laws, regulations, or other legal obligations to which the controller is subject. Personal data will be deleted or blocked once the legally prescribed retention period has expired, unless continued storage is necessary for contractual purposes.
Website Provisioning and Creation of Log Files
Description and Scope of Data Processing
Every time the website is accessed, our system automatically collects data and information from the calling computer system. The following data is collected:
- Information about the browser type and version used
- Information about the user’s operating system
- Information about the Internet service provider
- The IP address of the user
- The date and time of access
- Information about websites from which the user’s system accesses our website
- Information about websites accessed by the user’s system through our website
This data is stored in log files, but the IP addresses or other data allowing identification of a user are not stored. This data is not merged with other personal data.
Legal Basis for Data Processing
The temporary storage of data is necessary for the provision of the website and is based on Art. 6 para. 1 lit. f GDPR.
Purpose of Data Processing
The processing of personal data (e.g., IP address) is necessary to ensure that the website is delivered to the user’s computer. The IP address is stored temporarily for the duration of the session, which is justified by our legitimate interests in website delivery and technical functionality, according to Art. 6 para. 1 lit. f GDPR.
Duration of Storage
The data is deleted once it is no longer needed for the purpose of its collection. For website provisioning data, this is typically when the session ends.
Opposition and Removal Possibility
The collection of data for the provision of the website and its storage in log files is mandatory for the operation of the website. Therefore, the user has no right to object.
-
Use of Cookies
Description and Scope of Data Processing
The Bon Sentiment website uses cookies. Cookies are text files stored by the user’s web browser on their computer. A cookie may be stored on the user’s device when they visit the website, enabling identification of the browser on subsequent visits. The website also uses features of the web analytics service Google Analytics, which also utilizes cookies. Further information is provided in the section below titled “Privacy Policy for the Use of Google Analytics.”
The data collected through cookies is pseudonymized, so it cannot be directly linked to any individual user. Data is not stored together with other personal data.
Legal Basis for Data Processing
The legal basis for the processing of personal data via cookies is Art. 6 para. 1 lit. f GDPR, in relation to legitimate interests in the use of cookies for analytics purposes.
Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the user experience on our website. Without these cookies, certain functions of our website cannot be offered, as they require the browser to be recognized even after page breaks. Cookies are essential for the following applications:
- Confirmation of consent to the use of cookies.
- Other functions that require user identification between sessions.
The data collected through technically necessary cookies will not be used to create user profiles.
Duration of Storage, Objection, and Disposal Options
Cookies are stored on the user’s computer and transmitted to the Bon Sentiment website. As a user, you have full control over the use of cookies. By changing your browser settings, you can disable or restrict cookie transmission. Already stored cookies can be deleted at any time, either manually or automatically. Please note, if cookies are disabled, some features of our website may not function as intended.
Privacy Policy for the Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). Google Analytics uses cookies—text files that are stored on your computer to help analyze how you use the website. The information generated by the cookie about your use of this website is transmitted to and stored on Google servers in the USA.
However, if IP anonymization is enabled, your IP address will be truncated by Google within the European Union or other parties to the European Economic Area agreement. In rare cases, the full IP address may be sent to the Google server in the US and then shortened. Google will use this information to evaluate your use of the website, compile reports on website activity, and provide additional services to the website operator. The IP address used by Google Analytics will not be merged with other Google data.
You can prevent the use of cookies by adjusting your browser settings. However, this may limit the functionality of the website. You can also opt out of data collection by Google Analytics by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=en.
Privacy Policy for the Use of XING
The Bon Sentiment website uses features of the XING network, provided by XING AG (Dammtorstraße 29-32, 20354 Hamburg, Germany). When you visit a page containing XING features, your browser connects to XING’s servers. To our knowledge, no personal data is stored, and no usage behavior is analyzed. For more details, refer to XING’s privacy policy: http://www.xing.com/app/share?op=data_protection.
Privacy Policy for the Use of Facebook Plugins (Like Button)
Our website integrates Facebook plugins, provided by Facebook Inc. (1 Hacker Way, Menlo Park, California 94025, USA). Facebook plugins, such as the “Like” button, connect your browser directly to Facebook’s servers when you visit our website. Facebook will be informed that you visited our site, including your IP address.
If you are logged into Facebook, you can link content from our pages to your Facebook profile. This allows Facebook to associate your visit with your user account. Please note, as website operators, we do not have access to the data Facebook collects. For more information, refer to Facebook’s privacy policy: http://www.facebook.com/policy.php.
If you do not want Facebook to associate your visit with your profile, please log out of your Facebook account.
Privacy Policy for the Use of LinkedIn
This website uses features of LinkedIn, provided by LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA). When you visit pages with LinkedIn features, your browser connects to LinkedIn’s servers, and LinkedIn is informed that you visited our site, including your IP address.
By clicking the LinkedIn Recommend button and being logged into LinkedIn, you can associate your visit with your LinkedIn profile. As website operators, we do not have access to the data LinkedIn collects. For more information, please refer to LinkedIn’s privacy policy: http://www.linkedin.com/legal/privacy-policy.
Privacy Policy for the Use of Google Maps
To visually display geographic information, this website uses the Google Maps API. Google collects, processes, and uses data about the use of map features via Google Maps. For more information about Google’s data processing practices, please refer to Google’s Privacy Notice. You can change your personal privacy settings in the privacy center. More details can be found at: http://support.google.com/accounts/answer/3024190.
Privacy Policy for the Use of Google Analytics Remarketing
We use Google’s retargeting technologies on our sites, provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). This technology enables us to target visitors with personalized, interest-based advertising based on previous behavior. The cookies collect anonymized data about user interests for customized advertising.
You can opt out of Google’s retargeting by disabling interest-based advertising here: http://www.google.com/settings/ads/onweb/.
For more information on Google’s privacy practices, refer to: http://www.google.com/policies/technologies/ads/.
Privacy Policy for the Use of Google AdSense
This website uses Google AdSense, a service for integrating advertisements provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). Google AdSense uses cookies and web beacons (invisible graphics) to analyze website use and deliver advertising. The information generated is transmitted to Google servers in the USA. Google may share this data with its affiliates, but your IP address will not be merged with other personal data.
You can prevent the use of cookies by adjusting your browser settings, but this may limit website functionality. By using this website, you consent to Google processing data as outlined above.
Privacy Policy for the Use of Instagram
Our website integrates Instagram features, provided by Instagram Inc. (1601 Willow Road, Menlo Park, CA 94025, USA). When you are logged into Instagram, you can link content from our pages to your Instagram profile. This allows Instagram to associate your visit with your user account. We do not have access to the data Instagram collects.
For more details, refer to Instagram’s Privacy Policy: http://instagram.com/about/legal/privacy/.
Privacy Policy for the Use of Google
Our website uses Google+ features, provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). By using the Google+ button, you can share information globally. Google collects data on your +1 activity and may use it to improve their services and share summarized statistics with partners.
For more information, please review Google’s privacy policy: http://www.google.com/policies/technologies/ads/.
Privacy Policy for the Use of WordPress Stats
We use WordPress Stats, provided by Automatic Inc. (60 29th Street # 343, San Francisco, CA 94110-4929, USA), to evaluate website traffic. WordPress Stats uses cookies to collect usage data, which is stored on servers in the USA. Your IP address is anonymized before storage.
To prevent data collection, you can opt out by setting an opt-out cookie: http://www.quantcast.com/opt-out/.
If you delete the cookies on your computer, you must set the opt-out cookie again.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The following information is collected:
- Your browser type and browser version
- Your operating system
- The referrer URL
- The host name of the accessing computer
- The time of the server request
- Your IP address
This data is collected automatically and is not merged with other personal data.
Data Usage and Privacy Statement
This data cannot be assigned to specific individuals, nor is it merged with other data sources. If we become aware of any concrete indications of unlawful use, we reserve the right to retrospectively examine the data.
The data collected via the contact form (for requests related to information or documents concerning education, training programs, courses, or lectures) and email communication will be used solely for the purpose of responding to such requests.
Description and Scope of Data Processing
On our website, we offer users the opportunity to request information and documents related to a training, training program, course, or lecture by providing personal data through a contact form.
We use programs and services, referred to as tools, from other companies to process your data. The following tools are used for the provision and management of data:
Ninja Forms:
Your request for information and documents via the contact form triggers a transactional email. A transactional email is an email automatically sent after specific business transactions by companies and organizations. These transactional emails are sent via the Ninja Forms service. The provider is WP Ninjas, LLC, 225 2nd Street NW, Cleveland, United States.
To ensure the fast delivery of the automatic email to your account, shipping is handled through a specialized service provider.
Bon Sentiment has entered into a contractual agreement with Mailchimp for data processing in accordance with Art. 28 GDPR.
Slack:
To comply with requests for information and documents via the contact form, we use the instant messaging service Slack. The provider is Slack Technologies Limited, 4th Floor, One Park Place, Hatch Street Upper, Dublin 2, Ireland.
For Bon Sentiment (Limited Liability), it is necessary to rely on the integration of an instant messaging service to ensure the swift processing and response to your request. The service ensures that the responsible employee is immediately notified of a new request.
Bon Sentiment (Limited Liability) has entered into a contractual agreement with Slack Technologies Limited for data processing in accordance with Art. 28 GDPR.
Zapier:
To network tools and fulfill requests for information and documents via the contact form, we use the integration service provider Zapier. The provider is Zapier Inc., 243 Buena Vista Ave #508, Sunnyvale, CA 94086, United States.
For Bon Sentiment (Limited Liability), it is necessary to rely on the integration of service tools to ensure the quick processing and response to your request. The use of an integration service provider is essential for this.
Bon Sentiment has entered into a contractual agreement with Zapier Inc. for data processing in accordance with Art. 28 GDPR.
When contacting us via the contact form on our website, the data is entered by you into an input field, transmitted to us, and stored. The following data is collected during the process of requesting documents:
- First name
- Last name
- E-mail address
- Phone number
At the time of submission, the following data is also stored:
Date and time of the request
As part of the request process, the user’s consent to process this data is obtained.
Alternatively, you may also contact us via the provided email address. In this case, the user’s personal data submitted by email will be stored.
Legal basis for data processing
The legal basis for the processing of the data is the consent of the user in accordance with Art. 6 para. 1 lit. a GDPR.
Purpose of data processing
The processing of personal data from the input fields serves solely to process the contact request. In the case of contact via email, the legitimate interest in processing the data also applies.
Additional personal information processed during the request process is intended to prevent misuse of the contact form and to ensure the security of our information technology systems.
Storage Time
Once the data is no longer necessary for the purpose of its collection, it will be deleted. This applies to the personal data from the contact form input and any data submitted via email, which will be deleted once the respective conversation with the user is concluded. The conversation is considered concluded when it can be reasonably inferred that the matter in question has been fully resolved.
At the latest, any additional personal data collected during the submission process will be deleted after a period of seven days.
At the latest, any additional personal data collected during the submission process will be deleted after a period of seven days.
Right to Object and Removal Possibility
The user has the right to withdraw their consent to the processing of personal data at any time. If the user contacts us via email or phone, they may object to the storage of their personal data. In such cases, the conversation cannot continue.
Your Rights as a Data Subject
As a data subject, you have the following rights:
- Right to Withdraw Consent: You can withdraw your consent at any time. Once consent is revoked, data processing based on that consent cannot continue in the future.
- Right to Information: You have the right to request information about the personal data we process. This includes, in particular, the purposes of data processing, the categories of personal data, if applicable, the categories of recipients, the duration of storage, the source of your data, and, if applicable, the existence of automated decision-making, including profiling, and meaningful information about the details.
- Right to Rectification: You may request the correction of incorrect personal data or the completion of your stored personal data.
- Right to Erasure: You may request the deletion of your personal data stored with us, provided that the processing is not required for the exercise of the right to freedom of expression and information, the fulfillment of a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims.
- Right to Restriction of Processing: You may request the restriction of processing of your personal data if you dispute its accuracy, if the processing is unlawful but you oppose its deletion, or if we no longer need the data, but you require it for the assertion, exercise, or defense of legal claims. You also have this right if you object to the processing of your personal data.
- Right to Data Portability: You may request that we provide you with the personal data you have provided to us in a structured, commonly used, and machine-readable format. Alternatively, you may request that we transmit your personal data directly to another controller, where technically feasible.
- Right to Lodge a Complaint: You may lodge a complaint with the relevant supervisory authority if you believe that we are processing your personal data unlawfully. The authority responsible for us is:
In cases where the data is required to fulfill a contract or take pre-contractual steps, early deletion of the data is only possible if contractual or legal obligations prevent deletion. In such cases, all personal data stored during the contact process will be deleted.
SSL Encryption
This site uses SSL encryption for security reasons and to protect the transmission of sensitive content, such as the requests you send to us as the site operator. You can recognize an encrypted connection when the address line of your browser changes from “http://” to “https://” and a lock symbol appears in the browser’s address bar.
When SSL encryption is enabled, the data you submit to us cannot be read by third parties.
Rights of the Data Subject
If personal data is being processed, you are entitled to the following rights under the GDPR:
Right of Confirmation: You can request confirmation from the data controller whether personal data concerning you is being processed. If such processing is taking place, you can request the following information:
- The purposes for which the personal data is being processed.
- The categories of personal data being processed.
- The recipients or categories of recipients to whom your personal data has been disclosed or will be disclosed in the future.
- The planned duration of the storage of your personal data or, if specific details are unavailable, the criteria used to determine the storage period.
- The existence of a right to rectification or erasure of your personal data, the right to restrict processing, or the right to object to such processing.
- The existence of a right to appeal to a supervisory authority.
Any available information on the origin of the data if the personal data was not collected from you, the data subject. - The existence of automated decision-making, including profiling, under Articles 22(1) and (4) of the GDPR, and—at least in these cases—meaningful information about the logic involved, as well as the scope and intended impact of such processing on you.
- Right to Information on Transfers: You have the right to request information about whether your personal data is being transferred to a third country or an international organization. In this case, you may request details about the appropriate safeguards under Article 46 of the GDPR in relation to such transfers.
- This right of access may be limited where it is likely to render impossible or seriously hinder the achievement of research or statistical purposes, provided that such restrictions are necessary for the performance of research or statistical purposes.
Right to Rectification
You have the right to request the rectification and/or completion of your personal data if it is incorrect or incomplete.
The data controller must make the necessary corrections without undue delay.
This right to rectification may be limited if it is likely to render impossible or seriously hinder the achievement of research or statistical purposes, and if the restriction is necessary for the performance of those purposes.
Right to Restriction of Processing
You may request the restriction of the processing of your personal data under the following conditions:
- If you contest the accuracy of your personal data, for a period allowing the controller to verify the accuracy of the information.
- If the processing is unlawful and you oppose the deletion of your personal data, requesting instead that its use be restricted.
- If the controller no longer needs your personal data for the purposes of processing, but you require it to assert, exercise, or defend your legal rights.
- If you have objected to the processing pursuant to Art. 21(1) GDPR and it is not yet determined whether the legitimate grounds of the controller override your objections.
If the processing of your personal data is restricted, such data may still be stored, but its use will be limited to your consent, the assertion, exercise or defense of legal claims, the protection of the rights of another individual or legal entity, or for reasons of significant public interest in the Union or a Member State.
If the restriction of processing is lifted after the aforementioned conditions have been met, you will be informed by the controller before the restriction is lifted.
Your right to restriction of processing may be limited to the extent that it is likely to render impossible or seriously hinder the achievement of research or statistical purposes, and the restriction is necessary for the performance of those purposes.
Right to Erasure
Deletion Obligations
You may request the immediate deletion of your personal data from the controller. The controller is required to delete the data without delay if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent, which was the legal basis for processing under Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
- You object to the processing under Art. 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing under Art. 21(2) GDPR.
- Your personal data has been processed unlawfully.
- The deletion of personal data is required to fulfill a legal obligation under EU law or the law of a Member State.
- The personal data concerning you were collected in relation to information society services offered under Art. 8(1) GDPR.
Information to Third Parties
If the controller has made your personal data public and is required to delete it under Art. 17(1) GDPR, they will take appropriate measures, including technical measures, considering the available technology and implementation costs. This includes informing any third-party controllers who process your personal data that you, as the data subject, have requested the deletion of all links, copies, or replications of such personal data.
Exceptions
The right to erasure does not apply if the processing is necessary for the following reasons:
- To exercise the right to freedom of expression and information.
- To fulfill a legal obligation imposed by Union law or the law of a Member State, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller.
- For reasons of public interest in the area of public health, pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR.
- For archival purposes in the public interest, scientific or historical research, or statistical purposes under Art. 89(1) GDPR, where the law allows such processing and it is likely to render impossible or seriously prejudice the achievement of the processing objectives.
- For the establishment, exercise, or defense of legal claims.
Right to Information
If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obligated to inform all recipients to whom your personal data has been disclosed about the correction, deletion, or restriction of processing, unless this proves impossible or would require a disproportionate effort.
You have the right to be informed about these recipients by the controller.
Right to Data Portability
You have the right to receive the personal data you provide to the controller in a structured, commonly used, and machine-readable format.
You also have the right to transfer this data to another controller without hindrance by the original controller, provided that:
- The processing is based on your consent under Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or on a contract under Art. 6(1)(b) GDPR.
- The processing is carried out using automated methods.
You also have the right, in exercising this right, to have your personal data transmitted directly from one controller to another, where technically feasible.
However, the freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to Object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data under Art. 6(1)(e) or (f) GDPR, including profiling based on these provisions.
The controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This includes profiling related to direct marketing.
In case you object to processing for direct marketing, your personal data will no longer be processed for these purposes.
For information society services, irrespective of Directive 2002/58/EC, you may exercise your right to object through automated procedures using technical specifications.
You also have the right to object to the processing of personal data for scientific or historical research purposes or for statistical purposes under Art. 89(1) GDPR, based on reasons arising from your particular situation.
This right to object may be limited if it is likely to render impossible or seriously affect the realization of research or statistical purposes, and such restriction is necessary for the performance of those purposes.
Right to Withdraw Consent
You have the right to withdraw your consent to the processing of personal data at any time. The withdrawal of consent does not affect the legality of the processing based on consent before its withdrawal.
Automated Decisions Including Profiling
You have the right not to be subjected to a decision based solely on automated processing, including profiling, which has legal effects or similarly significant effects on you. This does not apply if the decision:
- Is necessary for the conclusion or performance of a contract between you and the controller.
- Is authorized by Union or Member State law to which the controller is subject, and that law contains appropriate safeguards for your rights and freedoms and legitimate interests.
- Is based on your explicit consent.
However, these decisions may not be based on special categories of personal data under Art. 9(1) GDPR unless Art. 9(2)(a) or (g) GDPR applies, and appropriate measures have been taken to protect your rights, freedoms, and legitimate interests.
For cases mentioned in (1) and (3), the controller must take appropriate measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention, express your point of view, and contest the decision.
Right to Complain to a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or place of alleged infringement, if you believe the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint is submitted will inform you of the status and outcome of the complaint, including the possibility of seeking judicial remedy under Art. 78 of the GDPR.
