Privacy Policy

Privacy policy

I.    Name and address of the controller and the supervisory authority 

The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

ISB International School of Bremen gGmbH
Badgasteiner Street 11
28359 Bremen
Germany
Tel. +49 421 515 779 0
E-mail: office@isbremen.de
Website: www.isbremen.de

The supervisory authority responsible for the person in charge is: 

The State Commissioner for Data Protection and Freedom of Information of the Free Hanseatic City of Bremen. 
Arndtstrasse 1
27570 Bremerhaven
Tel.: 0471 596 2010 or 0421 361 2010
Fax: 0421 496 18495
E-mail: office@datenschutz.bremen.de


I.    Name and address of the data protection officer

The data protection officer of the data controller is:

Shanta Krishna Ravindra
Badgasteiner Street 11
28359 Bremen
+49 (0)421 515 779-0
admissions@isbremen.de 

II General information on data processing
1. scope of the processing of personal data
As a matter of principle, we collect and use personal data of our users only to the extent that this is necessary for the provision of a functional website as well as our contents and services. The collection and use of our users' personal data regularly takes place only with the user's consent. An exception applies in those cases where it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by legal regulations. 

Our website is not aimed at minors and we do not knowingly collect personal data from minors. 

If persons under the age of 16 transmit personal data to us, this is only permitted if the parent or guardian has given their own consent or has agreed to the consent of the young person. For this purpose, we must be informed of the contact details of the legal guardian in accordance with Art. 8 (2) DSGVO in order to convince ourselves of the consent or approval of the legal guardian. This data and the data of the minor will then be processed in accordance with this data protection declaration. 

If we discover that a minor under the age of 16 has sent personal data to us without the consent of the parent or guardian or without the consent of the minor, we will delete the data immediately.


1. legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) f DSGVO serves as the legal basis for the processing. 

Pursuant to Article 21 of the GDPR, the data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(f) of the GDPR (data processing on the basis of a balance of interests). If the data subject lodges an objection, the controller will no longer process his/her personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of asserting, exercising or defending legal claims. The objection can be made form-free and can be directed to the contact details mentioned under point I.. 

2 Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned norms expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

III. provision of the website and creation of log files

1 Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
- Information about the browser type and the version used.
- The operating system of the user
- Host name of the computer
- The IP address of the user
- Date and time of access
- The website from which the user's system accessed our website 
- Internet pages that are accessed by the user's system via our Internet site.

This data is also stored in the log files of our system. Not affected by this are the IP addresses of the user or other data that enable the data to be assigned to a user. This data is not stored together with other personal data of the user.

2 Legal basis for data processing 
The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f DSGVO. 

3 Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. 

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO.

Pursuant to Article 21 DSGVO, the data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(f) DSGVO (data processing on the basis of a balance of interests). If the data subject objects, the controller will no longer process his or her personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. The objection can be made form-free and should preferably be directed to the contact details mentioned under point I..

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

4 Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. 

5. possibility of objection and elimination
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, the user has no right of objection. 

IV.    Use of cookies

1 Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. 

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. 

We also use cookies on our website that allow us to analyse the surfing behaviour of users. 

The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user.

When accessing our website, the user is informed about the use of cookies for analysis purposes and his or her consent to the processing of the personal data used in this context is obtained (so-called cookie consent banner). In this context, there is also a reference to this data protection declaration. 

2 Legal basis for data processing 
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f DSGVO.
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a DSGVO if the user has given his consent in this regard.

3 Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the use of Internet pages for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change. The user data collected through technically necessary cookies are not used to create user profiles.

Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus continuously optimise our offer. These purposes are also our legitimate interest in processing the personal data in accordance with Art. 6 Para. 1 lit. f DSGVO. 

Pursuant to Article 21 DSGVO, you have the right to object at any time to the processing of your personal data on the basis of Article 6 (1) (f) DSGVO (data processing on the basis of a balance of interests) for reasons arising from your particular situation. 

4 Duration of storage, possibility of objection and elimination
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

The respective browser information can be found, for example, under the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies 
Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen 
https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen 
Safari: https://support.apple.com/kb/ph21411?locale=de_DE 
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647 
Opera: http://help.opera.com/Windows/10.20/de/cookies.html 


V.    Contact form and e-mail contact

1 Description and scope of data processing
Our website contains a contact form which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored. These data are:
- First and last name
- e-mail address
- Telephone number (optional)
- message
The following data is also stored at the time the message is sent:
- The IP address of the user
- Date and time of registration
For the processing of the data, reference is made to this data protection declaration during the sending process.

Alternatively, it is possible to contact us via the e-mail address provided (so-called mailto link). In this case, the user's personal data transmitted with the e-mail will be stored. 

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

2 Legal basis for data processing 
The legal basis for the processing of data from the contact form is Art. 6 para. 1 lit. b DSGVO.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. 3.

3 Purpose of the data processing
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4 Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. 

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
 
VI. ISAMS (Parent Portal)
We have linked the parent portal "ISAMS" on our website. If your child has been accepted, you will receive an access code. With this access code you can log in to "ISAMS". No data processing takes place on our website.


VII Admission procedure

1 Description and scope of data processing
A form is available on our website which can be used for the electronic application procedure. The form is used to prepare the admission procedure for a place at the ISB International School of Bremen gGmbH. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. This data is transmitted voluntarily and can be the following:
Child's first and last name, current grade level, age, date of birth, gender, parents' name, children's nationality, place of birth, language, competence in English, address, telephone number and email address.
The following data is also stored at the time the message is sent:
- The user's IP address
- Date and time of registration
For the processing of the data, reference is made to this data protection declaration during the sending process.

Alternatively, it is possible to contact us via the contact form or the e-mail address provided (so-called mailto link). In this case, the user's personal data transmitted with the e-mail will be stored. 

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

2 Legal basis for data processing 
The legal basis for the processing of the data from the contact form is Art. 6 para. 1 lit. b DSGVO. The data processing is necessary for the implementation of pre-contractual measures, which are carried out at the request of the data subject.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO.

3 Purpose of the data processing
The processing of the personal data from the input mask serves us to process the contact and the admission procedure. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4 Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. 

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

VIII.    Hosting
This website is hosted by an external service provider. Personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).

Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.

We use the following hoster: Cloudflare Inc.

To ensure data protection-compliant processing, we have concluded a contract on commissioned processing with our hoster. The data protection declaration of our hoster can be found at https://www.cloudflare.com/privacypolicy/.   
IX.    Osano
Our website uses the cookie consent technology of Osano to obtain your consent to the storage of certain cookies on your end device and to document this in a data protection compliant manner. The provider of this technology is Osano, Inc, 3800 North Lamar Blvd, Suite 200, Austin, Texas 78756, USA (hereinafter "Osano").

When you enter our website, a connection is established to Osano's servers in order to obtain your consent and other declarations regarding cookie use. Osano then stores a cookie in your browser in order to be able to assign the consents given to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Osano cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

According to Osano, the data of European website visitors remain in the EU by being processed exclusively on regional servers.

Osano is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c DSGVO.

To ensure data protection-compliant processing, we have an order processing contract with Osano. The privacy policy of Osano can be found at https://www.osano.com/legal/privacy. 

X.    Cloudflare

1. description and scope of data processing
We use the service of Cloudflare Inc, 101 Townsend St, St. Francisco, CA 94107, USA on this site to make our website faster and more secure. Cloudflare is a company that provides a content delivery network and various security services. These services are between the user and our hosting provider. A content delivery network (CND) is a network

Cloudflare generally only forwards data that is controlled by website operators. The content is therefore not determined by Cloudflare, but always by the website operator itself. In addition, Cloudflare may collect certain information on the use of our website and process data sent by us or for which Cloudflare has received appropriate instructions. In most cases, Cloudflare receives data such as IP address, contact and log information, security fingerprints and website performance data. Log data helps Cloudflare to detect new threats, for example. This enables Cloudflare to ensure a high level of security protection for our website. Cloudflare processes this data as part of the services in compliance with applicable laws. This of course also includes the German Data Protection Regulation (DSGVO).

For security reasons, Cloudflare also uses a cookie. The cookie (cfduid) is used to identify individual users behind a shared IP address and to apply security settings for each individual user. This cookie becomes very useful, for example, if you use our website from a location where there are a number of infected computers. However, if your computer is trustworthy, we can recognise this from the cookie. In this way, you can surf through our website unhindered and worry-free, despite infected PCs in your vicinity. It is also important to know that this cookie does not store any personal data. This cookie is absolutely necessary for the Cloudflare security functions and cannot be deactivated.


Cloudflare also works with third-party providers. These may only process personal data under the instruction of Cloudflare and in accordance with the privacy policy and other confidentiality and security measures. Cloudflare does not share personal data without explicit consent from us.

2. legal basis for data processing 
Our legitimate interest within the meaning of Art 6 (1) (f) DSGVO in using Cloudflare services is to optimise the performance of our website and to protect the security of the same and thus also the security of your data.

3 Purpose of the data processing
The use of Cloudflare helps us to make our website faster and more secure. Cloudflare provides us with web optimisation as well as security services such as DDoS protection and web firewall. Cloudflare blocks threats and limits abusive bots.

4. duration of storage
Data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Cloudflare stores your information primarily in the USA and the European Economic Area. Cloudflare may transfer and access the information described above from around the world. In general, Cloudflare stores user-level data for domains in the Free, Pro and Business versions for less than 24 hours. For Enterprise domains that have Cloudflare Logs (formerly Enterprise LogShare or ELS) enabled, data can be stored for up to 7 days. However, if IP addresses trigger security alerts at Cloudflare, there may be exceptions to the retention period listed above.

Cloudflare only retains data logs for as long as necessary and this data is also deleted within 24 hours in most cases. Cloudflare also does not store any personal data, such as your IP address. However, there is information that Cloudflare stores indefinitely as part of its permanent logs in order to improve the overall performance of Cloudflare Resolver and to identify any security risks. To find out exactly what permanent logs are stored, please visit https://www.cloudflare.com/application/privacypolicy/. All data that Cloudflare collects (temporary or permanent) is cleansed of all personal data. All permanent logs are also anonymised by Cloudflare.


5. possibility of objection and removal
The user has the option to object to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. They can revoke this by sending a message to office@isbremen.de.

All personal data stored in the course of contacting us will be deleted in this case.

We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

More information on data protection at Cloudflare can be found at https://www.cloudflare.com/de-de/privacypolicy/. 

XI.    Google Tag Manager

1. description and scope of data processing
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. 

Google Tag Manager processes personal data in the form of your IP address. Further information on data processing by Google can be found in the terms of use for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/ and in Google's privacy policy: https://policies.google.com/privacy?hl=de. 

To ensure data protection-compliant processing, we have concluded an order processing agreement with Google on the use of Google Tag Manager.

2 Legal basis for data processing
The legal basis for the processing of personal data using Google Tag Manager is the consent of the user pursuant to Art. 6 (1) lit. a DSGVO. 

3 Purpose of the data processing 
We use Google Tag Manager to load tools such as Google Analytics or Google Maps after consent has been given. 

4. duration of storage
Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 14 months at the earliest. Details on this can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de  

5. possibility of objection and removal
Consent can be revoked at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. You can revoke your consent in the cookie settings on our website or by sending a message to office@isbremen.de.


XII.    Google Analytics

1. description and scope of data processing
This website uses the "Google Analytics" service provided by Google Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyse website usage by users. The service uses "cookies" - text files that are stored on your terminal device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.
During your visit to the website, the following data is recorded:

Google's users' IP addresses are shortened beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. This means that the user's IP address is anonymised. A direct reference to a person is thus excluded. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Correction and blocking of personal customer data is not possible before IP anonymisation. After IP anonymisation, no personal customer data is available for correction or blocking as well as for deletion after termination of the order.

The user can prevent the storage of cookies by making the appropriate setting in his browser, but in this case he may not be able to use all the functions of this website to their full extent. The user may also prevent the collection of data generated by the cookie and relating to their use of the website (including their IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: 
http://tools.google.com/dlpage/gaoptout?hl=de. 

2 Purpose and scope of data processing
The service is used to analyse the use of the website by our visitors. To this end, Google uses page views to collect customer data relating to the technical characteristics and activities of visitors to my website. This customer data is analysed by Google using processing software in order to create reports, which may include statements on dwell time, approximate geographical origin, origin of visitor traffic, exit pages and usage patterns. The IP address transmitted by the user's browser as part of Google Analytics will not be merged with other Google data. 

3. legal basis for data processing
The legal basis for the processing of personal data using Google Analytics is the consent of the user pursuant to Art. 6 (1) lit. a DSGVO. 

Further information on the terms of use and data protection can be found at https://marketingplatform.google.com/about/analytics/terms/de/ or at https://www.google.de/intl/de/policies/ as well as at https://policies.google.com/technologies/cookies?hl=de. 

4 Duration of storage
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future website visits. Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 14 months at the earliest. Details on this can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de  

5. possibility of objection and removal
Consent can be revoked at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. You can revoke your consent in the cookie settings on our website or by sending a message to office@isbremen.de.


XIII Google Web Fonts

1. description and scope of data processing
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. If your browser does not support web fonts, a standard font will be used by your computer.

2 Legal basis for data processing
Google Web Fonts are only used with your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. 

3. purpose of data processing 
We use Google Web Fonts to display our content correctly and graphically appealing across browsers and to enable fast surfing. 

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.

4. duration of storage
Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This allows us to use fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to quickly and easily change the design or font of a website, for example.

The font files are stored by Google for one year. Google's aim is to fundamentally improve the loading time of websites. If millions of web pages refer to the same fonts, they are cached after the first visit and immediately reappear on all other web pages visited later. Sometimes Google updates font files to reduce file size, increase language coverage and improve design. The data that Google stores for a day or a year cannot simply be deleted. The data is automatically transmitted to Google when the page is called up. In order to delete this data prematurely, you must contact Google support at https://support.google.com/?hl=de&tid=231645705285.

5. possibility of objection and removal
Consent can be revoked at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. You can revoke your consent in the cookie settings on our website or by sending a message to office@isbremen.de.


XIV Google Ads

1 Description, scope and purpose of data processing 
In order to statistically record the use of our website and to evaluate it for the purpose of optimising our website for you, we use Google Conversion Tracking by Google LLC, 1600 Amphitheatre Parkway, Mountain View, Ca 94043. In the process, Google Ads sets a cookie on your computer if you have reached our website via a Google ad.

Each Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. Ads clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users.

If you do not wish to participate in the tracking procedure, you can also refuse the setting of a cookie required for this - for example, by means of a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the domain "www.googleadservices.com" are blocked. Google's privacy policy on conversion tracking can be found here: https://services.google.com/sitestats/de.html. 

2. legal basis for data processing
Google Ads are only used with your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. 

3. purpose of data processing 
With Google Conversion Tracking, we want to ensure a needs-based design and the ongoing optimisation of our website. On the other hand, we use the measure to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. 

Further information on Google Web Fonts can be found in Google's privacy policy: https://www.google.com/policies/privacy/.

4 Duration of storage
These cookies from Google Conversion Tracking lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Ads client's website and the cookie has not yet expired, Google and the client can recognise that the user clicked on the ad and was redirected to this page.

Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 14 months at the earliest. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de  


5. possibility of objection and removal
Consent can be revoked at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. You can revoke your consent in the cookie settings on our website or by sending a message to office@isbremen.de.

Furthermore, the data subject has the option to object to interest-based advertising by Google. To do this, the data subject must call up the link www.google.de/settings/ads from any of the internet browsers he or she uses and make the desired settings there.


XV. Social media 

For data protection reasons, we do not integrate social plugins directly into our website. When you visit our pages, no data is therefore transmitted to social media services such as Facebook or Instagram. Profiling by third parties is therefore excluded.

By clicking on the Facebook, YouTube and Instagram links, you will be redirected to the respective website. 

XVI Matterport

On our website, the user can experience a virtual tour of the school building. The operator of this portal is Matterport, Inc, 352 E. Java Dr. Sunnyvale, CA 94089, USA. 

When you visit one of our pages containing such a virtual tour, a connection to Matterport's servers is established. In the process, the Matterport server is informed which of our pages you have visited. In addition, Matterport obtains your IP address. This also applies if you are not logged in to Matterport or do not have an account with Matterport. The information collected by Matterport is transmitted to the Matterport server in the USA.
 
If you are logged into your Matterport account, you enable Matterport to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Matterport account.

The use of Matterport is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

The user has the option to object to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. They can revoke the revocation by sending a message to office@isbremen.de.
For more information on how Matterport implements the GDPR and handles user data, please see Matterport's privacy policy at https://matterport.com/legal/privacy-policy/.

We have concluded an order processing agreement with Matterport.


XVII. Rights of the data subject
If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:

1. right of access
You may request confirmation from the controller as to whether personal data concerning you is being processed by us. 
If there is such processing, you may request information from the controller about the following:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data which are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the envisaged duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to obtain the rectification or erasure of personal data concerning you, a right to obtain the restriction of processing by the controller or a right to object to such processing; 
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data, if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information on whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

2. right of rectification 
You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller must make the rectification without undue delay.

3. right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of the processing but you need it for the establishment, exercise or defence of legal claims; or
(4) if you have objected to the processing pursuant to Article 21(1) DSGVO and it is not yet clear whether the controller's legitimate grounds override your grounds.
Where the processing of personal data relating to you has been restricted, such data may only be processed - apart from being stored - with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. right to erasure

a) Obligation to erase

You may request the controller to erase the personal data concerning you without undue delay and the controller is obliged to erase such data without undue delay if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a DSGVO and there is no other legal basis for the processing. 
(3) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR. 
(4) The personal data concerning you have been processed unlawfully. 
(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject. 
(6) The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

a) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers that process the personal data that you, as the data subject, have requested them to erase all links to, or copies or replications of, that personal data. 

b) Exceptions

The right to erasure does not apply insofar as the processing is necessary to.

(1) for the exercise of the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section (a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
(5) to assert, exercise or defend legal claims.

(5) Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients by the controller.

6. right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that.

(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and
(2) the processing is carried out with the aid of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. 

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

8. right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9 Automated decision-making in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision 
(1) is necessary for the conclusion or performance of a contract between you and the controller,
(2) is permissible on the basis of legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests; or
(3) is made with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

10. right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. 

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.