Kellogg-WHU Executive MBA | Logo

Privacy Policy

WHU - Otto Beisheim School of Management, Kellogg-WHU Executive MBA Program, Burgplatz 2, 56179 Vallendar ("WHU") is happy to welcome you on our website.

With this privacy policy, WHU fulfils its existing legal obligation to provide information in accordance with Art. 13 of the General Data Protection Regulation ("GDPR") with regard to the processing of personal data on our website. In the following, we therefore explain which of your personal data we process and in what way. Please contact us if you have any further questions. You will find our contact details below and at the end of this page.

General information about the processing of personal data

Responsible according to Art. 4 (7) of the EU General Data Protection Regulation ("GDPR") is WHU - Otto Beisheim School of Management ("WHU"), Burgplatz 2, 56179 Vallendar (see our imprint, e-mail: datenschutz[at]whu.edu).

You can contact our data protection officer with the data provided at the end of this Privacy Policy.

Personal data

Personal data is any information that relates to an identified or identifiable natural person. A natural person is considered to be identifiable if, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, that expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person, can be identified. This includes, for example, information such as your name, address, telephone number, language, location, e-mail address, bank details and date of birth.

Processing of personal data

A processing of personal data applies to any operation performed with or without the aid of automated procedures or in any series of procedures related to personal data. In particular, data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

We process personal data in accordance with the specifications and conditions described below within the framework of automated processing based on a relevant legal authorisation. The scope of the processing of your personal data is limited by the purposes described in each case.

Automated decision-making in individual cases including profiling according to Art. 22 GDPR does not take place.

If we use a processor for the processing of your personal data, we conclude a data processing contract with them, which fulfills all the requirements of Art. 28 GDPR.

Purpose of processing personal data when visiting our website

In the case of merely informative use of the website, for example, if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you visit our website, we collect the following data that is technically necessary for us to show you our website and to ensure the stability and security (legal basis is Art. 6 para. 1 sentence 1 lt. f GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the requirement (concrete page)
  • Access Status / HTTP status code
  • Transmitted amount of data
  • Website that the request comes from
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

In addition to the purely informative use of our website, we offer various services which you can use if you are interested. For this purpose, you will generally have to provide additional personal data which we use to provide the respective service and to which the aforementioned data processing principles apply. We present these to you in this privacy policy.

Use of Cookies

In addition to the above-mentioned data, cookies are stored on your computer when you use our website, if you give us your consent.

Cookies are small text files that are stored on your hard drive in accordance with the browser you are using and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer altogether more user-friendly and effective.

On the one hand we use technically necessary cookies. These cookies are necessary for a good functionality of our website and cannot be switched off in our system. The legal basis is Art. 6 para. 1 sentence 1 lt. f GDPR ("legitimate interest"). However, you can of course configure your browser settings according to your wishes and also reject such technically necessary cookies. Please note that you will not be able to use our website in that case.

Otherwise, Art. 6 para. 1 sentence 1 lt. a GDPR is the legal basis for the use of cookies ("consent"). You can differentiate whether you give us consent for all cookies, only for certain types of cookies (e.g. functional cookies, performance cookies, advertising/tracking cookies) or no consent at all.

This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect here, without having to fear any disadvantages. However, we would like to point out that if you do not give your consent or if you revoke it, you may not be able to use all the functions of this website to their full extent.

We will also provide you with further information on the use of cookies in the following sections if cookies are used.

You will also find detailed information in our cookie policy, which you can access via the following link.

Use of social media plug-ins

We currently use the following social media plug-ins: Facebook, Xing, Youtube, LinkedIn, Twitter, Instagram, Google+, Flickr, skype (for business), iTunes U

We use the two-click solution. In other words, when you visit our site, no personal data is initially passed on to the providers of the plug-ins. The provider of the plug-in can be identified by the marking on the box above its initial letter or by its logo. We provide you with the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and activate it, the provider of the plug-in receives the information that you have accessed the corresponding website of our online service. In addition, the data mentioned above under "Purpose of processing personal data when visiting our website" is transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, personal data will be transmitted by you to the respective plug-in provider and stored there (with US providers in the USA). 

We have no influence on the collected data and data processing operations, nor are we aware of the full extent of data collection, the purpose of the processing, the retention periods. We also have no information on how to delete the data collected by the plug-in provider.

The plug-in provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and / or customized website design. Such an evaluation is carried out in particular (also for non-logged-in users) for the presentation of customized advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise it. Through the plug-ins we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user.

The data transfer takes place regardless of whether you have an account with the plug-in provider and whether you are logged in. If you are logged in, the data collected from us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it with your contacts publicly. We recommend logging out regularly after using a social network, but especially before activating the button, as this will prevent your data from being associated with your profile with the plug-in provider.

The plug-in provider may also process your personal data in the USA. Before giving your consent in accordance with Art. 49 para. 1 a GDPR, we would like to point out in particular that in the USA, without an adequacy finding and without suitable guarantees, there may not be an adequate level of data protection, as data protection laws do not comply with the provisions of the GDPR, and in particular the rights of data subjects may not be enforceable.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lt a GDPR ("Consent"). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect here, without having to fear any disadvantages.

For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy declarations of these providers provided below. There you will also find further information about your rights and settings options for the protection of your privacy.

Addresses of the respective plug-in providers and URL with their privacy notices:

Integration of YouTube Videos

We have included YouTube videos in our online offering, which are saved on www.YouTube.com and are directly playable on our website. These are all incorporated in the "extended privacy mode", which means that none of your user data is transferred to YouTube if you are not playing the videos. Only when you play the videos, the above data will be transmitted. We don't have any influence on this data transfer.

By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. Furthermore, the data mentioned above in this privacy policy under "Purpose of processing personal data when visiting our website" will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you're logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube saves your data as usage profiles and uses them for advertising, market research and / or custom design of its website. Such an evaluation is done in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have a right to object to the creation of these usage profiles, but you need to get in touch with YouTube in order to do so.

YouTube also processes your personal data in the USA. Before you give your consent in accordance with Art. 49 para. 1 a GDPR, we would like to point out in particular that in the USA there may not be an adequate level of data protection without a decision on appropriateness and without suitable guarantees, as data protection laws do not comply with the provisions of the GDPR and in particular the rights of data subjects may not be enforceable.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lt. a GDPR ("Consent"). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect here, without having to fear any disadvantages.

For more information on the purpose and scope of data collection and its processing by YouTube, please see the Privacy Policy. There you will also find further information on your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.

Integration of Google Maps

On this website we use Google Maps. This allows us to show you interactive maps directly on the website and enable you to conveniently use the map feature.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. Furthermore, the data mentioned above in this declaration under "Purpose of processing personal data when visiting our website" will be transmitted. This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you're logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research, and / or tailor-made website design. Such an evaluation is done (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact respective provider to exercise this right.

Google also processes your personal data in the USA. Before giving your consent in accordance with Art. 49 para. 1 a GDPR, we would like to point out in particular that in the USA there may not be an adequate level of data protection without a decision on appropriateness and without suitable guarantees, as data protection laws do not comply with the provisions of the GDPR and in particular the rights of data subjects may not be enforceable.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lt. a GDPR ("Consent"). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect here, without having to fear any disadvantages.

Further information on the purpose and scope of data collection and processing can be found in the provider's data protection declarations. There you will also find further information on your rights in this regard and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.

LinkedIn Insight tag

This website uses the LinkedIn Insight tag of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Pl, Dublin, 2, Ireland ("LinkedIn"), subject to your consent. The LinkedIn Insight tag is a small JavaScript code snippet that we have added to our website to enable detailed campaign reporting and to gain valuable information about visitors to our website. Specifically, we use the LinkedIn Inside tag to track conversions, retarget our site visitors, and gather additional information about LinkedIn members who view our ads.

In particular, the LinkedIn Insight tag allows us to collect information about visits to our site, including URL, referrer URL, IP address, device and browser characteristics (user agent), and timestamps. IP addresses are truncated or (if used to reach members across devices) hashed. The direct identifiers of members are removed within seven days to pseudonymize the data. This remaining pseudonymised data is then deleted within 180 days. LinkedIn does not share any personally identifiable information with us, but only provides reports (in which you are not identified) about website audience and ad performance. LinkedIn also provides retargeting for site visitors, which allows us to use this data to display targeted advertising outside of our site without identifying the member. We also use data that does not identify you to improve the relevance of ads and reach members across devices. LinkedIn members can also control the use of their personal information for advertising purposes in their account settings.

LinkedIn also processes your personal data in the USA. Before giving your consent in accordance with Art. 49 para. 1 a GDPR, we would like to point out in particular that in the USA there may not be an adequate level of data protection without a decision on appropriateness and without suitable guarantees, as data protection laws do not comply with the provisions of the GDPR and in particular the rights of data subjects may not be enforceable.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lt. a GDPR ("Consent"). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect here, without having to fear any disadvantages.

For more information about LinkedIn's processing of your personal data and your rights and options for protecting your privacy, please refer to LinkedIn's privacy policy at www.linkedin.com/legal/privacy-policy.

Facebook pixel

This website uses the Facebook pixel of Meta Platforms Ireland Limited , 1601 South California Avenue, Palo Alto, CA 94304, USA ("Facebook"), if you have given your consent. 

As a result, users of the website can be shown interest-related advertisements ("Facebook Ads") when visiting the social network Facebook or other websites that also use the procedure. In this way, we pursue the interest in displaying advertisements that are of interest to you in order to make our website more interesting for you.

Via the Facebook pixel we process in particular information about the activities of website visitors outside of Facebook. This includes information about the website visitor's device, the websites visited, purchases made, advertisements that the website user sees and information about how the visitor uses our website. This happens regardless of whether you have a Facebook account or are logged in to Facebook as a visitor to our website. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or are not logged in, there is a possibility that the provider will find out and store your IP address and other identifying features.

The Facebook pixel records these five types of data:

  • Http headers - everything that is present in HTTP headers. HTTP headers are a standard web protocol that is sent between any browser request and any server on the Internet. HTTP headers contain IP addresses, web browser information, page location, document, referrer, and information about the website visitor.
  • Pixel-specific data - this includes the pixel ID and the Facebook cookie.
  • Button-click data - this includes any buttons clicked by visitors to the site, the labels of those buttons, and any pages viewed as a result of clicking on the button.
  • Optional values - developers and marketers can optionally send additional information about the visit through personalized data events. Examples of personalized data events are the conversion value, page type, etc.
  • Form field names - these include the names of website fields such as "email", "address" and "quantity" that are filled in when a product or service is purchased. The pixel generally does not capture field values.

In the context of usage-based online advertising, we use the "Custom Audiences" service of Meta Platforms Ireland Limited. (1601 S. California Avenue, Palo Alto, CA 94304, USA). For this purpose, we define target groups of users based on certain characteristics in the Facebook Ads Manager, who are subsequently shown ads within the Facebook network. Users are selected by Facebook based on the profile information they provide, and other data provided through their use of Facebook. If a user clicks on an advertisement and subsequently arrives on our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel embedded on our website. Basically, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set in the process. This collected information about your activities on our website (e.g. surfing behavior, subpages visited, etc.). For the geographic targeting of advertising, your IP address is also stored and used. Facebook Custom Audiences via the customer list is not used by us, as is the "advanced matching" function.

Facebook also processes your personal data in the USA. Before giving your consent in accordance with Art. 49 para. 1 a GDPR, we would like to point out in particular that in the USA there may not be an adequate level of data protection without a decision on appropriateness and without suitable guarantees, as data protection laws do not comply with the provisions of the GDPR and in particular the rights of data subjects may not be enforceable.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lt. a GDPR ("Consent"). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect here, without having to fear any disadvantages.

You can also deactivate the Facebook Marketing function as a logged in Facebook user at https://www.facebook.com/settings/?tab=ads#. You can also disable the Custom Audiences remarketing feature in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook.

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/

Further information on the processing of personal data by Facebook as well as on your rights and options for protecting your privacy can be found in the Facebook privacy policy at www.facebook.com/about/privacy/.

Contact form

When you contact us by e-mail or through a contact form, we will collect the personal information you provide (e-mail address, first name, last name and, if applicable, your telephone number) to answer your questions. We will delete data for these purposes after storage is no longer required, or limit the processing if there are statutory retention requirements.

The legal basis is Art. 6 para. 1 sentence 1 lt. f GDPR.

Student application form

If you apply at WHU, the data you provide will be processed by us to check whether we would like to establish and carry out a student relationship with you.

During the application process, in addition to the form of address, surname and first name, the usual correspondence data such as postal address, e-mail address and telephone numbers are stored. Furthermore, application documents such as letters of motivation, curriculum vitae, vocational, educational and further education certificates and references are recorded.

The applicant data sent to us and entered by you will only be processed up to the time of the decision on hiring if a contractual relationship is not established. Four months after the rejection has been sent or after the application documents have been returned to the applicant, the data will be deleted.

The data will only be stored in an applicant pool if you give us your express consent (Art. 6 para. 1 sentence 1 lt. a GDPR). This storage will be for a maximum period of two years. This consent is voluntary. You can refuse it without giving reasons, without having to fear any disadvantages. You can also revoke this consent at any time in text form (e.g. letter, e-mail) with future effect to the contact data shown above, without having to fear any disadvantages.

If we enter into a contractual relationship with you, the data you have provided us with will be processed to establish, implement and, if necessary, terminate the student relationship.

The data may be processed for statistical purposes (e.g. reporting). It is not possible to draw conclusions about individual persons.

The legal basis is Art. 6 para. 1 sentence 1 lt. b GDPR ("Contract implementation, preliminary negotiations").

Staff application form

If you apply for a job at WHU, the data you provide will be processed by us to check whether we would like to establish and carry out an employment relationship with you.

During the application process, in addition to the form of address, surname and first name, the usual correspondence data such as postal address, e-mail address and telephone numbers are stored. Furthermore, application documents such as letters of motivation, curriculum vitae, professional, training and further training qualifications as well as job references are recorded.

The applicant data sent to us and entered by you will generally only be processed until the time of the decision to hire, if an employment relationship is not established. The data is deleted four months after the rejection has been sent or after the application documents have been returned to the applicant.

Data will only be stored in an applicant pool if you have given us your express consent. This storage will be for a maximum period of two years. This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time in text form (e.g. letter, e-mail) with future effect to the contact data shown above, without having to fear any disadvantages.

If we enter into a contractual relationship with you, the data that you have made available to us will be processed to establish, implement and, if necessary, terminate the employment relationship.

The data may be processed for statistical purposes (e.g. reporting). No conclusions can be drawn about individual persons.

The legal basis is § 26 BDSG (§ 26 para. 8 sentence 2 BDSG).

Newsletter

With your voluntary consent, you can subscribe to our newsletter, which informs you about our current products and services. The advertised products and services are named in the declaration of consent.

To register for our newsletter, we use the double-opt-in procedure. This means that after you have registered, we will contact you on the e-mail address specified asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 14 days, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of this is to prove your registration and, if necessary, to inform you about possible misuse of your personal data.

The only requirement for sending the newsletter is your e-mail address. The specification of additional, separately marked, data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. Legal basis is Art. 6 para. 1 sentence 1 lt. GDPR in combination with Art. 7 GDPR ("Consent"). You can revoke your voluntary consent to the sending of the newsletter at any time and unsubscribe. You can declare the revocation by clicking on the link provided in each newsletter e-mail, by e-mail to datenschutz(at)whu.edu, or by sending a message to the contact details stated in the imprint. Failure to provide or revocation of consent does not have any disadvantages for you. In this case, however, we cannot send you the newsletter.

Among others, to send our newsletter, we use the e-mail tool CleverReach, which is operated by CleverReach GmbH & Co. KG, Rastede, Germany. Your data is also processed by CleverReach on basis of a data processing contract according to Art. 28 GDPR. CleverReach offers evaluation options on how the newsletters are opened and used. Your data will not be passed on to other third parties for the receipt of the newsletter and CleverReach does not acquire any right to transfer your data.

Furthermore, the newsletter software Newsletter2Go is used. Your data will be transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling and using your data for purposes other than sending newsletters. Newsletter2Go is a German, certified provider, which was selected according to the requirements of the General Data Protection Regulation and the Federal Data Protection Act. Further information can be found here: www.newsletter2go.de/informationen-newsletter-empfaenger/ Your data will also be processed by Newsletter2Go on basis of a data processing contract according to Art. 28 GDPR.

Pardot Marketing Automation System

We use the Pardot Marketing Automation System ("Pardot MAS") from Salesforce.com Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA ("Pardot") on our websites. Pardot is a software that collects and evaluates the use of a website by website visitors. Insofar as Pardot LLC processes personal data, the processing takes place exclusively on our behalf and in accordance with our instructions. A data processing contract according to Art. 28 GDPR has been established. Through an individual agreement with Pardot LLC, we have also ensured that Pardot LLC complies with the requirements of the EU basic data protection regulation.

When visiting our website, the Pardot MAS captures your click path and creates an individual usage profile using a pseudonym. For this purpose, cookies are used to enable the recognition of your browser. 

Pardot also processes your personal data in the USA. Before giving your consent in accordance with Art. 49 para. 1 a GDPR, we would like to point out in particular that an adequate level of data protection is ensured in the USA based on the European Commission’s adequacy decision of 10.07.2023, as Salesforce is certified under the EU-U.S. Data Privacy Framework. Additionally, the individual agreement we have concluded with Pardot to comply with the requirements of the EU General Data Protection Regulation applies.

The use of cookies by Pardot only occurs if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lt. a GDPR ("Consent"). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect here, without having to fear any disadvantages.

Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted and stored at a Google server in the USA. However, if IP address anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. It is only in exceptional cases that the full IP address will be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website usage and internet usage to the website operator. 

The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.

This website uses Google Analytics with the extension "_anonymizeIp()". This allows IP addresses to be further processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you contains a personal reference, this is immediately excluded and the personal data is immediately deleted.

Google also processes your personal data in the USA. Before you give your consent in accordance with Art. 49 para. 1 a GDPR, we would like to point out in particular that in the USA there may not be an adequate level of data protection without a decision on appropriateness and without suitable guarantees, as data protection laws do not comply with the provisions of the GDPR and in particular the rights of data subjects may not be enforceable.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lt. a GDPR ("Consent"). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect here, without having to fear any disadvantages.

We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user.

Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001, Terms of Use: www.google.com/analytics/terms/de.html, Privacy Policy: www.google.com/intl/de/analytics/learn/privacy.html, and the Privacy Policy: www.google.de/intl/de/policies/privacy.

Matomo

This website uses Matomo, a web analytics service developed as a software solution by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo is based in New Zealand, a third country. The European Commission has determined an adequate level of data protection for New Zealand by decision.

Matomo is used by us as an on-premise solution. The information is stored by a server that is managed by us and is located within the European Union. Data is therefore not passed on to third parties.

Matomo uses so-called cookies, which are text files that are stored on your computer. These cookies help us to track your visitor behavior on our website and aims to constantly improve the website. You can prevent the installation of cookies on the part of Matomo by setting your browser software accordingly or by rejecting them in our cookie check box. It may then be that they can not fully use all features of the website.

When using Matomo, we have activated the so-called IP anonymization, so that your IP address is only stored in a reduced form.  The resulting pseudonymization of the usage profiles are not merged with personal data about the bearer of the pseudonym without separate, explicit consent.

Matomo collects the following data about user behavior on our website:

- Cookies

- Pseudonymized IP addresses by removing the last 1 byte (i.e. 198.51.100.0 instead of 198.51.100.54)

- Pseudo-anonymized location (based on the anonymized IP address)

- Date and time

- Title of the accessed page

- URL of the accessed page

- URL of the previous page (if allowed)

- Screen resolution

- Local time

- Files that were clicked and downloaded

- External links

- Duration of page load

- Country, region, city (with low accuracy due to IP address)

- Main language of the browser

- User agent of the browser

- Interactions with forms (but not their content)

You can subsequently object to the storage and use of your personal data (IP address) with one click. In this case, a so-called opt-out cookie is sent by Matomo, so that Matomo does not store any further data about your visit to the website.

Use of Hotjar

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

We use Hotjar to better understand the needs of our users and to optimize the offering and experience on this website. Using Hotjar's technology, we get a better understanding of our users' experience (e.g., how much time users spend on which pages, which links they click, what they like and dislike, etc.) and this helps us to tailor our offering to our users' feedback. Hotjar works with cookies and other technologies to collect data about our users' behavior and about their devices, in particular IP address of the device (collected and stored only in anonymized form during your website use), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), language preferred to view our website. Hotjar stores this information on our behalf in a pseudonymized user profile.

Hotjar is contractually prohibited from selling the information collected on our behalf. The information is neither used by Hotjar nor by us to identify individual users nor is it merged with other data about individual users. The legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO. For more information, please see Hotjar's privacy policy: https://www.hotjar.com/legal/policies/privacy 

You can consent to the storage of a user profile and information about your visit to our website by Hotjar as well as the setting of Hotjar tracking cookies in our cookie declaration and revoke your consent here at any time.

Use of Sistrix

This website uses Sistrix, a web analysis service of SISTRIX GmbH, Thomas-Mann-Straße 37, 53111 Bonn, Germany.

This is an analysis tool to improve the searchability of our website in search engines. When creating this plugin, it was explicitly ensured that all data is encrypted (https). This plugin makes search queries to sistrix.de and sends an affiliate code with every search request to sistrix.de to support our developers of the website. The developer is to the best of his knowledge, however, under no circumstances able to view the requests made. Further information on the processing of data by Sistrix can be found at https://www.sistrix.de/sistrix/datenschutz/.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lt. a GDPR ("Consent"). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect here, without having to fear any disadvantages.

Use of Google Ads Conversion

We use the services of Google Ads, in order to draw attention to our offers with the aid of advertising media (Google Ads) on external web pages. In relation to the data of the advertising campaigns, we are able to determine how successful the individual advertising measures are. The aim of this is to present advertisements that are of interest to you, to design our website in a way that it is of more relevance to you and to attain a fair calculation of advertising costs.

These advertising media are supplied by Google via "ad servers". For this purpose, we use ad server cookies, which enable the measurement of certain performance metrics such as the display of ads or user clicks. If you access our website through a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. Linked to each cookie, a unique cookie ID, the number of ad impressions per placement (Frequency), the last impression (relevant for post-view conversions), as well as opt-out information (a note that the user does not want to be addressed any longer)  are typically saved.

These cookies allow Google to recognize your Internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer will be able to detect that the user clicked on the ad and was redirected to those pages. Each Ads customer is assigned a different cookie. Thus, cookies can not be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We merely receive statistical evaluations provided by Google. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media, in particular we can not identify the users on the basis of this information.

By reason of the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no control over the extent and the further use of the data, collected by Goolge through the employment of this tool and thus inform you according to our state of knowledge: By the incorporation of Ads conversion, Google receives the information that you visited the respective part of our Internet appearance or clicked on one of our ads. Provided that you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will learn and store your IP address.

Google also processes your personal data in the USA. Before you give your consent in accordance with Art. 49 para. 1 a GDPR, we would like to point out in particular that in the USA there may not be an adequate level of data protection without a decision on appropriateness and without suitable guarantees, as data protection laws do not comply with the provisions of the GDPR and in particular the rights of data subjects may not be enforceable.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lt. a GDPR ("Consent"). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect here, without having to fear any disadvantages.

You can find further information on data protection at Google here: www.google.com/intl/de/policies/privacy and services.google.com/sitestats/en.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at www.networkadvertising.org.

Google Remarketing

In addition to Ads Conversion, we use the Google Remarketing application. This is a process by which we aim to address you again. The application allows you to see our ads after visiting our website as you continue to use the Internet. This is done by means of using cookies stored in your browser, through which your usage behavior when visiting various websites is recorded and evaluated by Google.

In this way, Google is able to detetct your previous visit to our homepage. A combination of the data collected during the remarketing with your personal data, which may be stored by Google, does not occur according to Google. In particular, pseudonymization is used in remarketing according to Google.

Google also processes your personal data in the USA. Before you give your consent in accordance with Art. 49 para. 1 a GDPR, we would like to point out in particular that in the USA there may not be an adequate level of data protection without a decision on appropriateness and without suitable guarantees, as data protection laws do not comply with the provisions of the GDPR and in particular the rights of data subjects may not be enforceable.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lt. a GDPR ("Consent"). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect here, without having to fear any disadvantages.

Online sessions

We continuously organize online sessions for interested parties on the current topic "Future strategies for medium-sized businesses: Setting the right course now".

You can register online for these online seminars via our portal. We organize these online seminars in cooperation with the Chamber of Industry and Commerce ("IHK") Koblenz, Schlossstr. 2, 56068 Koblenz.

We process the following mandatory data from you in this context: Selected online seminar, title and name (first name, surname) of the participant and e-mail address of the participant. This serves in particular to enable us to allocate and confirm your registration to a specific person and to send you information on the date and content of the online seminar.

If you do not provide us with the mandatory information mentioned above, we will not be able to give you access to our online seminars, as this information is required for the execution of the contract.

The legal basis is Art. 6 para. 1 sentence 1 lt b GDPR ("Necessity for contract implementation").

With your voluntary consent in accordance with Art. 6 para. 1 sentence 1 lt. a GDPR in combination with Art. 7 GDPR, you can also register for us to inform you about our current products and services. This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages. You can also revoke this consent at any time with future effect by clicking on the link provided, by e-mail or by sending a message to the contact details given in this data protection notice, without fear of any disadvantages. You will find more details under the heading "Newsletter".

Duration of data processing

The maximum duration of storage depends on the purpose of the data processing. The duration of storage depends in particular on the period for which the processing is necessary to fulfil the purpose or to comply with legal obligations. The statutory storage obligations, in particular in accordance with § 257 HGB and § 147 AO (6 or 10 years), remain unaffected.

Recipient of personal data

We transmit your data to the specialist departments within WHU, as far as this is necessary and legally permissible.

If we use a commissioned processor to process your personal data, we conclude a commissioned processing contract with this processor, which fulfils all the requirements of Art. 28 GDPR.

Your personal data will not be transferred beyond this, unless this is expressly stated in this document.

Place of data processing

The processing of your personal data by us takes place in Germany or in member states of the European Union, unless a transfer of your personal data to states outside the member states of the European Union (so-called third countries) or to other international organisations has been described in the cases listed above, in which case the necessary requirements under Art. 44 ff. GDPR are observed. 

Safety / Technical and organizational measures

We take all necessary technical and organizational measures in accordance with the provisions of Articles 24, 25 and 32 GDPR in order to protect your personal data from misuse and loss, destruction, access, modification or disclosure by unauthorized persons.

In this way, we comply with the legal requirements for pseudonymizing and encrypting personal data, the confidentiality, integrity, availability and resilience of systems and services related to processing, the availability of personal data and the ability to rapidly restore them in the event of a physical or technical incident as well as the establishment of procedures for periodic tests, assessment and evaluation of the effectiveness of technical and organizational measures to ensure the safety of processing.

Furthermore, we also follow the requirements of Art. 25 GDPR with regard to the principles of "privacy by design" (data protection by means of technical design) and "privacy by default" (data protection by means of privacy-friendly default settings).

Your rights

You have a right to free information (right of access) about your personal data as well as, subject to the relevant conditions, a right to rectification, blocking and eraser of your data, to the restriction of processing, to data portability as well as a right of objection.

Insofar as we base the processing of your personal data on the weighing of interests, you can object to the processing. This is the case if the processing is in particular not necessary for the fulfilment of a contract with you. If you do so, please explain why we should not process your personal data as we have done. In the event of your justified objection, we will examine the facts of the case and will either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

You also have the opportunity to complain to a competent supervisory authority (e.g. Landesbeauftragter für den Datenschutz und Informationsfreiheit Rheinland-Pfalz, Prof. Dr. Kugelmann, Hintere Bleiche 34, 55116 Mainz, Germany).

Please contact us or our external data protection officer if you have any questions regarding the processing of your personal data, as well as questions relating to the above-mentioned rights and their assertion, or if you have any suggestions:

Herr Ralf Wickert
Dr. Dornbach Consulting GmbH
Anton-Jordan-Straße 1 
56070 Koblenz
E-Mail: datenschutz(at)whu.edu
Tel.: 0261 9431-434

As of: July 2020

The English version only serves informational purposes. The German version is legally binding.

Kellogg-WHU Executive MBA | Logo