Privacy Policy

Security and data protection are fundamental to us. We, therefore, strictly adhere to the rules of data protection laws. Beyond the legal requirements, we respect and honor the privacy of our visitors.

With the following information, we inform you, according to Art. 13 DSGVO, about the processing of your personal data and the rights you are entitled to according to data protection.

When not mentioned otherwise in the description below, the PROVIDER AND RESPONSIBLE IS

NO MONKEY GmbH.
Management: Jochen Fischer, Marco Hammel
Kurfürsten-Anlage 61
69115 Heidelberg
Germany

If you would like to contact us directly, you can use the following contact options:

Phone: +49 6221 3216890

Mail: legal@no-monkey.com

Web: www.no-monkey.com

COLLECTION AND PROCESSING OF PERSONAL DATA

1. concept of personal data

Personal data is information that can be used to determine a person, i.e., information that can be traced back to a person. This includes, for example, your name, address, telephone number, or email address.

We collect, store, use and disclose personal data only for contractual purposes and only if this is permitted by law or you have consented to the collection of data.

Special personal data within the meaning of Article 9 of the GDPR are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, and data concerning sex life or sexual orientation.

2. when do we collect which data from you, and for what purpose?

a) Academy

PROVIDER AND RESPONSIBLE IS

NO MONKEY GmbH.
Management: Jochen Fischer, Marco Hammel

Kurfürsten-Anlage 61

69115 Heidelberg

Germany

In order to use our ACADEMY, you must create an account. For the account creation, we ask you for the following data at https://academy.no-monkey.com/

First name, last name, and email address.

The data processing is based on the consent given by you and is necessary according to Art. 6 para. 1 p. 1 lit. a DSGVO for the purposes mentioned below (3.).

Your personal data will be deleted again as soon as they are no longer required for the purposes mentioned below (3.) and no retention obligations exist. Otherwise, as soon as any retention periods to be observed have expired.

When using our ACADEMY, the specific privacy policies at https://academy.no-monkey.com/privacy apply.

b) Website

When using the website https://www.no-monkey.com, we only collect the personal data that your browser transmits to our server. If you wish to use our website or our Academy, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO):

• IP address,
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (concrete page)
• Access status/HTTP status code
• Data volume transferred in each case
• The website from which the request comes
• Browser
• Operating system and its interface
• Language and version of the browser software.

This data is stored for a period of 1 year and then deleted.

c) Cookies

In addition to the previously mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which the entity that sets the cookie receives certain information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet offer as a whole more user-friendly and effective.

Our website uses the following types of cookies, the scope, and functionality of which are explained below:

aa) Transient cookies.

Transient cookies are automatically deleted when you close the browser. These include, in particular, the session cookies. These stores a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

The data processing is carried out on the basis of the usage contract concluded with you (the Academy) and is necessary according to Art. 6 para. 1 p. 1 lit. a and lit. b DSGVO for the aforementioned purposes for the appropriate processing of the contract and for the fulfillment of obligations arising from this contract.

bb) Persistent cookies

Website

• __hs_initial_opt_in: This cookie is used to prevent the tracking consent banner from always displaying when you’re browsing in strict non-tracking mode. It contains the string “yes” or “no”. It expires in seven days.
• __hs_opt_out: This cookie is used by the opt-in privacy policy to remember not to ask you to accept cookies again. It contains the string “yes” or “no”. It expires in 6 months.
• CONSENT: This cookie is set for embedded Youtube videos telling Youtube not to set any cookie in your browser because of the embedded video on our website. It expires in 24 months.

Academy

• DPSettings
• slim_session
• __stripe_sid
• __stripe_mid

3. disclosure of your data to third parties

In principle, your personal data will only be collected, stored, processed, and used for purposes related to the use of the Academy.

Within our company, only those employees receive information about your data who need it to fulfill our contractual obligations. All employees entrusted with data processing are obliged to maintain the confidentiality of your data and are subject to the agreed duty of confidentiality.

We use the following service providers to maintain and improve our services:

aa) Learnworlds

We transmit to Learnworlds (service provider: LearnWorlds (CY) Ltd Registered address: Gladstonos 120, Foloune Building, 2nd Floor, B1, Limassol, 3032, Cyprus; Website: https://www.learnworlds.com; Privacy Policy: https://www.learnworlds.com/privacy-policy/.)

Following personal data of our users:

Name, address; email address; payment information, IP address; web browser, and operating system.

The transmission takes place for the application of the platform and for the provision of our services, such as the connection of our online courses.

The legal basis for data processing when conducting e-learning courses via Learnworlds is Art. 6 para. 1 lit. a) of the DSGVO.

Processing of personal data also takes place in a third country via Learnworlds. We have concluded an order processing agreement with Learnworlds that meets the requirements of Art. 28 DSGVO. We only use Learnworlds with your prior explicit consent pursuant to Art. 49 (1) lit. a DSGVO.

bb) Zoom

We use the video conferencing system “Zoom” to conduct telephone conferences, online meetings, video conferences, and/or webinars (hereinafter referred to as online conferences). Zoom is a service of Zoom Video Communications, Inc., which is based in the USA.

When using Zoom, different types of data are processed. The processing also depends on how much and what information the participants of online conferences provide themselves.

Personal data:

Mandatory information about the user: First name and/or last name

Optional user information: phone, email address, password, profile picture, department

Metadata:

Topic and (if available) description of the online conference, information about the device/hardware used, IP address(es) of the participants

For dial-in by telephone: Information on incoming and outgoing phone numbers, country name, start and end time. If necessary, further connection data, e.g., the IP address of the device.

If an online conference is recorded (optional):

MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, and a text file of the chat.

Data from video transmission, audio transmission, and text files (in chat):

Participants can choose to transmit audio and/or video of themselves and, if enabled by the host, use the chat, a question, or a poll function. These are processed in order to display them to the other participants in the online conference and, if necessary, to log them.

If the participants have opted for the transmission of audio and/or video signals, the data from the microphone and/or a video camera of the end device or connected microphones or video cameras are processed during the online conference. Participants can switch off or mute the camera or microphone themselves at any time in the Zoom application.

We use Zoom to deliver our e-learning courses, webinars, and online meetings. If they are recorded, we make participants aware of this transparently. During a recording, the Zoom app also displays it for participants to see. All participants have the option to turn off their video signal during the recording or not agree to the recording by leaving the online conference. We do not record chat content by default. In exceptional cases, for example, if this is indispensable for recording results, we inform participants of this before the online conference begins.

You can participate in our online conferences without being registered as a Zoom user. However, if you create a (free) user account, Zoom may store statistics about your participation in Zoom meetings of all kinds for up to one month. In particular, the following data will be stored: Metadata about the meetings you attend if you dial in by phone: Phone dial-in data, and information they enter on Zoom’s webinar platform.

The legal basis for data processing when conducting e-learning courses, webinars, and online meetings via Zoom is Art. 6 para. 1 lit. a) of the DSGVO.

Zoom is a service provided by a provider from the USA. The processing of personal data, therefore, also takes place in a third country. We have concluded an order processing agreement with Zoom Video Communications, Inc. that complies with the requirements of Art. 28 DSGVO. We only use Zoom with your prior explicit consent pursuant to Art. 49 (1) a DSGVO.

Additional information about Zoom Video Communications, Inc.’s privacy practices is available at https://zoom.us/de-de/privacy.html.

c) Hubspot

We use Hubspot to analyze our website. This allows us to constantly optimize the website and make it more user-friendly. In addition, we use the analysis to optimize our advertising offer for you.

HubSpot is a software company based in the USA with an office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

Hubspot is an integrated software solution that we use to cover various aspects of our online marketing. These include, among others:

Email marketing, social media publishing & reporting, reporting, contact management (e.g., user segmentation & CRM), landing pages, and contact forms.

Our sign-up and newsletter services allow visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information, as well as our website content, is stored on servers operated by our software partner HubSpot. It may be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. All information we collect is subject to this privacy policy. We use all collected information exclusively to optimize our marketing measures.

More information on HubSpot’s privacy policy is at https://legal.hubspot.com/de/privacy-policy

As part of the optimization of our marketing measures, the following data may be collected and processed via Hubspot:

• Geographical position
• Browser type
• Navigation information
• Reference URL
• Performance data
• Information about how often the application is used
• HubSpot subscription service credentials
• Files displayed on the site
• Domain names
• Pages viewed
• Aggregated usage
• Operating system version
• Internet service provider
• IP address
• Device identifier
• Duration of the visit
• Where the application was downloaded from
• Operating system
• Events that occur within the application
• Access times
• Clickstream data
• Device model and version

The legal basis of the processing is your consent pursuant to Art. 6 para. 1 lit. a DSGVO.

In the context of processing via HubSpot, data may be transmitted to the USA. We only use Hubspot with your prior express consent pursuant to Art. 49 (1) lit. a DSGVO.

d) Stripe

We offer the option to process the payment transaction via the payment service provider Stripe, 510 Townsend St., San Francisco, CA 94103 (Stripe). This is in line with our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f DSGVO). In this context, we share the following data with Stripe to the extent necessary for the performance of the contract (Art. 6 para. 1 lit. b. DSGVO):

• Cardholder name
• Email address
• Customer number
• Order number
• Bank details
• Credit card data
• Credit card validity period
• Credit card verification number (CVC)
• Date and time of the transaction
• Transaction amount
• Provider name
• Location

The processing of the data provided under this section is not required by law or contract. We cannot process payment via Stripe without the transmission of your personal data.

Stripe has a dual role in data processing activities as a controller and processor. As a controller, Stripe uses your submitted data to fulfill regulatory obligations. This corresponds to Stripe’s legitimate interest (pursuant to Art. 6 (1) lit. f DSGVO) and serves the performance of the contract (pursuant to Art. 6 (1) lit. b DSGVO). We have no influence on this process.

Stripe acts as an order processor in order to be able to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively according to our instructions and has been contractually obligated within the meaning of Art. 28 DSGVO to comply with the provisions of data protection law.

For more information on opt-out and removal options with respect to Stripe, please visit: https://stripe.com/privacy-center/legal

Your data will be stored by us until the completion of the payment processing. This also includes the period required for the processing of refunds, claims management, and fraud prevention.

e) Google Fonts

On our website, we use Google Fonts. These are the “Google Fonts” of the company Google Inc. Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to your users free of charge.

With Google Fonts, we can use fonts on our own website and not have to upload them to our own server. Google Fonts is an important component to keep the quality of our website high. All Google Fonts are automatically optimized for the web, and this saves data volume and is a big advantage, especially for mobile use. When you visit our site, the small file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems, and mobile devices can lead to errors. Such errors can sometimes visually distort texts or entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So, we use Google Fonts to make all our online services as beautiful and consistent as possible.

The legal basis for the use of google fonts is Art. 6 para. 1 p. 1 lit. a DS-GVO.

When you visit our website, the fonts are reloaded via a Google server. Through this external call, data is transmitted to the Google servers. In this way, Google also recognizes that you or your IP address is visiting our website. The Google Fonts API is designed to reduce the use, storage, and collection of end-user data to what is necessary for proper font delivery. By the way, API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software sector.

Google Fonts stores CSS and font requests at Google. Through the collected usage figures, Google can determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites are using Google fonts. This data is published to the Google Fonts BigQuery database. Entrepreneurs and developers use Google’s BigQuery web service to be able to examine and move large amounts of data.

Through each Google Font request, information such as language settings, IP address, browser version, browser screen resolution, and browser name is automatically transmitted to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.

Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU.

The font files are stored by Google for one year. Google thus pursues the goal of fundamentally improving the loading time of websites.

The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. To delete this data prematurely, you need to contact Google support at https://support.google.com/?hl=de&tid=121654627. You can only prevent data storage in this case if you do not visit our site.

You can also find out what data is generally collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.

f.) Google reCAPTCHA

To determine whether you are a real person from flesh and bones and not a robot or spam software, we use Google reCAPTCHA from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA). By spam, we mean any electronically undesirable information we receive involuntarily. With Google’s reCAPTCHA, most of the time, it is enough to simply tick a box and confirm you are not a bot.

reCAPTCHA is a free captcha service from Google that protects websites from spam software and misuse by non-human visitors. This service is used when you fill out forms. A captcha service is a type of automatic Turing test that is designed to ensure specific actions on the Internet are done by human beings and not bots. With Captchas, a computer or software program does the same. Classic captchas function with small tasks that are easy to solve for humans but provide considerable difficulties to machines. With reCAPTCHA, you no longer must actively solve puzzles. The tool uses modern risk techniques to distinguish people from bots. reCAPTCHA integrates a JavaScript element into the source text, after which the tool then runs in the background and analyses your user behavior. The software calculates a so-called captcha score from your user actions. Google uses this score to calculate the likelihood of you being a human before entering the captcha

The legal basis for the use of Google fonts is Art. 6 para. 1 p. 1 lit. a DS-GVO.

We only want to welcome people from flesh and bones on our side and want bots or spam software of all kinds to stay away. Therefore, we are doing everything we can to stay protected and to offer you the highest possible user-friendliness. For this reason, we use Google reCAPTCHA. Thus, we can be pretty sure that we will remain a “bot-free” website. Using reCAPTCHA, data is transmitted to Google to determine whether you genuinely are human. With reCAPTCHA, we can mitigate bot attacks.

reCAPTCHA collects personal user data to determine whether the actions on our website are made by people. Thus, IP addresses and other data Google needs for its reCAPTCHA service are sent to Google. Within member states of the European Economic Area, IP addresses are almost always compressed before the data makes its way to a server in the USA.

Moreover, your IP address will not be combined with any other of Google’s data unless you are logged into your Google account while using reCAPTCHA. Firstly, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed in your browser. Then reCAPTCHA sets an additional cookie in your browser and takes a snapshot of your browser window. The following list of collected browser and user data is not exhaustive. Rather, it provides examples of data, which to our knowledge, is processed by Google.

• Referrer URL (the address of the page the visitor has come from)
• IP-address
• Information on the operating system (the software that enables the operation of your computers)
• Cookies
• Mouse and keyboard behavior (every action you take with your mouse or keyboard is stored)
• Date and language settings
• All Javascript objects of the website
• Screen resolution (shows how many pixels the image display consists of)

Google may use and analyze this data even before you click on the “I am not a robot” checkmark.

The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. To delete this data prematurely, you need to contact Google support at https://support.google.com/?hl=de&tid=121654627. You can only prevent data storage in this case if you do not visit our site.

You can also find out what data is generally collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.

g.) YouTube

Our website embeds videos from the service YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in the expanded data protection mode. This mode ensures that YouTube does not store any information about visitors to this website before they watch the video. As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.

Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device. With the assistance of these cookies, YouTube will be able to obtain information about our website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user-friendliness of the site and preventing attempts to commit fraud. These cookies will stay on your device until you delete them. Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which is beyond our control. The sharing of data with YouTube partners cannot be ruled out as a result of the expanded data protection mode.

The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6 Sect. 1 lit. f GDPR, this is a legitimate interest. If a corresponding agreement has been requested (e.g., an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.

For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy at https://www.google.de/intl/de/policies/privacy.

4. Duration of Data Storage

We delete your personal data as soon as they are no longer required for the above-mentioned purposes and no retention obligations exist. In addition, as soon as any retention periods to be observed have expired. Corresponding retention obligations arise primarily from the German Commercial Code, as well as from the German Fiscal Code, but also from other laws. The retention period, according to the German Commercial Code, is six years, and according to medical professional law, ten years; according to tax law, also ten years.

5. Your Rights under the EU General Data Protection Regulation:

You have the right:

• To revoke your consent at any time in accordance with Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent in the future. However, your revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
• pursuant to Art. 15 DSGVO to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been disclosed or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected from or by us, as well as about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
• in accordance with Art. 16 DSGVO to demand the correction of incorrect or the completion of your personal data stored by us without delay;
• pursuant to Art. 17 DSGVO to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or in the exercise of official authority or for reasons of public interest in the field of public health or for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes or for the establishment, exercise or defense of legal claims;
• in accordance with Art. 18 DSGVO to request the restriction of the processing of your personal data as long as the accuracy of your data disputed by you is verified. If you refuse the erasure of your data due to unlawful data processing and instead request the restriction of the processing of your data if we no longer need your data for the purposes of the processing, but you need your data for the assertion, exercise, or defense of legal claims, if you have objected to the processing in accordance with Art. 21 DSGVO and it is not yet clear whether the legitimate grounds of the controller override your grounds. If the processing of your personal data has been restricted, such data may, apart from being stored, only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If you have obtained a restriction of processing, you will also be informed by the controller before the restriction is lifted.
• In accordance with Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request that it be transferred to another controller and
• complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the place of the alleged infringement, or our company headquarters for this purpose.
• Suppose your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing, so that arise from your particular situation. If you wish to exercise your right to object, simply send an email to: legal@no-monkey.com

Heidelberg, the 1^st of January 2023