ETS Online

1.1 What is Personal Data

Personal data refers to information that reveals or could reveal the identity of the user. We adhere to the principle of data minimization. Collection of personal data is avoided wherever possible.

1.2 Processing of Personal Data

Personal data is used exclusively for the establishment, content design, implementation, or termination of the contractual relationship (Art. 6 (1b) GDPR).

Beyond this, personal data is only processed if we have received your consent (Art. 6 (1a) GDPR) or if it concerns data whose processing is necessary for our legitimate interests and where the balancing of interests shows that no overriding interests, fundamental rights, or freedoms on your part stand in opposition (Art. 6 (1f) GDPR).

We may employ processors for processing your personal data, with whom we have concluded a data processing agreement as required. However, we will generally not share personal data with third parties.

The processing of your personal data takes place within the EU and in countries classified by the EU as safe or adequate. Should processing of personal data occur in the United States, we ensure that the services we use are certified under the "Data Privacy Framework".

1.3 Usage Data

When visiting the website, general technical information is collected. This includes the IP address used, time, duration of visit, browser type, and possibly the referring page. This usage data is registered in a log file for technical reasons and may be used and stored for statistical analysis of this website. No linking of this usage data with your other personal data takes place.

1.4 Registration Data

Registration is required for comprehensive use of the functions of our website. The registration data is collected through your corresponding inputs and used for the specifically stated purpose according to your consent (Art. 6 (1a) GDPR).

1.5 Duration of Storage

After the termination of the purpose for which the data was collected, we store your personal data only as long as required by statutory provisions (particularly tax law).

In detail, the following retention periods apply, for example:

2.1 Right to Information

You may request information from us about whether we process personal data from you, and if this is the case, you have the right to information about this personal data and to the further information specified in Art. 15 GDPR.

2.2 Right to Rectification

You have the right to correction of inaccurate personal data concerning you and may request the completion of incomplete personal data according to Art. 16 GDPR.

2.3 Right to Erasure

You have the right to demand that we delete your personal data immediately. We are obligated to delete it immediately, especially if one of the following reasons applies:

• Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
• You revoke your consent on which the processing of your data was based, and there is no other legal basis for the processing.
• Your data has been processed unlawfully.

The right to erasure does not exist if your personal data is necessary for the assertion, exercise, or defense of our legal claims.

2.4 Right to Restriction of Processing

You have the right to request restriction of the processing of your personal data if:

• You contest the accuracy of the data, and we therefore verify the accuracy,
• The processing is unlawful, and you refuse the deletion and instead request the restriction of use,
• We no longer need the data, but you need it for the assertion, exercise, or defense of legal claims,
• You have objected to the processing of your data, and it has not yet been determined whether our legitimate grounds override your grounds.

2.5 Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent or a contract and the processing is carried out by us using automated procedures.

2.6 Right to Withdraw Consent and Right to Object

Insofar as the processing of your personal data is based on consent (Art. 6 (1a) GDPR), you have the right to withdraw this consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.

Insofar as the processing of your personal data is based on Art. 6 (1e) GDPR or Art. 6 (1f) GDPR, you have the right, according to Art. 21 GDPR, to object at any time to the processing of personal data concerning you for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that overrides your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.

2.7 General Information and Right to Lodge a Complaint

The exercise of your aforementioned rights is generally free of charge for you. You have the right to address complaints directly to the supervisory authority responsible for us, the State Data Protection Officer.

3.1 Data Security Measures

All data on our website is secured against loss, destruction, access, alteration, and distribution through technical and organizational measures.

3.2 Sessions and Cookies

For the operation of the website, we use cookies or server-side sessions in which data can be stored. We ensure that cookies are only used and information already stored in your terminal equipment is only adopted if this is absolutely necessary for the provision of the digital service you expressly desire (§ 25 (2) No. 2 TDDDG) or if express consent has been given by you (§ 25 (1) TDDDG).

With your express consent, we use cookies to personalize content and advertisements, to offer functions for social media, and to analyze access to our website. We may share information about your use of our website with your consent to our partners for social media, advertising, and analysis. Our partners may possibly combine this information with other data that they already possess from you.

We use the following social media platforms for company presentation and communication (explicit reference is made to the privacy policies and opt-out options linked below).

Facebook (Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland)

Privacy Policy: https://www.facebook.com/about/privacy/

Opt-Out: https://www.youronlinechoices.com

X (Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07,

Ireland)

Privacy Policy: https://twitter.com/de/privacy

Opt-Out: https://twitter.com/personalization

Instagram (Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland)

Privacy Policy and Opt-Out: https://instagram.com/about/legal/privacy/

YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

Privacy Policy: https://www.youtube.com/t/privacy/

These social media platforms may process personal data outside the EU; we refer in this regard to the above privacy policies of the social media platforms.

The respective social media platforms may create usage profiles from your usage behavior and the resulting interests and actions on your part and store cookies on your computer in which your usage behavior is stored. If you have an account on the respective social media platform and are logged in, your usage behavior can even be stored device-independently. Your usage profile can be used to place advertisements that presumably correspond to your interests.

We process personal data exclusively for communication with you via the social media platform you have chosen and for optimization of our online presence, and we ensure that no interests of yours are affected that would outweigh this legitimate interest on our part (Art. 6 (1f) GDPR). Insofar as you have already given valid consent to the respective operator of the social media platform for the corresponding data processing, the processing of your personal data also takes place on the basis of this consent (Art. 6 (1a) GDPR).

5.1 External Hosting

Our website is hosted by the following external service provider:

STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin

Privacy Policy: www.strato.de/datenschutz/

The (personal) data collected on this website is transmitted to and stored on the servers of the aforementioned third-party provider, which may include, among others:

• IP addresses,
• Contact data,
• Contract data,
• Website accesses,
• Date and time of the request,
• Time zone difference to Greenwich Mean Time,
• Content of the request,
• HTTP status code,
• Amount of data transferred,
• The website from which the request originates,
• Information on browser and operating system

The use of the host is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1b) GDPR) and in the interest of secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 (1f) GDPR). The aforementioned third-party provider will only process your data to the extent necessary to fulfill the performance obligations and will follow our instructions regarding this data.

5.2 Social Media Links

We have our own social media pages accessible via links from this website to third-party providers. By using the links, you access the respective websites of the third-party providers (e.g., Facebook, X, Instagram). To avoid unnecessary data transfer, we recommend logging out from the respective third-party provider before using a corresponding link so that user profiles cannot be created by the third-party provider through the use of the link.

5.3 Third-Party Login 

5.3.1 Login with a Facebook Account

You can log in via your existing Facebook account. For this, click on the button "Login with Facebook." This will redirect you to www.facebook.com (operated by Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland). There you enter your Facebook account data and click on "Log in." The privacy policy and terms of use of Facebook apply to the use of Facebook services.

5.3.2 Login with a Google Account

You can also log in via your existing Google account. For this, click on the button "Login with Google." This will redirect you to www.accounts.google.com (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). There you enter your Google account data and click on "Log in." The privacy policy and terms of use of Google apply to the use of Google services.

5.3.3 Login with LinkedIn Account

You can log in via your existing LinkedIn account. For this, click on the button "Login with LinkedIn." This will redirect you to www.linkedin.com (operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA). There you enter your LinkedIn account data and click on "Log in." LinkedIn processes data from you also in the USA. The privacy policy and terms of use of LinkedIn apply to the use of LinkedIn services.

5.3.4 Login with Apple Account

You can log in via your existing Apple account. For this, click on the button "Sign in with Apple." Certain applications may ask for your name or email address for legitimate reasons. However, you have the option to edit your name before sharing it, and for email requests, you can optionally name one of the email addresses associated with your Apple account or have Apple generate a private email forwarding address. The privacy policy and terms of use of Apple apply to the use of Apple services. To manage "Sign in with Apple," select in iOS "Settings" > "[Your Name]" > "Login & Security" > "Apps." On Mac, open the corresponding settings in your Apple account.

5.4 Cloudflare

We use the service Cloudflare (operated by Cloudflare Inc., 101 Townsend St, 94107 San Francisco, USA) to reload our content and to ensure the full functionality of our website. In this context, your browser may transmit personal data (e.g., your IP address) to Cloudflare to provide the service. Data processing may also take place in the USA.

Cloudflare itself may also use a CDN. A CDN is a network of powerful servers that cache content in various locations around the world. A CDN has two tasks: first, to provide content in the shortest possible time, and second, to relieve the web host by distributing data traffic. You can prevent the collection and processing of your data by Cloudflare by disabling the execution of script code in your browser or by installing a script blocker in your browser (you can find this at www.noscript.net or www.ghostery.com).

The use of the service is based on our legitimate interest in enabling simple and attractive use of our online offering (Art. 6 (1f) GDPR).

5.5 Google Web Fonts

We use so-called Web Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to be able to display a uniform font on our website. These are automatically stored in your browser cache when you access one of our pages to enable the desired display. If your browser does not support the web fonts used, a standard font from your computer may be used. No user interests are affected here that would outweigh this technical necessity (Art. 6 (1f) GDPR).

You can view Google's privacy policy here: https://www.google.com/policies/privacy/ More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq
More information about the handling of the transferred data can be found in Cloudflare's privacy policy: https://www.cloudflare.com/de-de/privacypolicy/

5.6 gstatic

We use the service gstatic from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to efficiently provide static content such as fonts, images, or JavaScript libraries and to optimize loading times for our website.

When you visit our website, your browser automatically sends certain data to Google, including your IP address, information about your browser and your device, as well as details about your visit (e.g., pages visited, length of stay) to optimize the delivery and performance of gstatic, as well as for general statistical purposes.

The processing of your data is based on our legitimate interest in an appealing and functional website. No user interests are affected here that would outweigh this technical necessity of integrating the service (Art. 6 (1f) GDPR).

You can view Google's privacy policy here: https://policies.google.com/privacy

5.7 Continuous Protection through Google reCAPTCHA

To ensure the ongoing security of our website against automated manipulation and spam attacks, Google reCAPTCHA v3 is used, operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) as the European branch of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). This service continuously analyzes interaction patterns of all visitors, including mouse movements, keyboard inputs, and length of stay, to distinguish human users from bots. The processing of your IP address, device and browser metrics (screen resolution, installed plugins, operating system version), and interaction data takes place exclusively after you have given your active consent in accordance with Art. 6 (1a) GDPR.

For technical reasons, Google reCAPTCHA may set session cookies and local storage elements that generate a pseudonymized user identifier. This identifier enables the detection of attack patterns across multiple visits without collecting personal identifiers such as names or email addresses. However, if you simultaneously use other Google services (e.g., Gmail), a profile linking that is critical in terms of data protection takes place, which is why we recommend using separate browser sessions.

Google's privacy policy can be found at https://policies.google.com/privacy

5.8 Use of the Thinkific Platform

To provide and manage our online courses, we use the e-learning platform Thinkific, operated by Thinkific Labs Inc. (400-369 Terminal Avenue, Vancouver, British Columbia V6A 4C4, Canada). The platform serves as technical infrastructure for the following purposes:

• Hosting of course content (videos, PDFs, quizzes)
• Management of user accounts and learning progress
• Processing of payment transactions via integrated payment gateways
• Sending automated email notifications about course updates

The processing of your personal data (name, email address, IP address, payment data) is based on Art. 6 (1b) GDPR for contract fulfillment and in the interest of secure, fast, and efficient provision of our online offering by a professional provider. No user interests are affected here that would outweigh this technical necessity of integrating the service (Art. 6 (1f) GDPR).

You can find Thinkific's privacy policy at https://www.thinkific.com/privacy-policy

6. Contact Information

For inquiries regarding data protection, you are welcome to contact us using the following contact options. Controller within the meaning of the GDPR:

European Theological Seminary e.V.

Rippoldsauer Str. 50

72250 Freudenstadt

Email: [email protected]

Phone: +49 7442/4905-0

Should you have any questions regarding data protection, you are welcome to contact our Data Protection Officer:

Attorney-at-Law Cornelius Matutis

Berliner Straße 57

14467 Potsdam, Germany

Email: [email protected]

Phone: +49 331 813 284 70