1. Who is responsible for personal data processing and who can I contact?
The responsible body is:
You can reach our data protection officer at:
2. To whom does the Data Protection Policy apply?
This data protection policy applies to visitors to our website, in particular interested parties as well as persons who would like to use and benefit from our offers, or who would like to gain information about Berlin Metropolitan School gGmbH. Furthermore, you can find data protection information for our partners and other external parties under point 6 of this data protection declaration and policy.
3. What data is processed when using the website?
a) Access to and storage of information in terminal equipment
By using our website, information (e.g., IP address) may be accessed or stored (e.g., cookies) on your device. This access or storage may involve further processing of personal data within the GDPR Framework.
In cases where such access to information or such storage of information is absolutely necessary for the technical error-free provision of our services, this is done on the basis of Section 25 (1) Sentence 1, (2) No. 2 TTDSG.
In cases where such a process serves other purposes (e.g., the needs-based design of our website), it will only be carried out on the basis of Section 25 (1) TTDSG with your consent in accordance with Article 6 (1) a DSGVO. The consent can be revoked at any time applicable immediately and in future. The requirements of the DSGVO and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.
For more information on the processing of your personal data and the relevant legal bases in this context, please refer to the following sections on the specific processing activities on our website.
b) Web Hosting
This website is hosted in Berlin, Germany. Personal data collected on this website is stored on our servers. This may include IP addresses, contact requests, meta and communication data, website accesses, and other data generated via a website.
We collect the listed data in order to be able to guarantee a smooth connection setup of the website and a technical, error-free provision of our services. The processing of this data is absolutely necessary to provide you with the website. The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 (1) lit. f DSGVO.
We have concluded an order processing contract with the provider in accordance with the requirements of Art. 28 DSGVO, in which we oblige the provider to protect our customers' data and not to pass it on to third parties.
c) Server Log Files
When visitors access our website, it is technically necessary for data to be transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:
We collect the listed data in order to be able to guarantee a smooth connection setup of the website and a technical, error-free provision of our services. The processing of this data is absolutely necessary to provide you both with access and use of the website. The log files are used to evaluate system security and stability as well as for administrative purposes. The legal basis for the processing of the data is our legitimate interest in the protection and functionality of our website pursuant to Art. 6 (1) lit. f DSGVO.
For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short period of time. After 90 days at the latest, the data is anonymized by shortening the IP address at the domain level, so that it is no longer possible to establish a link to the individual user.
In addition, the data is processed anonymously for statistical purposes, if necessary. This data is never stored together with other personal data of the user, compared with other data, or passed on to third parties.
The internet pages sometimes use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective, and safer. Cookies are small text files stored on your computer and saved by your browser. Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser.
e) Change Cookie Settings
You can revoke or change your cookie settings at any time. To do so, call up the cookie settings again via the "Cookie Settings" link at the bottom of the website.
4. Third-party Modules and Analysis Tools
4.1 Plug-ins and Tools
Videos from "Vimeo" are embedded on this website. "Vimeo" is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA.
If you have given us your consent to do so, the processing is carried out for the optimal marketing of our offer in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO.
For videos from "Vimeo" that are embedded on our website, the tracking tool Google Analytics is automatically integrated. We have no influence on the tracking settings and the analysis results collected via this and cannot view them. In addition, web beacons are set for website visitors via the embedding of "Vimeo Videos".
To prevent the setting of Google Analytics tracking cookies, you can prevent the storage of cookies by selecting the appropriate settings on your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent the collection of data generated by the cookies and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
Our homepage uses the online map service provider Google Maps via an interface. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functionalities of Google Maps, it is necessary to store your IP address.
Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of GDPR. To ensure this, Google uses standard data protection clauses in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
4.2 Analysis Tools
Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies".
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity. Google will also use this information to provide the website operator with other services related to the use of the website and the internet. The IP address sent by your browser as part of Google Analytics is not combined with other data from Google. The processing is carried out in accordance with Art. 6 para. 1 lit. a DSGVO on the basis of the consent provided by you.
We use Google Analytics only with IP anonymization enabled. This means that your IP address is only processed by Google in a shortened form.
We have finalized and implemented an order processing contract with the service provider in which we have obliged the service providers to protect our customers' data and to not pass it on to third parties.
Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Deletion of user-level and event-level data linked to cookies, user identifiers (e.g., user ID), and advertising IDs (e.g., DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) occurs no later than 14 months after their collection.
You can prevent the storage of cookies by adjusting the settings of your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website without restrictions. You can also prevent Google from collecting the data generated by the cookie and from analyzing your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=de.
4.3 Shared Content via plugins (Facebook, Google+1, Twitter & Co.)
Our Internet pages may contain so-called social plugins ("plugins") of the social networks facebook.com, twitter.com, xing.com, linkedin.com, pinterest.com, addthis.com, reddit.com and plus.google.com.
In order to increase the protection of your data when visiting a website of our internet presence, the plugins are integrated into the page by means of a so-called "2-click" or "Shariff" solution. This integration ensures that when you call up a website that contains such plugins, no connection is established with the servers of Facebook, Twitter, Xing, LinkedIn, Pinterest, addthis, reddit and Google +. Only when you activate the plugins and thus give your consent to the transmission of data, does your browser establishes a direct connection to the servers of Facebook, Twitter, Xing. LinkedIn, Pinterest, addthis, reddit and Google +. The content of the respective plugin is transmitted directly to your browser and integrated into the page. The plugin then transmits data (including your IP address) to the operators of the aforementioned social networks.
We have no influence on the scope of the data that the social networks collect with the help of the plugins. To the best of our knowledge, Facebook, Twitter, Xing, LinkedIn, Pinterest, addthis, reddit and Google+ receive information about which of our websites you have currently and previously visited.
By calling up the plugins, Facebook, Twitter, Xing, LinkedIn, Pinterest, addthis, reddit and Google+ receive the information that your browser has called up the corresponding page of our website, even if you do not have a profile with the corresponding social networks or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a server of the operators of Facebook, Twitter, LinkedIn, Pinterest, addthis, reddit and Google + in the USA and stored there. In the case of Xing, the data storage takes place in Germany. The information may be published in the respective social network and displayed there to your contacts.
For the purpose and scope of the data collection and the further processing and use of the data by the aforementioned social networks, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection information under
http://www.facebook.com/policy.php, https://twitter.com/privacy, http://www.google.com/intl/de/+/policy/+1button.html, https://www.xing.com/privacy, https://www.linkedin.com/legal/privacy-policy, https://about.pinterest.com/de/privacy-policy, https://www.addthis.com/privacy/privacy-policy, https://www.reddit.com/help/privacypolicy
If you are a member of a social network and would like to limit the collection of data via our websites and the merging of your user data with the data stored about you by the respective social network, you should log out of it before visiting our website.
5. Contact, Application, and Registration
If you send us inquiries via email, the information you provide in your email, including the personal data you include there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. The specification of an email address is required for contacting us, the specification of your first and last name and your telephone number is voluntary. Under no circumstances will we pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f DSGVO. Your data will be deleted after final processing of your request, provided that there are no legal retention obligations. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f DSGVO.
b) Student Application Form
If you want to enroll your child at BMS, you have the possibility to complete and submit an application form on our website. This registration form basically only asks for data that is necessary for school registration. This can be details about the parents, such as last name, first name, address and contact details, as well as information about the student such as last name, first name, age, and other information required for registration.
The information you provide will be processed solely for the purpose of processing your registration. The legal basis is Art. 6 para. 1 lit. b), the implementation of pre-contractual measures. Your data will only be stored for as long as it is necessary for registration or, if your child is accepted, it will be stored for the period of school attendance and, if applicable, taking into account statutory retention obligations.
c) Applications within the Scope of our Job Advertisements
Berlin Metropolitan School gGmbH collects and processes the personal data of applicants for the purpose of handling the application process and the associated establishment of an employment relationship (pursuant to § 26 BDSG). The processing can take place by post and electronically. If your application documents reach us electronically, for example by e-mail or via a web form located on the website, then they will be transmitted to the controller.
If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller oppose deletion, or we agree with the applicant on longer storage, e.g. for future job postings. Another legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
In addition, you have the opportunity to voluntarily inform yourself about our current job offers on Schrole Connect - https://go.schrole.com/public/738/berlin-metropolitan-school
Berlin Metropolitan School holds events for students and parents. These can be open days or other information events. If it is an online event, you can register for this event via a registration link.
a) Processing Purpose
We use the "Microsoft Teams" tool to hold online events and webinars (hereinafter: "Online Meetings"). "Microsoft Teams" is a service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter: "Microsoft").
Note: If you access the "Microsoft Teams" website, the "Microsoft Teams" provider is responsible for data processing. However, accessing the website is only necessary for the use of "Microsoft Teams" in order to download the software for the use of "Microsoft Teams".
If you do not want to or cannot use the "Microsoft Teams" app, you can also use "Microsoft Teams" via your browser. The service will then also be provided via the "Microsoft Teams" website.
c) What data is processed?
When using "Microsoft Teams", various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an "online meeting".
The following personal data are subject to processing:
e) Processing Scope
We use "Microsoft Teams" to conduct "online meetings". If we want to record "online meetings", we will transparently communicate this to you in advance and - if necessary - obtain consent from you.
If it is necessary for the purpose of logging the results of an online meeting, we will log the chat content in individual cases.
f) Legal basis of data processing
The legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 p. 1 lit. b DSGVO, insofar as the meetings are conducted in the context of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO. Here, too, our interest is in the effective implementation of "online meetings".
In addition, your personal data may be processed on the legal basis of your consent pursuant to Art. 6 (1) sentence 1 lit. a DSGVO (e.g., when recording webinars).
g) Recipient / Passing on of Data
Personal data processed in connection with participation in "online meetings" will not be disclosed to third parties as a matter of principle unless it is specifically intended for disclosure. Please note that the content of "online meetings", as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The "Microsoft Teams" provider necessarily obtains knowledge of the above-mentioned data insofar as this is provided for under our order processing agreement with "Microsoft Teams". We have concluded an order processing contract with the service provider, in which we oblige it to protect the data of our customers and not to pass it on to third parties.
h) Data processing outside the European Union
Microsoft uses international subcontractors and is in association with other companies in countries outside the EU. This may result in a transfer of personal data to the USA, among other countries, which is why further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, Microsoft has agreed to standard data protection clauses with its affiliated companies and subcontractors in accordance with Article 46 (2) c of the GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
You can access further information on Microsoft's data protection at the link https://privacy.microsoft.com/de-de/privacystatement.
8. Privacy Information for Partners & Externals
a) Purposes and Legal basis of the Processing
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, implementation or performance of a contract or for the implementation of pre-contractual measures. Insofar as personal data is required for the initiation or implementation of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful pursuant to Art. 6 (1) lit. b DSGVO.
If you give us your expressed consent to process personal data for specific purposes (e.g., transfer to third parties, evaluation for marketing purposes, or advertising by e-mail), the lawfulness of this processing is based on your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. Consent provided can be revoked at any time with effect for future (see section 9 of this data protection information).
If necessary and legally permissible, we process your data beyond the actual contractual purposes for the fulfillment of legal obligations pursuant to Art. 6 para. 1 lit. c DSGVO. In addition, processing may be carried out to protect the legitimate interests of us or third parties and to defend and assert legal claims pursuant to Art. 6 para. 1 lit. f DSGVO. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.
b) Personal Data Categories
We only process data that is related to the establishment of the contract or the pre-contractual measures. This may be general data about you or individuals in your company (name, address, contact details, etc.) as well as any other data that you provide to us in the context of establishing the contract.
c) Data Sources
We process personal data that we receive from you in the course of contacting you or establishing a contractual relationship or in the course of pre-contractual measures.
c) Data Recipient
We only pass on your personal data within our company to those areas and individuals who need this data to fulfill contractual and legal obligations or to implement our legitimate interests.
Otherwise, data is only forwarded to recipients outside the company if this is permitted or required by law, if the forwarding is necessary for processing and thus fulfilling the contract or, at your request, for carrying out pre-contractual measures, if we have your consent or if we are authorized to provide information. Under these conditions, recipients of personal data may be, for example:
e) Transfer to a Third Country
A transfer to a third country is not intended.
f) Duration of Data Storage
As far as necessary, we process and store your personal data for the duration of our business relationship or for the fulfillment of contractual purposes. This also includes, among other things, the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations as dictated by the German Commercial Code (HGB) and the German Fiscal Code (AO), among other things. The retention and documentation periods prescribed there are two to ten years.
Finally, the storage period is also governed by the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
What Data Protection Rights do I have?
You have the right to information under Article 15 EU GDPR, the right to rectification under Article 16 EU GDPR, the right to deletion under Article 17 EU GDPR, the right to the restriction of processing under Article 18 EU GDPR, the right to object under Article 21 EU GDPR, and the right to data portability under Article 20 EU GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 EU DS-GVO in conjunction with Section 19 BDSG).
A list of supervisory authorities and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
The data protection supervisory authority responsible for Berlin Metropolitan School gGmbH is: The Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Tel.: 030 / 13889-319, mailboxdatenschutz-berlinde.
You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. For exercising your rights and further questions regarding data protection, please contact to our data protection officer (see contact information above).
8.1 Information about your Right Object According to Article 21 EU GDPR
a) Individual Right of Objection
You have the right to object to the processing of your personal data on grounds relating to your particular situation. The prerequisite for this is that the data processing is carried out in the public interest or on the basis of a balancing of interests. This also applies to profiling.
In the event of an objection, we will no longer process your personal data. Unless we can demonstrate compelling legitimate grounds for processing such data that override your interests, rights and freedoms. Or your personal data is used for the assertion, exercise or defense of legal claims.
b) Objection to the Processing of User Data for Public Relations
In individual cases, we use your personal data for our public relations work. You have the right to object to this at any time; this also applies to profiling if it is related to direct advertising. In the event of an objection, we will no longer process your personal data for these purposes. The objection can be made at any time and should be submitted in writing preferably to our data protection officer (see contact details above).
9. How Secure is my Data?
To protect personal data, we use a secure online transmission method called "Secure Socket Layer" (SSL) transmission. All information transmitted using this secure method is encrypted before it is sent. Your personal data is processed exclusively on industry-standard data centers and computers protected by security technologies (e.g., firewalls, password protection, access controls, etc.).
10. Legal Obligations
The provision of personal data for the decision on the finalization of a contract, the performance of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the finalization of the contract, the fulfillment of the contract, or pre-contractual measures.
11. Automated Decision-Making
Automated decision-making or profiling according to Art. 22 DSGVO does not take place.
12. Modification Rights
We reserve the right to adapt or update this BMS Data Protection Policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and consider changes to our services, e.g., when introducing new services. The current version applies to your visit.