Latest status: April 17, 2023
Data Controller
Business Agility Academy Ltd. is committed to protecting your privacy. This Privacy Policy sets out the types of personal data we collect, who we share it with in relation to the services, on what legal basis we process data and what rights and options you have in this respect by law.
Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses or user behaviour. With regard to the other terms used below, such as “data controller” or “data processor”, we refer to the catalogue of definitions in Article 4 of the EU General Data Protection Regulation (“GDPR”).
The data controller (Art. 4 Para 7 GDPR) is:
Business Agility Academy Ltd.
Kemp House 160 City Road
London EC1V2NX
United Kingdom
Phone: +49 160 55 09 173
Email: team@business-agility.academy
We accept no responsibility for links and references that reference outside of our domain.
General information
SSL or TLS encryption
When you enter your data on websites, place online orders or send e-mails via the Internet, you must always be aware that unauthorised third parties may access your data. There is no complete protection against such access. However, we do our utmost to protect your data as best we can and to close security gaps as far as we can.
An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data you transmit to us cannot be read by third parties. You can recognise the encryption by the lock icon before the internet address entered in your browser and that our internet address begins with https:// and not with http://.
How long do we store your data?
In some places in this privacy policy, we inform you about how long we or the companies that process your data on our behalf will store your data. If we don’t provide such information regarding a special processing activity, we store your data until the purpose of the data processing no longer applies, you object to the data processing, you revoke your consent to the data processing and provided that there are no statutory retention obligations that prevent a deletion.
However, in the event of an objection to processing or a revocation of consent given, we may continue to process your data if at least one of the following conditions applies:
- We have compelling legitimate grounds for continuing to process the data which override your interests, rights and freedoms (only in the case of an objection to data processing; if the objection is to direct marketing, we cannot provide legitimate grounds).
- The data processing is necessary to assert, exercise or defend legal claims (does not apply if your objection is directed against direct advertising).
- We are legally obliged to retain your data (e.g. § 257 German Commercial Code (HGB), § 147 German Federal Tax Code, (AO)).
In this case, we will delete your data as soon as the requirement(s) cease to apply.
Your Rights
Objection to data processing
IF YOU READ IN THIS PRIVACY POLICY THAT WE HAVE LEGITIMATE INTERESTS FOR THE PROCESSING OF YOUR DATA AND THAT THIS IS THEREFORE BASED ON ART. 6 PARA 1 LIT. F) GDPR, YOU HAVE THE RIGHT UNDER ART. 21 GDPR TO OBJECT TO THIS. THIS ALSO APPLIES TO PROFILING WHICH IS CARRIED OUT ON THE BASIS OF THE AFOREMENTIONED PROVISION. THE PREREQUISITE IS THAT YOU STATE THE REASONS FOR THE OBJECTION WHICH RESULT FROM YOUR PARTICULAR SITUATION. NO JUSTIFICATION IS REQUIRED IF THE OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT ADVERTISING.
THE CONSEQUENCE OF THE OBJECTION IS THAT WE MAY NO LONGER PROCESS YOUR DATA. THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING CONDITIONS IS MET:
- WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS.
- THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS TO DIRECT MARKETING OR TO PROFILING RELATED TO IT.
Other Rights
Withdrawal of your consent to data processing
Many data processing operations are based on your consent. You give this consent, for example, by ticking the appropriate box on online forms before you send the form, or by allowing certain cookies when you visit our website. You can revoke your consent at any time without giving reasons (Art. 7 (3) GDPR). From the time of revocation, we may then no longer process your data. The only exception: we are legally obliged to retain the data for a certain period of time. Such retention periods exist in particular in tax and commercial law.
Right to complain to the competent supervisory authority
If you believe that we are in breach of the General Data Protection Regulation (GDPR), you have the right to complain to a supervisory authority under Article 77 GDPR. You may contact a supervisory authority in the Member State of your residence, place of work or the place where the alleged infringement took place. The right to complain exists alongside administrative or judicial remedies.
Right to data portability
We must hand over data that we process automatically on the basis of your consent or in fulfilment of a contract to you or a third party in a common machine-readable format if you request this. We can only transfer the data to another controller if this is technically possible.
Right to information, deletion and correction of data
According to Art. 15 GDPR, you have the right to receive information free of charge about which of your personal data we have stored, where the data comes from, to whom we transmit the data and for what purpose it is stored. If the data is incorrect, you have the right to have it corrected (Art. 16 GDPR), and under the conditions of Art. 17 GDPR you may demand that we delete the data.
Right to restriction of processing
In certain situations, you can demand that we restrict the processing of your data in accordance with Art. 18 GDPR. The data may then – apart from storage – only be processed as follows:
- with your consent
- for the assertion, exercise or defence of legal claims
- to protect the rights of another natural person or legal entity
- for reasons of important public interest of the European Union or a Member State.
The right to restrict processing exists in the following situations:
- You have disputed the accuracy of your personal data held by us and we need time to verify this. Here, the right exists for the duration of the verification.
- The processing of your personal data is unlawful or has been unlawful in the past. Here the right exists alternatively to erasure of the data.
- We no longer need your personal data, but you need it to exercise, defend or enforce legal claims. Here you have the alternative right to have the data deleted.
- You have lodged an objection in accordance with Art. 21 (1) GDPR and now your interests and ours must be weighed against each other. Here, the right exists as long as the result of the balancing has not yet been determined.
Data Collection on This Website
External hosting
Our website is hosted on a server provided by the following Internet service provider (hoster):
Amazon Web Services Inc.
410 Terry Avenue North
WA 98109-5210 Seattle, USA
How do we process your data?
The hoster stores all data from our website. This includes all personal data that is collected automatically or through your input. This can be in particular: Your IP address, pages accessed, names, contact details and enquiries, as well as meta and communication data. When processing data, Amazon Web Services Inc. complies with our instructions and only ever processes the data to the extent that this is necessary to fulfil its obligation to provide services to us.
On what legal basis do we process your data?
Since we address potential customers via our website and maintain contacts with existing customers, the data processing by our hosting serves to initiate and fulfil a contract and is therefore based on Art. 6 Para. 1 lit. b) GDPR. In addition, it is our legitimate interest as a company to provide a professional Internet offering that meets the necessary requirements for security, speed and efficiency. In this respect, we also process your data on the basis of Art. 6 Para. 1 lit. f) GDPR.
Use of Cookie
Our website places cookies on your device. These are small text files that are used for various purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are needed to perform certain actions or functions on the site (functional cookies). For example, without cookies it would not be possible to take advantage of a shopping basket in an online shop. Still other cookies are used to analyse user behaviour or to optimise advertising measures. If we use third-party services on our website, e.g. to process payment transactions, these companies may also leave cookies on your device when you access the website (so-called third-party cookies).
How do we process your data?
Session cookies are only stored on your device for the duration of a session. As soon as you close the browser, they disappear by themselves. Permanent cookies, on the other hand, remain on your device unless you delete them yourself. This can lead, for example, to your user behaviour being permanently analysed. You can influence how your browser handles cookies by changing the settings:
- Do you want to be informed when cookies are set?
- Do you want to exclude cookies in general or for certain cases?
- Do you want cookies to be automatically deleted when you close the browser?
If you deactivate or do not allow cookies, the functionality of the website may be limited.
If we use cookies from other companies or for analysis purposes, we will inform you about this within the scope of this Privacy Policy. We also ask for your consent in this regard when you visit our website.
On what legal basis do we process your data?
We have a legitimate interest in ensuring that our online offers can be used by visitors without technical problems and that all desired functions are available to them. The storage of necessary and functional cookies on your device is therefore carried out on the basis of Section 25 (2) No. 2 of the Telecommunications Telemedia Data Protection Act (TTDSG) as well as Art. 6 Para. 1lit. f) GDPR.
We use all other cookies on the basis of § 25 Para. 1 TTDSG and Art. 6 Para. 1 lit. a) GDPR, provided you give us your consent.
With regard to consent given, you have the option at any time to change the decision made there and to subsequently give or revoke your consent. The cookie and consent banner (Usercentrics Consent Management) can be accessed at any time via the footer of our website.
The use of Usercentrics Consent Management is justified by our legitimate interests in accordance with Art. 6 Para 1 lit. f GDPR in the use of optimised consent management. With the help of the tool, we as the data controller can comply with our legal obligations under the TTDSG and the GDPR as well as the ECJ case law on cookies.
Overriding legitimate interests of the user that outweigh our interests are not evident.
Server Log Files
Server log files record all requests and accesses to our website and record error messages. They also include personal data, in particular your IP address. However, this is anonymised by the provider after a short time, so that we cannot assign the data to you personally. The data is automatically transmitted to our provider by your browser.
How do we process your data?
Our provider saves the server log files in order to be able to track the activities on our website and to find errors. The files contain the following data:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address (anonymised if necessary)
We do not combine this data with other data, but only use it for statistical evaluation and to improve our website.
On what legal basis do we process your data?
We have a legitimate interest in ensuring that our website runs without errors. It is also our legitimate interest to obtain an anonymised overview of the accesses to our website. The data processing is therefore lawful according to Art. 6 Para. 1 lit. f) GDPR.
Contact Form
You can send us a message via various contact forms on this website.
How do we process your data?
We store your message and the information from the form in order to be able to process your enquiry including follow-up questions. This also applies to the contact details provided. We do not pass on the data to other persons without your consent.
How long do we store your data?
We delete your data as soon as one of the following occurs:
- Your request has been conclusively processed.
- You request us to delete the data.
- You revoke your consent to the storage.
This only does not apply if we are legally obliged to retain the data.
On what legal basis do we process your data?
If your enquiry is related to our contractual relationship or serves to implement pre-contractual measures, we process your data on the basis of Art. 6 Para. 1lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process enquiries directed to us. The legal basis for data processing is therefore Art. 6 Para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 Para. 1 lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.
Enquiry by e-mail or telephone
You can send us a message by e-mail or call us.
How do we process your data?
We store your message as well as the contact details you have given us or the telephone number you have called us in order to be able to process your enquiry including follow-up questions. We do not pass on the data to other persons without your consent.
How long do we store your data?
We delete your data as soon as one of the following occurs:
- Your enquiry has been conclusively processed.
- You request us to delete the data.
- You revoke your consent to the storage.
This only does not apply if we are legally obliged to retain the data.
On what legal basis do we process your data?
If your enquiry is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6 Para. 1 lit. b) GDPR. In all other cases, we process data based on our legitimate interest to effectively process enquiries directed to us. The legal basis for data processing is therefore Art. 6 Para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 Para. 1 lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.
Analysis tools, plugins and advertising
We use the following third-party tools to analyse the behaviour of our website visitors, show them advertising or offer other website features.
Your prior consent is required for the use of these tools in accordance with Art. 6 Para. 1 lit. a GDPR. We obtain this consent via the cookie banner of Usercentrics of the corresponding website.
By clicking on “Accept all” on our cookie banner, you also consent to your data being processed in the United States of America in accordance with Art. 49 Para 1 lit. a GDPR. The United States of America has been assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal remedy.
1. Google reCAPTCHA
What is Google reCAPTCHA?
Google reCAPTCHA is a service that checks whether data is entered by a human or by an automated program.
Who processes your data?
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland
Where can you find more information about data protection with Google reCAPTCHA?
For more information about Google reCAPTCHA please refer to the Google Data Privacy Declaration and Terms Of Use under the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.
On what basis do we transfer your data to the USA?
Google complies with the European Commission’s standard contractual clauses (https://privacy.google.com/businesses/compliance/)
How do we process your data?
The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.
After users have given their consent via our Usercentrics Consent Management, the reCAPTCHA analyses run entirely in the background. Without consent to the analysis, certain parts of the website, such as contact forms, may not be usable.
Audio and video conferencing
As a company we are in contact with many people: Customers, business partners, service providers, etc. In doing so, we also use so-called online conference tools for the exchange, in addition to other means of communication. Information relevant to data protection law on the provider(s) of the tools we use can be found at the end of this section. If you communicate with us via such a tool, not only we, but in particular the provider of the respective tool, process your personal data.
How do we process your data?
Online conference tools collect and store various personal data in order to enable participation in an online conference and its smooth execution. In addition to registration, conference and technical data, this also concerns certain communication content.
Registration data: Your e-mail address and/or telephone number and, if applicable, other data that you provide when registering for the conference.
Conference data: The start, end as well as duration of your participation in the conference, the number of participants and other metadata about the conference.
Technical data: IP address, MAC address, device ID, device type, operating system and version, client version, camera type, microphone or loudspeaker and the type of connection.
Communication content: Cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards and other information shared while using the service.
For details on data processing, please refer to the privacy statements of the respective conference tool provider.
How long do we store your data?
As your communication partner, we delete your data on our systems as soon as one of the following occurs:
- The purpose of the data processing no longer applies.
- You request us to delete the data.
- You revoke your consent to the storage.
This does not apply if we are legally obliged to retain the data.
Cookies remain on your terminal device until you delete them.
Conference tool providers also store your data for their own purposes. Please enquire directly with the providers what this means for the duration of the storage of your data.
On what legal basis do we process your data?
If we are already contractually connected or if you would like to conclude a contract with us, we use conference tools to fulfil the contract or to inform you about our services or products. In this respect, the data processing is based on Art. 6 Para. 1 lit. b) GDPR. Otherwise, the use of conference tools serves the purpose of simple and quick communication, without which we would not be able to run our business efficiently. We therefore also have a legitimate interest in data processing pursuant to Art. 6 Para. 1 lit. f) GDPR. Another legal basis may be your consent. Relevant in this case is Art. 6 Para. 1 lit. a) GDPR. This basis ceases to apply in the future if you revoke your consent.
Which online conference tools do we use?
Zoom
What is Zoom?
Communication platform for video meetings, voice communication, webinars as well as chats via desktop computers, telephones, mobile devices and conference room systems.
Who processes your data?
Zoom Communications Inc, 55 Almaden Boulevard, Suite 600, San Jose, CA 95113, USA
Where can you find more information about privacy at Zoom?
https://zoom.us/de-de/privacy.html
On what basis do we transfer your data to the USA?
Zoom Communications Inc. complies with the European Commission’s standard contractual clauses (see https://zoom.us/de-de/privacy.html#_Toc44414846)
Microsoft Teams
What is Microsoft Teams?
Communication platform for teamwork
Who processes your data?
Microsoft Corp., One Microsoft Way, Redmond, WA 98052-6399, USA
Where can you find more information about Microsoft Teams privacy?
https://privacy.microsoft.com/de-de/privacystatement
On what basis do we transfer your data to the USA?
Microsoft adheres to the European Commission’s standard contractual clauses (see https://docs.microsoft.com/en-us/compliance/regulatory/gdpr).