This privacy policy informs you about the nature, scope and purpose of the processing of your personal data by the data controller in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR).
The definitions of the GDPR, in particular according to Art. 4, are used as a basis.
The controller according to data protection law is:
Tomorrows Education GmbH („TE “, „we“)
Am Orangeriepark
513156 Berlin
E-Mail: info@tomorrowseducation.com
You can reach the appointed data protection officer as follows:
Intelliant GmbH
Reinhardtstr. 25
10117 Berlin
E-Mail: privacy@tomorrowseducation.com
When you visit our website, we process personal data as follows.
We use services provided by third parties. These services also include the use of cookies (Necessary, Functionality, Experience, Measurement, Marketing). You can find specific information on the individual cookies and individual setting options under "Learn more and customize" in our consent management.
In the consent management, you can consent to processing and object to processing based on legitimate interest. You can also adjust your preferences at a later date or revoke your consent with effect for the future. These adjustments are possible at any time via the "Privacy settings" button in your browser window. Please note that without your consent, individual functions of the website may only function to a limited extent.
Processing | Provision website content |
---|---|
Purpose | • Establishment of the technical connection between the visitor’s terminal device and our website (execution of the session). • Maintaining and improving the functionality of the website • Maintaining and improving the information security or data security (confidentiality, availability and integrity) of the website (data storage in log files) |
Categories of processed data | • IP address of the accessing system • Browser type of the end device used and version • Internet service provider of the accessing system • Date, time and success of the access • Third-party websites from which the user’s system accesses our website • Third-party websites that are accessed by the user’s system via our website |
Categories of recipients | • Web hosting - Webflow, Inc. • Various cookie providers (see consent management). • Note: Google Tag Manager (Google Inc.) - no processing of personal data. |
Storage period or its criteria | • US (web hosting) in accordance with appropriate guarantees pursuant to Art. 46 GDPR • US (cookies) with appropriate consent |
Storage period or its criteria | • Session: data deletion at the end of the respective session • Log files: data deletion after 7 days or anonymization • Cookies: see consent management |
Legal basis | • Art. 6 (1) f) GDPR (legitimate interests) • Art. 6 para. 1 a) GDPR (consent - see 2.1.2) |
We process personal data of website visitors for the purposes of website optimization and reach analysis, as well as for the integration of marketing and social media functionalities. Detailed information on these data processing activities can be found in the consent management under " Learn more and customize". The legal basis for processing for these purposes is Art. 6 para. 1 a) GDPR (consent). The consent for this processing can be revoked at any time for the duration of this browser session using the settings.
We place advertisements in various social networks for marketing reasons. In order to measure the success of these ads and to increase them in the future, various technologies (e.g. tracking pixel, audiences) are used if you have consented to this. It is important to note that this processing only takes place if you have voluntarily given your consent in our consent management.
Processing | Tracking Pixel and Audiences |
---|---|
Purpose | • Measure the success of ads in search engines and social networks• Improve the efficacy and conversion of ads • Inform broadcaster of ad about success and conversion • improve target group and audiences for ads by providing target group criteria and list of existing users |
Categories of processed data | • Possibly Personal master data (name, e-mail address) • IP address, log data, and tracking |
Categories of recipients | • CRM - HubSpot Germany GmbH (EU servers) • Broadcaster of ads - e.g Meta Platforms, Inc., Google LLC. |
Third-country transfer | • US |
Storage period or its criteria | - |
Legal basis | • Art. 6 para. 1 a) GDPR (consent) |
2.1.3.1. Contact form & brochure
We can be contacted via our website using the contact form.
Processing | Contact & information material |
---|---|
Purpose | • Contacting TE• Submitting requests to TE to be answered• Provision of information material / brochure regarding studies by TE |
Categories of processed data | • Personal master data (name, e-mail address) • Phone number (optional) • Program (studies) • Message content (optional) • IP address, log data, and tracking |
Categories of recipients | • CRM - HubSpot Germany GmbH (EU servers) |
Third-country transfer | - |
Storage period or its criteria | • 3 months after receipt/response to contact request |
Legal basis | • Art. 6 para. 1 a) GDPR (consent) |
2.1.3.2. Meet with Tomorrow University
You can directly book an online meeting with us to learn more about our programs and other offered services.
Processing | Online meeting |
---|---|
Purpose | • Contacting TE• Schedule an online meeting with TE |
Categories of processed data | • Chosen available meeting date & time• Personal master data (name, e-mail address)• Phone number (optional)• Message content (optional)• IP address, log data, and tracking |
Categories of recipients | • CRM - HubSpot Germany GmbH (EU servers) |
Third-country transfer | • US (CRM) in accordance with appropriate guarantees pursuant to Art. 46 GDPR |
Storage period or its criteria | • 12 months after meeting took place |
Legal basis | • Art. 6 para. 1 a) GDPR (consent) |
The services and study programs of TE’s online campus are available in the mobile-app. For this purpose, a sign-up or a user account is necessary. In addition, data is processed, among other things, in the context of the operation of the app, as well as for the provision of the functions, the security and the improvement of the features offered. The individual processing is explained below.
Data subjects are registered users using the online campus and the mobile-app.
For the provision of the online campus and for the operation of the app, personal data are processed. The processing defined in this section refers to the complete operation and forms the operating basis for all processing subordinate here from section 2.2.2.
Processing | Provision and operation of the app |
---|---|
Purpose | • Hosting of the TE services• Technical operation of the TE app• Provision of the app and its functions• User and identity management (Single Sign-On)• Maintaining and improving information security and data security respectively |
Categories of processed data | • User ID • IP address of the mobile device • Internet service provider of the mobile device • Date, time of app use |
Categories of recipients | • App hosting – Amazon Web Services EMEA SARL (EU servers) • Identity Management – Auth0 (Okta, Inc.) |
Third-country transfer | • US on the basis of binding corporate rules in accordance with Art. 47 GDPR |
Storage period or its criteria | - |
Legal basis | • Art. 6 para. 1 b) GDPR (contract performance) • Art. 6 para. 1 f) GDPR (legitimate interests) |
In addition, TE uses various technologies to track app usage to improve existing functionality, and for troubleshooting.
Processing | App-Tracking and -Monitoring |
---|---|
Purpose | • Bug/error monitoring and troubleshooting in the app.• Maintaining and improving app functionality• Evaluation of app usage for service improvements |
Categories of processed data | • App usage data• Error data |
Categories of recipients | • Product analytics – Mixpanel, Inc. |
Third-country transfer | • US in accordance with appropriate safeguards pursuant to Art. 46 GDPR |
Storage period or its criteria | • 90 days• App usage data for registered users: 3 years• Log files: data deletion after 30 days |
Legal basis | • Art. 6 para. 1 a) GDPR (consent) managed through the mobile OS |
You can object to app tracking at any time in the central privacy settings of your mobile device. The initial consent is requested when you start the app for the first time. In general, TE continuously works on minimizing the need for the processing of personal data and maximizing anonymization.
This section describes potential data processing with regard to the respective study program used in the online campus:
The privacy policy for students of the Professional Master in cooperation with WU Executive Academy can be found here.
2.2.2.1. Registration
Processing | Registration and application for study program |
---|---|
Purpose | • Sign-up for TE online campus and study program• User account creation and provision of infrastructure to participate in program• Application process and enrollment to study program |
Categories of processed data | • Name• E-mail address• Phone number• Letter of motivation• CV dataOnly for degree program:• Address• DOB• Copy of ID document• Copy of prior educational certificates |
Categories of recipients | • CRM - HubSpot Germany GmbH (EU servers) • PandaDoc Inc. • SevDesk GmbH |
Third-country transfer | • US in accordance with appropriate safeguards pursuant to Art. 46 GDPR (only applicable for Trial Challenge, Impact Certificate, Bachelor, based on PandaDoc) |
Storage period or its criteria | In case of successful registration/enrollment• Processing within the scope of and until the end of contract fulfillment.• For the fulfillment of legal regulations on retention obligations, for evidence purposes or documentation obligationsIn case of successful registration/enrollment• Up to 6 months after start of registration process (if not completed/enrolled), if there are no other legal requirements for storage |
Legal basis | • Art. 6 para. 1 b) GDPR (contract performance) • Art. 6 para. 1 f) GDPR (legitimate interests) |
2.2.2.2. Study program
Processing | Provision and execution of the study program |
---|---|
Purpose | • Participation in study program• Provision of program/learning content• Exchange of assignments, submissions and results• Participation in student communities• Provision of student ID |
Categories of processed data | • Name• E-mail address• Phone number• Address• Date of birth• Place of birth• Student number• Uploaded picture (if applicable)• Program output• Program grading• Program progress• Competency profile |
Categories of recipients | • Google Cloud EMEA Ltd. – email address for individual registration• Slack Technologies Ltd. – email address for individual registration• TE Google account - Google Cloud EMEA Ltd. (only in degree program)• Student ID - rds Reisedienst Deutscher Studentenschaften GmbH• CRM - HubSpot Germany GmbH (EU servers) |
Third-country transfer | - |
Storage period or its criteria | • Processing within the scope of and until the end of contract fulfillment. • For the fulfillment of legal regulations on retention obligations, for evidence purposes or documentation obligations |
Legal basis | • Art. 6 para. 1 b) GDPR (contract performance) |
In certain cases, entrance examinations with document checks (including identification documents) may require the disclosure of this data to TE as part of the study performance.
TE uses Google Single Sign On (SSO) to offer our students an easier way to register and sign up for the TE Learning App. The use of the SSO is voluntary, alternatively the classic sign-up via e-mail address can be chosen. When using Google SSO, your personal data will be processed as follows:
Processing | Google SSO (optional) |
---|---|
Purpose | - Enhance user experience- Streamline account creation and login process- Login to TE learning app using private Google credentials |
Categories of processed data | - Personal master data (name, e-mail address)- Profile picture |
Categories of recipients | - Google LLC |
Third-country transfer | - US in accordance with appropriate safeguards pursuant to Art. 46 GDPR |
Storage period or its criteria | - User data collected through Google SSO is retained only for the duration of the user's account existence. When a user decides to delete their TE account, the associated data, including the information obtained through Google SSO, is promptly and securely removed from TE's systems. |
Legal basis | - Art. 6 para. 1 a) GDPR (consent) |
Via our recruiting website, vacancies at Tomorrow can be viewed and the application process can be initiated by providing personal data and application documents. This is made possible by the provider Recruitee.
Processing | Tomorrow application process |
---|---|
Purpose | • Provision of secure application portal• Finding and hiring future employees• Filling open positions at Tomorrow• Conducting the application process• Communication during the application process |
Categories of processed data | • Personal master data (name, e-mail address)• Contact data (address, telephone number)• CV data (incl. education data, career data)• Visa information• Cover letter (optional)• LinkedIn profile information (optional)• Salary requirement (optional) |
Categories of recipients | • Application management – Recruitee B.V. |
Third-country transfer | - |
Storage period or its criteria | • Up to 6 months after completion of the application process (rejection), if there are no other legal requirements for storage (e.g., AGG lawsuit).• Extension of storage in case of consent (Talent Pool for 6 months)• Upon conclusion of the contract, the data is stored and further managed in personnel data management |
Legal basis | • Art. 6 para. 1 a) GDPR (consent)• Art. 6 para. 1 b) GDPR (initiation or performance of a contract) |
We ask for your understanding that, for data protection reasons, we cannot process applications received outside Recruitee.
Under European data protection law, we are obliged to inform you that withholding personal data in your application may put you at a disadvantage compared to other applicants applying for the same position.
If your personal data is processed, you are a data subject within the meaning of the GDPR. You are therefore entitled to the following rights towards the controller:
Pursuant to Art. 15 GDPR, you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you can request the following information from us: Processing purposes; Category of personal data being processed; Recipients or categories of recipients to whom your data have been or will be disclosed; Planned storage period or, if specific information on this is not possible, criteria for determining the storage period; Existence of a right to rectification, erasure, restriction of processing or objection; Existence of a right to lodge a complaint with a supervisory authority; Origin of your data, if it has not been collected by us; Existence of automated decision-making including „profiling“ and, if applicable. meaningful information on their details; transfer of personal data to a third country or to an international organization; appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
In accordance with Art. 16 GDPR, you have the right to demand the correction or completion of your personal data stored by us without delay.
Pursuant to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR.
Pursuant to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.
If you have asserted the right to rectification, erasure or restriction of processing against the controller, we are obligated pursuant to Art. 19 GDPR to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request that it shall be transferred to another controller.
According to Art. 21 GDPR, you have the right to revoke your consent at any time. We will then no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to „profiling“ insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In accordance with Art. 7 (3) GDPR, you have the right to revoke your consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, workplace or the place of the alleged infringement. The Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin data protection supervisory authority) is responsible for TE.
This data protection declaration shall apply in its currently valid version. The current data protection declaration can be accessed and printed out at any time on the website at https://www.tomorrow.university/legal/privacy-policy.
Latest version: 2024-01