Contact

Data protection information for classroom and online training with the VEMAG Academy

We hereby wish to inform you about the processing of your personal data with regard to both classroom and online training courses with the VEMAG Academy, and the rights to which you are entitled under data protection law.

If you are registering for training on behalf of another person in your company, please ensure that there is a legal basis for the submission of their data to us and provide this information to the person in question (participant).

Who is the data controller and who is the data protection officer?

Data controller:
VEMAG Maschinenbau GmbH
Weserstr. 32
27283 Verden (Aller), Germany

Telephone: 04231 777-0
Email address: e-mail vemag.de

Our data protection officer(s) can be reached at the above address or at: datenschutz vemag.de. These contact details are also available on our website at www.vemag.de/en/privacy-policy/.

Which categories of data do we use and where does the data come from?

As a rule, your personal data will be collected from you directly as part of the registration process for one of our training courses (contractual agreement). Your personal data may also be collected if it is transmitted to us by a business partner (for example, an agency, representative or client) and there is an appropriate legal basis for its collection. To the extent necessary for the provision of our service, we also process personal data that we have received from other third parties (e.g. for the execution of orders, for the fulfilment of contracts or on the basis of consent given by you). Other data is automatically collected by our IT systems, for example, when visiting the e-learning platform.

In particular, we collect and process the following personal data:

  • Master data (such as first name, last name, additional names, business email address, company, nationality, language and manager details for internal participants).
  • Business contact details (e.g. company affiliation, address, [mobile] phone number, email address).
  • Details of the booked/completed training courses, including performance monitoring.
  • Travel and accommodation information (e.g. flight data, train connections, hotel).
  • Image/video recordings at classroom events, provided that you have consented to collection and processing.
  • Connection data for online events, e.g. IP address, technical log.
  • If applicable, video and audio data, should you choose to turn on your camera or microphone during online training.
  • If applicable, chat content, should you choose to use the chat during online training.

AcademyMaker e-learning platform

Registration is mandatory in order to be able to take advantage of the advanced training offered by the AcademyMaker e-learning platform. This is completed by the employees of VEMAG Maschinenbau GmbH upon conclusion of a corresponding contract or contractual agreement (e.g. employment contract or registration for a further training programme). As part of the registration process and the further training programmes, the following personal data will be processed:

  • Login details and information on the courses provided/conducted using our e-learning platform.
  • Training results: assigned, started and completed courses; page views with timestamps; tests started, passed and failed; and the number of times the tests were attempted, including the date
  • Login details with login attempts
  • IP address and the end device and browser used

For what purposes and on what legal basis is my data processed?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

When you register for online/classroom training on your own behalf or on behalf of your company, we process your personal data in order to provide the respective training services. This includes, for example, the registration, execution and billing of the training booked, as well as performance monitoring (as proof of effectiveness). This is used to fulfil the contractual agreement with you, or to implement pre-contractual measures upon your request (Art. 6 (1) (b)) GDPR, or for the implementation of an existing company agreement (Art. 6 (1) (c) GDPR in conjunction with Art. 88 (1) GDPR and Section 26 (4) of the German Federal Data Protection Act (BDSG)).

In addition, we will assist you, if requested by you or your company, in the organisation of airport transfers and accommodation during the training. Optimal planning of your journey or your stay with us and efficient implementation of the training courses are also of legitimate interest to both your company and VEMAG (Art. 6 (1) (f) GDPR).

Further processing of your personal data on the basis of its legitimate interest to us or third parties (Art. 6 (1) (f) GDPR) may take place for the following purposes:

  • Creating invitation letters for applying for a visitor visa.
  • Documentation and training reports.
  • Information about our products and services (advertising), insofar as you have not objected to the use of your data.
  • Statistical evaluations pertaining to the development of measures for maintaining and improving of our training services.
  • Ensuring IT security and operation.

Advertising by post, electronic communication (e-mail), telephone
We use the business contact information (last name, first name, role, company address, telephone number, email address) that we collect from you in the context of the training course registration (contract) for the purpose of sending you advertising by post, email or telephone regarding our products and/or events that may be of interest to you.

Your contact information is processed on the basis of the following legal provisions:

  • By post: Art. 6 (1) (f) of the GDPR concerning "legitimate interest".
  • By email: Art. 6 (1) (f) of the GDPR concerning "legitimate interest" in conjunction with Art. 7 (3) of the UWG (Gesetz gegen den unlauteren Wettbewerb — Act Against Unfair Competition).
  • By telephone: Art. 6 (1) (f) of the GDPR concerning "legitimate interest" in conjunction with Art. 7 (2) of the UWG (Gesetz gegen den unlauteren Wettbewerb — Act Against Unfair Competition).

You can object to the use of your email address for marketing at any time. You can object to the use of your email address for marketing in any of the following ways:

  • By sending an email to info@vemag-academy.de
  • By writing to Vemag Maschinenbau GmbH, Academy, Weserstr. 32, 27283 Verden (Aller), Germany

Your personal data may be forwarded to external service providers (for example letter shops) for the marketing purposes mentioned above. In such cases, the processors will comply with the requirements of Art. 28 of the GDPR.

The processing of your personal data may also be carried out on the basis of your consent (Art. 6 (1) (a) GDPR). Examples include the creation, storage and publication of images for information, training and advertising activities, and the processing of your email address for participation in an online customer satisfaction survey to improve our training content. If data processing requires your consent, we will inform you of these specific cases comprehensively and in advance. You have the right to revoke your consent at any time with effect for the future.

Processing of your personal data may be necessary to fulfil legal obligations or regulatory requirements. The relevant legal provisions, including those for the fulfilment of commercial and/or fiscal provisions as well as control and reporting obligations (Article 6 (1) (c) and (e) GDPR), are binding.

Sanctions list check
We compare your personal data (e.g. first name, last name, country of origin) with the list of sanctions of the European anti-terrorism regulations (EC) 2580/2001 and (EC) 881/2002 etc. to ensure compliance with sanction requirements (Art. 6 (1) (c) and (f) GDPR). This data processing is carried out in order not to violate the relevant laws regarding sanctions.

Your personal data will be erased as soon as we no longer require it for the intended purpose and no other legal retention periods prevent erasure.

In the course of the sanctions list check, an external service provider (SAP Deutschland SE & Co. KG) is used for hosting. The requirements of Art. 28 GDPR are upheld (see also "Who receives my data?").

If you send an enquiry or contact us, for example via the contact form on the e-learning platform, your personal data will be stored with us for the purpose of processing your enquiry and in the event of follow-up questions. We will not disclose this data to others without your consent. The processing of this data is carried out on the basis of Art. 6 (1) (b) GDPR, as long as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6 (1) (f) GDPR).

Who receives my data?

Internal recipients:

Within the company, only those individuals and entities that need your personal data to fulfil our contractual and legal obligations will receive your personal data.

External recipients:
We sometimes use external service providers to fulfil our contractual and legal obligations. We have carefully selected these service providers and commissioned them in writing. They are bound by our instructions and are regularly monitored by us. If necessary, we have an order processing contract with them that complies with Art. 28 GDPR. The service providers will not use your data for their own purposes or forward it to third parties.

If necessary for the provision of the contractual agreement or upon your request, your personal data may be passed on to other recipients, such as hotels, taxi companies (for contacting, reserving or organising airport transfers) or to authorities for the fulfilment of legal reporting obligations (e.g. law enforcement authorities). Any further forwarding of data to recipients outside the company will only take place if legal regulations permit this or if you have given your consent.

Central external service providers:

Microsoft Ireland Operations Ltd (Microsoft 365, Microsoft Teams):

We use Microsoft 365 and Microsoft Teams for our standard office communications, administration, contact management, conference calls, online meetings, video conferences and/or webinars. If we record online meetings, we will notify you prior to the start and, if necessary, ask for your verbal consent. If you do not want to be recorded, you can leave the online meeting. If necessary for the purposes of logging the results of an online meeting, we will log the chat content.

Microsoft 365 and Microsoft Teams are a service provided by Microsoft Ireland Operations Ltd. For this purpose, we have concluded an order processing contract with the provider.

The use of Microsoft Teams results in various types of data being processed. The scope of the data also depends on what information you provide before or during an online meeting.

The following personal data is processed:

  • User details: display name, email address, profile image (optional) and preferred language
  • Meeting metadata such as date, time, meeting ID, phone number and location
  • Text, audio and video data: You may be able to use the chat function in an online meeting. In this case, the text you enter will be processed so that it can be displayed in the online meeting.

In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from a video camera of the
end device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Microsoft Teams" applications.To allow video and audio to be displayed, the data is processed by the microphone on your device and a video camera on your device throughout the duration of the meeting. You can turn off the camera or mute the microphone yourself at any time using the Microsoft Teams applications.

If there is no contractual relationship with you, the legal basis for processing your personal data is Art. 6 (1) (f) of the GDPR. In this case, our interest is to conduct online meetings effectively.

When using Microsoft 365, some personal data is transferred to third party countries outside the EU/EEA (usually the USA). These third party countries may not have an adequate level of data protection and there may not be adequate guarantees for the protection of your data (lack of enforceability of data subject rights and possible, disproportionate access by government authorities to your data).

The standard EU contractual clauses were concluded under the Microsoft licence agreements. Microsoft is also certified according to the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is committed to complying with these data protection standards. For more information, contact the provider at the following link: Data Privacy Framework.

All data is encrypted during transmission and storage.

If you do not want your data to be transmitted to these third party countries, you cannot use the service.

If there is no contractual relationship with you, the legal basis for processing your personal data is Art. 6 (1) (f) of the GDPR.

Microsoft's data privacy statement is available here: https://privacy.microsoft.com/en-gb/privacystatement and Microsoft Teams - Privacy - Microsoft Teams | Microsoft Learn

SAP Deutschland SE & Co KG (ERP system incl. hosting)

In connection with the implementation and organisation of our business processes, various data, some of which may be personal data (for example contact details/contact person details), is also processed using software solutions from SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 7, 69190 Walldorf, Germany, email: info.germany sap.com.

This integration facilitates the provision of contractual services or can be used to initiate a contract. SAP software helps companies control their business processes and ensure the correct flow of information throughout the company — from purchasing and accounting to production and logistics.

We have signed an order processing agreement (AVV) with SAP that complies with Art. 28 of the GDPR. This contract is based on data protection law, which ensures that the personal data of our (potential) business partners is only processed as per our instructions and in compliance with GDPR.

X-CELL AG (AcademyMaker e-learning platform)

We use the AcademyMaker e-learning platform to provide our courses. The platform is provided by X-CELL AG, Kaistrasse 2, 40221 Düsseldorf, Germany.
The personal data collected in the AcademyMaker e-learning platform is stored on the servers of X-CELL AG. These are mainly the data categories listed above (see "Which categories of data do we use and where does the data come from?", AcademyMaker e-learning platform). This ensures personalised access for the participant, on-demand design and easy use of the e-learning platform. In addition, the data may also be stored for support or service optimisation purposes and, if necessary, viewed by X-CELL administrators at any time.

We have signed an order processing agreement with X-CELL AG in accordance with Art. 28 GDPR. This contract is based on data protection law, which ensures that the personal data of our (potential) business partners is only processed as per our instructions and in compliance with GDPR.

The legal basis for processing by X-CELL AG is the performance of the contract with potential/existing participants (in accordance with Art. 6(1) (b)) GDPR) and the interest in seamless, trouble-free use of AcademyMaker (Art. 6 (1) (f) GDPR). X-CELL does not commission any other subcontractors who process your data.

All personal data that you transmit when using AcademyMaker is transmitted in an encrypted format and is therefore protected against misuse. For this purpose, an SSL or TSL connection is established for each transmission. Your data will be encrypted for transmission in such a way that it cannot be read by third parties (unauthorised persons) during transmission on the Internet. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser bar.

Data protection information for X-CELL AG is available here:  https://www.x-cell.com/english/utility/privacy

GoTo Technologies Ireland Unlimited Company (GoToWebinar)

We use the GoToWebinar software to conduct web seminars (webinar) (Art. 6 para. 1 lit. b) GDPR). The provider of the software is GoTo Technologies Ireland Unlimited Company, The Reflector 10 Hanover Quai, Dublin 2, D02R573, Ireland (hereinafter referred to as “GoTo”). Details on data processing can be found in GoTo's privacy policy: https://www.logmeininc.com/de/legal/privacy

Data about your device, operating system and browser will only be used by GoTo on our behalf for the purpose of providing, optimizing and securing the services of GoToWebinar. The participation information you provide will be used for the purpose of identification in the webinar. Email addresses provided will not be processed further. Transmitted video and audio data will be processed for the purpose of conducting the webinar and subject to your consent to its recording. You will be informed of the purpose of the recording before the recording begins. Further information on data processing when using audio and video conferencing systems can be found in our general privacy policy.

GoTo may also process your data in third countries. Insofar as processing takes place in the USA, the data transfer is based on the standard contractual clauses of the EU Commission. Details can be found here: goto-customer-dpa-de.pdf.  

We have concluded an order processing contract (AVV) for the use of the above-mentioned service. service mentioned above. This is a contract prescribed by data protection law, which contract that guarantees that the personal data of our website visitors will only be processed processed only in accordance with our instructions and in compliance with the GDPR.

 

What data protection rights can I assert as a data subject?

You can request information regarding the data stored about you at the above address. In addition, under certain conditions, you may request the rectification or erasure of your data. You may also have a right to restrict the processing of your data and a right to receive the data provided by you in a structured, commonly used and machine-readable format. You also have the right to lodge a complaint with a data protection supervisory authority.

Right to object
If we process your data to safeguard legitimate interests, you can object to this processing for reasons arising from your specific situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing that override your interests, rights and freedoms or for lodging, exercising or defending legal claims.
You have the right to object to the processing of your personal data for direct marketing purposes without having to give reasons. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

You may claim your rights in writing to the address listed above or simply by sending an email to info vemag-academy.de.

For how long will my data be stored?

We will erase your personal data as soon as it is no longer required for the above-mentioned purposes, when you request for us to delete your personal data or when you revoke your consent. If you make a legitimate erasure request or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the erasure will take place after these reasons have ceased to exist.

After termination of the contractual relationship, your personal data will be stored as long as we are legally obliged to do so. This normally results from legal documentation and storage obligations, which are the subject of various regulations, including the German Commercial Code (HGB) and the Fiscal Code (AO). The storage periods are then up to ten years.

In addition, it may be that personal data is retained for the period during which claims can be lodged against us (statute of limitations under Sections 195 ff. of the German Civil Code (BGB) of three or up to thirty years).

Will my data be transferred to a third country?

If we transfer personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the third party country has confirmed to the EU Commission that it delivers an appropriate level of data protection or if other appropriate data protection guarantees (for example binding corporate data protection regulations or EU standard contractual clauses) are in place.

Furthermore, the transmission of data to a third country may also take place on the basis of an exception under Art. 49 of the GDPR if, for example, your consent has been given, the data transfer is necessary to fulfil an existing contract or the transfer is necessary to fulfil one of your interests.

This means that at least some of your business contact data will also be processed outside the EU or the EEA, which is necessary for business correspondence with our customers or suppliers. This includes your name, location, email address and phone number. In such cases, the data is transmitted on the basis of an exception under Art. 49 (1) of the GDPR.

Are you obliged to provide your data?

In the context of training registration (contractual agreement), you must provide the personal data required for the registration, execution and termination of arranged training programmes and for the fulfilment of the associated contractual obligations, or that we are legally obliged to collect. Without providing this data, participation in the respective training event (classroom/online training) will not be possible, as a rule. The provision of further data is voluntary.

To what extent do automated individual decision-making or profiling measures take place?

We do not use automated processing processes to make a decision — including profiling.

Revision of and updates to the privacy policy

We will revise this privacy policy in the event of changes to data processing or if other occasions so require. You can always find the latest version at https://www.vemag.de/en/privacy-policy. We kindly ask you to keep up to date with the content of our privacy policy.

Date: 06/01/2025

 

 

Smiling Woman from customer support during work

Contact us

Country *

Information on data processing can be found in our privacy policy.

* Required fields