Unicon hosted at CODE University of Applied Sciences (“unicon”, “CODE”, “we”, “our”, “us”) is committed to being clear and transparent about data protection, protecting privacy and the rights of data subjects. We want to ensure that the unicon participants (“you”, “your”) know what data we collect, why we collect it, and how it is processed. We also aim to be clear about data collection, storage, usage and your rights to assure you that we would not use your data in a way you would not want or expect us to.
2. Data Controller
CODE Education GmbH
Managing Director: Thomas Bachem
The Data Protection Officer may be reached at firstname.lastname@example.org or the aforementioned address.This policy applies to all unicon participants.
3. Data Collection and Processing
3.1. Why We Process Your Data
We need to collect, store and process personal data for a number of administrative and legal reasons and to ensure that both you and we can meet our contractual obligations.
As per the General Data Protection Regulation (GDPR), this also forms the legal basis under which we process your data, more specifically:
a) GDPR Art. 6, Par. 1(b): processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
b) GDPR Art. 6, Par. 1(c): processing is necessary for compliance with a legal obligation to which the controller is subject;
c) GDPR Art. 6, Par. 1(f): processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Additionally, data may also be processed under GDPR Art. 6, Par. 1(a): the data subject has given consent to the processing of his or her personal data for one or more specific purposes.Reasons for processing your data include:
a) Providing event services, including issue and manage tickets with a ticketing system, be compliant to the certain state restrictions regarding the COVID-19 pandemic, hosting the unicon event at a rented location;
b) Assuring and maintaining process quality and standards;
c) Ensuring regulatory and statutory requirements are met;
d) Processing queries, complaints, appeals, and disciplinary actions;
e) Publishing basic information to participants, event team, lessor of the location and partners;
f) Ensuring the safety of all participants and prevent crime;
g) Enabling the event team to determine outcomes, evaluate and adjust the process and criteria as well as conduct a scientific or historical research based on statistics information;
h) Share your CV data with our event partners;
i) Ensuring regulatory and legal requirements, including regular reporting to German authorities, are met.
3.2. Who Has Access to Your Data and How Is It Shared?
Access to your data in our databases and systems is limited to team members of unicon and only for the purposes outlined in the section above. Further, access to various data sets and subsets is linked to the employee’s role and responsibilities, and is rooted in the data minimisation principle expressed in Article 5, Par. 1(c) of the GDPR and Article 4, Par. 1(c) of the Regulation (EU) 2018/1725.
Unicon does not share your data with third parties for marketing purposes.
3.2.1. Sharing Your Data with CODE Students
Limited personal information will be shared with the unicon helpers to ensure a smooth process during the planning and the checking of the event .
3.2.2. Sharing Your Data with Third Parties
Other Third PartiesWe might also share some of your personal information with third parties involved in your participation, including visiting speakers, partners and/or external facilities used during your application process to unicon.
Some of your data will also be processed and shared in order for us to meet our statutory requirements, because it is in the public interest or because it is required for a third party’s interest. In this context, your personal data may be processed and shared as follows:
a) To monitor and promote equality and diversity;
b) To seek legal advice.
The following personal information may be shared with third parties for the purposes listed above:
a) Your full name;
b) Study program;
c) Any additional information you published in your profile(s) on any of our communication tools;
d) Anonymised feedback given by you to unicon.
Additional information may be shared with third parties in cases where we need to establish, exercise or defend legal claims. Please also see more details about other third parties in paragraph 11. “Tools & IT-Environment”.
4. Data We Hold, How We Collect It, and How We Store It
We are legally required to hold some types of information to fulfil our statutory obligations. Other types of information need to be held by us to perform our contract.We will hold your personal information in our systems for as long as it is necessary for the relevant activity, or as long as it is set out in any relevant contract you hold with us. The specifics are listed in 6. Data Retention. Other information is required in order for us to fulfil our contractual obligations.
4.1. Data Held About You
CODE holds data about you in order to process your participation, perform its duties and for the performance of a contract.
This information is collected at the point of enquiry or any stage of the process using online forms.
We may collect the following types of data:
a) Personal details as they appear on your passport: first name, last name, maiden name, middle name, date of birth, place of birth, title, gender, nationality, status as an participant to Unicon;
b) Contact details: (permanent) address, personal email address, phone number (mobile);
c) Details related to the application process and regulations: admissions decisions as well as information on payment modality;
d) Application documents like written application and other documents you decide to share with us during the admission process;
e) We also ask you to upload a CV as part of your application.
Finally, additional data may be collected and stored by providers of third party applications used by unicon, including its ticketing system.
4.2 Overview of Type of Personal Data Collected During Respective Steps of the Process:
4.2.1. Advice to potential participants
4.2.2. Data usage and storage in the application management system
To register for our application management system each applicant has to set up a user account. A user account consists of at least the following information:
a) First name;
b) Last name;
c) Personal Email address.
4.2.3. Application relevant data
Depending on the stage of the application process you are at, we require and store the following personal data:
a) Full name;
b) Personal Email address;
d) Address: street and house number, Zip code, City; Country;
e) Application Documents: CV and written application
4.2.4. Additional information that might be collected for marketing purposes
b) Marketing Channel;
c) Marketing Channel: Other
Please see more details about our systems in the paragraph 10 “Tools & IT-Environment”.
4.3. Data Storage
Data about participants is stored in various databases and systems used by CODE to conduct its business. Access to those databases is secure and restricted to CODE employees who require it to perform their duties.Some of these databases and systems used are provided and hosted by a third-party provider who publish their own privacy policies.CODE is committed to reviewing privacy and data protection policies of providers of third-party systems on a regular basis.Portable data storage devices (including, but not limited to USB flash drives, magnetic tapes and optical discs) are not used to store, process or transfer personal information, but may be used to store and transfer other types of data.
5. Data Retention
Your personal data is processed and retained as per this policy for the duration specified in the guidelines on the retention of participants data and record.
Our guidelines on the retention of participants data and records:
During the application process: personal data, application documents and results are retained for no more than three years for purposes listed in but not limited to evaluation, research and possible complaints, claims or lawsuits. Data stored in our application reporting databases will be deleted from our system no later than three years after the intended application process closes.
All data related to personal characteristics used for statistical and comparative research will be anonymised before transferring them to the reporting server. The master copy of data will not be deleted before the expiry of the retention period of one year. Supplementary copies (e.g. Excel downloads, or working files) will be deleted before the retention period if they no longer serve a purpose. Data extracted from master systems and stored in local drives or email will be destroyed after use to avoid unnecessary duplication, and to ensure data is not held for any longer than necessary.
6. Updating Your Data
It is important to us that we always hold the most-up-to-date information about you and to ensure that you can exercise your ‘right to rectification’ under GDPR Article 16. To update your data held by CODE, please send an email to email@example.com. Once a request has been received, it is normally processed within 14 days.
7. Getting in Contact with You
Our communications are normally sent to your personal email or alternatively via our communication tool, and most communications are only sent out electronically. In some instances, however, we may also contact you by phone (mobile or home). In some cases, we will also contact you by post. You may restrict the usage of your personal email address as outlined in section 9.3. and 9.5. If you prefer not to receive our newsletter or information about the event , you can opt out by emailing firstname.lastname@example.org.
8. Your Rights
8.1. Right to Access
Under GDPR Article 15, you have the right to access the personal and supplementary information held about you by us.To access this information, please email email@example.com.Information will be provided at the latest within one month of receipt.
8.2. Right to Erasure
At the point where we no longer need to process your data for the performance of a contract, you have the right to ask us to stop processing your personal data. If you choose to exercise this right, we will delete your personal data held by us.Any data that remains on our database(s) can only be accessed by the participant for administrative or statistical (anonymous) purposes. Please refer to section 9.5. if you do not want your data to be used for statistical purposes.
To exercise your right to erasure, we suggest that you send us an email at firstname.lastname@example.org. You may also make your request verbally by contacting the Data Protection Officer who will confirm your request in writing and pass on your request to relevant members of the CODE team.Your request will be processed within one month and after having received and processed your request, we will no longer contact you by email, phone or post or any other means.
8.3. Right to Restrict Processing
You have the right to restrict the way in which your data is processed as long as the processing falls outside the performance of a contract.To exercise your right to obtain your data, we suggest that you send us an email at email@example.com. You may also make your request verbally by contacting the Data Protection Officer who will confirm your request in writing and pass on your request to relevant members of the CODE team.Your request will be processed within one month.
8.4. Right to Data Portability
You have the right to obtain your data held by CODE and reuse it for your own purposes across different environments. Where data processing is performed on the basis of your consent or as part of a contract, you have the right to transfer the data provided by you, unless the rights and freedoms of other persons are impaired.CODE will ensure that any data transmitted to you is transmitted securely.To exercise your right to obtain your data restrict processing, we suggest that you send us an email at firstname.lastname@example.org. You may also make your request verbally by contacting the Data Protection Officer who will confirm your request in writing and pass on your request to relevant members of staff.Your request will be processed within one month.
8.5. Right to Object
You have the right to object to your data being used for purposes of scientific/historical research and statistics. To exercise your right to restrict processing, please email email@example.com.You should note, however, that this right may be limited by other statutory or regulatory requirements.
8.6. Rights in Relation to Automated Decision Making and Profiling
CODE does not use automated decision making or profiling.We may, however, use your personal information to ensure diversity and to reflect the diverse nature of CODE. This is not done in an automated way and with a view that it benefits the participants' experience.
9. Changes to our Privacy Policies
Our privacy policies are reviewed regularly, usually on an annual basis. Updates will be posted on our website.If we ever make significant changes to the way we process your personal data, we will either clearly highlight this on our website or write to you directly.
10. Tools & IT-Environment
All of the data listed in section 5. are collected and stored within our tool ecosystem, which consists of:
a) Webflow and Hosting Provider (server in USA) and Cloudflare, Inc;
b) Pretix by rami.io GmbH with its German headquarters (Markgräfler Straße 16, 69126 Heidelberg);
c) GSuite German division;
d) email management systems: Gmail; Sendgrid
e) other tools: Slack;
We have concluded individual contracts with all of the above service providers. Through these contracts, all of the listed service providers assure that they will process the data on our behalf in accordance with the General Data Protection Regulation and will ensure the protection of the rights of the data subjects. When applicable the General Data Protection Regulation is supported by the Standard Contractual Clauses (SCCs).
We take all steps to ensure that the personal information we hold is not lost or misused or subject to unauthorised access, disclosure or alteration.To protect your personal information, do not disclose your log-ins, passwords and API keys to anyone else.