Privacy policy

1. Introduction

With the following information, we would like to provide you, as the “data subject,” with an overview of how we process your personal data on our website and your rights under data protection laws. In principle, you can use our website without entering personal data. However, if you would like to use specific services offered by our company through our website, processing personal data may become necessary. If processing personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.

The processing of personal data, such as your name, address, or email address, always takes place in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection provisions applicable to “VERSO GmbH.” Through this privacy notice, we would like to inform you about the scope and purpose of the personal data we collect, use, and process.

This privacy policy applies to all our services except the VERSO Hubs (ESG, Climate, Supply Chain).

2. Controller

The controller within the meaning of the GDPR is:

VERSO GmbH
Luise-Ullrich-Straße 14
80636 München

Representative of the controller: Uwe Schneider

3. Data Protection

You can reach our data protection team at: privacy@verso.de.

You may contact our data protection team directly at any time with any questions or suggestions regarding data protection.

4. Transfer of Data to Third Parties

Your personal data will not be transferred to third parties for any purposes other than those listed below.

We only disclose your personal data to third parties if:

  1. you have given us your express consent pursuant to Art. 6(1)(a) GDPR,
  2. the disclosure is permissible under Art. 6(1)(f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed,
  3. there is a legal obligation for the disclosure pursuant to Art. 6(1)(c) GDPR, or
  4. it is legally permissible and necessary under Art. 6(1)(b) GDPR for the performance of contractual relationships with you.

As part of the processing activities described in this privacy notice, personal data may be transferred to the United States. Companies in the United States only have an adequate level of data protection if they are certified under the EU-US Data Privacy Framework and the adequacy decision of the European Commission pursuant to Art. 45 GDPR therefore applies.

We have explicitly stated this in the privacy notice for the service providers concerned. To protect your data in all other cases, we have concluded data processing agreements based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49(1)(a) GDPR may serve as the legal basis for the transfer to third countries.

This does not apply, among other things, to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

5. Technology

5.1 SSL/TLS Encryption

This website uses SSL or TLS encryption to ensure secure data processing and to protect the transmission of confidential content, such as orders, login data, or contact inquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the browser’s address line changes from “http://” to “https://” and by the lock symbol in your browser bar.

We use this technology to protect the data you transmit.

5.2 Data Collection When Visiting the Website

If you use our website for informational purposes only, meaning you do not register, otherwise submit information to us, or give consent to processing activities that require consent, we only collect data that is technically necessary to provide the service. This is generally data that your browser transmits to our server (“server log files”).

Each time you or an automated system accesses a page on our website, our website collects a series of general data and information. This general data and information is stored in the server log files. The following may be collected:

  1. browser types and versions used,
  2. the operating system used by the accessing system,
  3. the website from which an accessing system reaches our website (so-called referrer),
  4. the subpages accessed on our website via an accessing system,
  5. the date and time of access to the website,
  6. a shortened internet protocol address (anonymized IP address), and
  7. the internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about you personally. Rather, this information is needed to

  1. deliver the content of our website correctly,
  2. optimize the content of our website and the advertising for it,
  3. ensure the permanent functionality of our IT systems and the technology of our website, and
  4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

We therefore evaluate this collected data and information both statistically and with the aim of increasing data protection and data security at our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes for data collection listed above.

5.3 Cloudflare (Content Delivery Network)

Our website uses functions provided by CloudFlare. The provider is CloudFlare, Inc., 665 3rd St. #200, San Francisco, CA 94107, USA.

CloudFlare offers a globally distributed content delivery network with DNS. Technically, information transfer between your browser and our website is routed through CloudFlare’s network. This allows CloudFlare to analyze data traffic between users and our websites in order, for example, to detect and defend against attacks on our services. In addition, CloudFlare may store cookies on your device for optimization and analysis purposes.

You can configure your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies in specific cases or in general, and enable automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

We have concluded an appropriate data processing agreement with Cloudflare based on the GDPR and/or EU standard contractual clauses. Cloudflare collects statistical data about visits to this website. Access data includes: the name of the website accessed, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider. Cloudflare uses the log data for statistical evaluations for purposes of operating, securing, and optimizing the service.

Cloudflare is used on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR in a secure, stable, and efficient provision of our online services (e.g. protection against attacks, load balancing). Where Cloudflare uses cookies or similar technologies in this context, this is done—where required—only on the basis of your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is therefore in place, meaning personal data may be transferred without additional safeguards or supplementary measures.

For more information on CloudFlare, please visit: [https://www.cloudflare.com/privacypolicy/](https://www.cloudflare.com/privacypolicy/).

5.4 Hosting

We host the content of our website with an external service provider. The provider is WPEngine, Inc., 504 Lavaca St, Suite 1000, Austin, TX 78701 (“WPEngine”). Please refer to WPEngine’s privacy policy for details: https://wpengine.com/legal/privacy/ .

WPEngine is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website possible. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

We have concluded a data processing agreement (DPA) with standard contractual clauses (SCCs) for the use of the above-mentioned service. This is a contract required under data protection law that ensures personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

In addition to the existing guarantees and safeguards in place, WPEngine is certified under the EU-US Privacy Framework and ISO/IEC 27001, meaning there is an adequacy decision for data transfers to the USA and a recognized standard for data security.

6. Cookies

6.1 General Information on Cookies

Cookies are small files that your browser automatically creates and stores on your IT system (laptop, tablet, smartphone, etc.) when you visit our website.

The cookie stores information resulting in each case from the context of the specific device used. However, this does not mean that we thereby obtain direct knowledge of your identity.

6.2 Legal Basis for the Use of Cookies

The data processed by cookies that are necessary for the proper functioning of the website is required to protect our legitimate interests and those of third parties pursuant to Art. 6(1)(f) GDPR.

For all other cookies, the rule is that you have given your consent via our opt-in cookie banner within the meaning of Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

6.3 Borlabs Cookie (Consent Management Tool)

We use the WordPress cookie plugin “Borlabs Cookie” from Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. This service enables us to obtain and manage consent from website users for data processing.

Borlabs Cookie uses cookies to collect data generated by end users who use our website. When an end user gives consent, the following data, among others, is automatically logged:

  • cookie runtime,
  • cookie version,
  • domain and path of the WordPress page,
  • selection in the cookie banner,
  • UID (a randomly generated ID),

The consent status is also stored in the end user’s browser so that the website can automatically read and follow the end user’s consent for all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the regular limitation period pursuant to Section 195 German Civil Code (BGB). The data is then deleted immediately.

Processing is necessary to obtain and document consent in a legally compliant manner. The legal basis is Art. 6(1)(c) GDPR in conjunction with Art. 7(1) GDPR.

The collected data is neither forwarded to Borlabs GmbH nor does Borlabs GmbH gain access to it.

For more information, please visit: [https://de.borlabs.io/borlabs-cookie/](https://de.borlabs.io/borlabs-cookie/).

7. Newsletter, Email Communication, and Marketing Automation

We process personal data for purposes of email communication, in particular for sending newsletters, informational and marketing emails, and in connection with requests for content (e.g. whitepapers, guides), registrations for webinars and events, and subsequent follow-up communication.
This may also include information related to booked online courses. We process transaction-related and course-related information (e.g. order confirmations or organizational notices) for contract performance pursuant to Art. 6(1)(b) GDPR.

The processing of personal data for purposes of email communication is based on your consent pursuant to Art. 6(1)(a) GDPR. Where further processing takes place in connection with existing business relationships, this may be based on Art. 6(1)(b) or (f) GDPR.

7.1 Registration and Double Opt-In

If you actively register to receive email communications, we process the data requested in the respective form, in particular your email address. Registration generally takes place using a double opt-in process to ensure that registration was made by the owner of the email address provided. For this purpose, we store the date and time of registration as well as technical log data (e.g. IP address) so that the registration process can be documented in a legally traceable manner.

7.2 Follow-Up Email Communication

If you request content, register for webinars, or otherwise use our offers, we process your data to provide you with the requested information and subsequently inform you by email about related content, offers, or events.

7.3 Processing in the CRM and Marketing System

The data collected as part of email communication is stored and processed in our CRM and marketing system (HubSpot). This includes, in particular, managing contact profiles, analyzing interactions (e.g. opens, clicks), as well as lead qualification and sales support.

7.4 Recipients of the Data

We use external service providers to send and manage our email communications, and these providers process personal data on our behalf. These service providers are contractually obligated to process personal data solely in accordance with our instructions and in compliance with applicable data protection regulations.

7.5 Withdrawal

You may withdraw your consent to receive email communications at any time with effect for the future. Each email contains a corresponding unsubscribe link. Alternatively, you may notify us of your withdrawal by email at hello@verso.de.

8. Our Activities on Social Networks

So that we can also communicate with you on social networks and inform you about our services, we maintain our own pages there. When you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform, within the meaning of Art. 26 GDPR, for the processing activities triggered as a result.

We are not the original provider of these pages but merely use them within the scope of the possibilities offered to us by the respective providers.
We therefore point out as a precaution that your data may also be processed outside the European Union or the European Economic Area.

Use may therefore involve data protection risks for you because the safeguarding of your rights, such as access, deletion, objection, etc., may be more difficult, and processing on social networks is often carried out directly by the providers for advertising purposes or to analyze user behavior without this being influenceable by us. If usage profiles are created by the provider, cookies are often used and/or usage behavior is associated with your own member profile on the social networks.

The described processing activities relating to personal data are carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in being able to communicate with you in a contemporary manner and inform you about our services. If you are required by the respective providers to give consent as a user for data processing, the legal basis is Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR.

Since we do not have access to the providers’ databases, we point out that it is best to assert your rights (e.g. access, rectification, deletion, etc.) directly with the respective provider. Further information about the processing of your data on social networks is provided below for each social network provider we use:

8.1 LinkedIn

(Co-)controller for data processing in Europe: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Privacy policy: https://www.linkedin.com/legal/privacy-policy.

9. Web Analytics

9.1 LinkedIn Pixel (Insight Tag)

This website uses LinkedIn Insights from LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA (LinkedIn). If express consent is granted, user behavior may be tracked.

This process serves to evaluate the effectiveness of advertisements for statistical and market research purposes and may help optimize future advertising measures. Through the LinkedIn Pixel, we receive additional information about prospects for our products, including job title, employer, or the industry in which they work.

When visiting the website, the following data in particular may also be processed through the LinkedIn Pixel:

  • IP address
  • interactions on our website (e.g. page views, clicks, conversions)
  • browser type/version
  • operating system used
  • referrer URL (previously visited page)
  • time of the server request

Direct identifiers are automatically removed by LinkedIn from the data set within seven days, and the data is deleted after 180 days. Please refer to our consent solution for the storage duration of the cookie. The data is stored and processed by LinkedIn so that a connection to the respective user profile is possible.

These processing activities are carried out exclusively upon grant of express consent pursuant to Art. 6(1)(a) GDPR.

LinkedIn is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is therefore in place, meaning personal data may be transferred without additional safeguards or supplementary measures.

You can view further information and LinkedIn Pixel’s privacy policy at: [https://de.linkedin.com/legal/privacy-policy](https://de.linkedin.com/legal/privacy-policy).

9.2 Google Analytics 4 (GA4)

We use Google Analytics 4 (GA4) on our websites, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

In this context, pseudonymized usage profiles are created and cookies are used (see section “Cookies”). The information generated by the cookie about your use of this website may include:

  • short-term collection of the IP address without permanent storage
  • location data
  • browser type/version
  • operating system used
  • referrer URL (previously visited page)
  • time of the server request

The pseudonymized data may be transmitted to and stored on a server in the United States by Google.

The information is used to evaluate website usage, compile reports on website activity, and provide other services related to website use and internet use for purposes of market research and demand-oriented design of these websites. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of Google.

These processing activities are carried out exclusively upon grant of express consent pursuant to Art. 6(1)(a) GDPR.

The retention period preset by Google for data is 14 months. Otherwise, personal data is retained for as long as it is necessary to fulfill the processing purpose. The data is deleted as soon as it is no longer required to achieve the purpose.

The parent company, Google LLC, is certified as a US company under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is therefore in place, meaning personal data may be transferred without additional safeguards or supplementary measures.

For more information on data protection when using GA4, please visit: [https://support.google.com/analytics/answer/12017362?hl=de](https://support.google.com/analytics/answer/12017362?hl=de).

9.3 Outbrain Pixel

The Outbrain Pixel from Outbrain Inc., 39 West 13th Street, 3rd floor, New York, NY 10011, USA, is used on our website for conversion measurement.

This makes it possible to track user behavior after users have been redirected to the provider’s website by clicking on an Outbrain advertisement. This process serves to evaluate the effectiveness of Outbrain advertisements for statistical and market research purposes and may help optimize future advertising measures. The data collected is anonymous to us and does not allow us to draw conclusions about users’ identities.

You can configure your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies in specific cases or in general, and enable automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

These processing activities are carried out exclusively upon grant of express consent pursuant to Art. 6(1)(a) GDPR.

For more information on Outbrain, please visit: [https://www.outbrain.com/legal/privacy#privacy-policy](https://www.outbrain.com/legal/privacy#privacy-policy).

10. Advertising

We use online advertising services to make users aware of our offers and to measure the success of our advertising activities. Cookies and similar technologies may be used for this purpose to show users advertising based on their interests and to evaluate interactions with our ads.

10.1 Google Ads

We use Google Ads, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

As part of Google Ads, the following processing activities in particular may occur:

  • displaying advertising in Google search results and in the Google advertising network,
  • measuring interactions with ads (e.g. clicks or conversions),
  • creating pseudonymous target groups (remarketing).

To the extent functions for performance measurement or interest-based advertising are used, this is done exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR. The integration and control of corresponding cookies and technologies takes place via our consent management tool.

Google may also process personal data in the United States. The parent company, Google LLC, is certified under the EU-US Data Privacy Framework, so an adequacy decision pursuant to Art. 45 GDPR is in place.

Further information on data protection at Google can be found at:
[https://www.google.com/policies/privacy/](https://www.google.com/policies/privacy/)

10.2 LinkedIn Ads

We use advertising functions of the social network LinkedIn, provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

LinkedIn Ads enables us to display targeted advertising and evaluate its effectiveness. Cookies or similar technologies may be used for this purpose, enabling pseudonymous recognition of users.

Processing takes place exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR. Integration takes place via our consent management tool.

LinkedIn may also process personal data in third countries (e.g. the United States). LinkedIn is certified under the EU-US Data Privacy Framework; in addition, standard contractual clauses may be used.

Further information on data protection at LinkedIn can be found at: [https://de.linkedin.com/legal/privacy-policy](https://de.linkedin.com/legal/privacy-policy)?

11. Plugins and Other Services

11.1 Google Tag Manager

We use Google Tag Manager on this website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is used for the technical administration and deployment of website tags (e.g. for analytics or advertising services). Google Tag Manager itself is not used to analyze user behavior; personal data is processed—if at all—by the individual integrated services. We describe these services in the corresponding sections of this privacy policy (e.g. “Web Analytics” and “Advertising”).

Google Tag Manager is used for the technical integration and management of the services described in this privacy policy. To the extent services requiring consent (in particular cookies or similar technologies) are integrated via Tag Manager, they are used exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

The parent company, Google LLC, is certified as a US company under the EU-US Data Privacy Framework; an adequacy decision pursuant to Art. 45 GDPR is in place.

Further information can be found at:[https://www.google.com/intl/de/policies/privacy/](https://www.google.com/intl/de/policies/privacy/).

11.2 HubSpot (CRM, Marketing, Sales, and Service Platform)

We use the HubSpot platform provided by HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA.

HubSpot is an integrated software platform that we use in particular for marketing, sales, customer service, and operational processes. The functions used include, among others:

  • managing contact and customer profiles,
  • providing forms (e.g. for contact requests, content requests, or registrations),
  • sending and evaluating email communications,
  • analyzing interactions with our website and our content,
  • supporting sales and service processes.

11.2.1 Scope of Data Processing

As part of the use of HubSpot, we process personal data, in particular:

  • contact data (e.g. name, email address),
  • content and communication data,
  • technical usage data and metadata (e.g. interactions with emails or forms).

If you use forms or communicate with us by email, the transmitted data is stored in a contact profile and—where permissible—combined with other interactions.

11.2.2 Tracking and Cookies

To the extent HubSpot uses functions to analyze user behavior, this is done exclusively on the basis of your consent. The integration of corresponding cookies and tracking technologies is controlled via our consent management tool. For more information, please refer to the sections “Cookies” and “Web Analytics” in this privacy policy.

11.2.3 Legal Basis

Processing of personal data as part of the use of HubSpot takes place:

  • on the basis of your consent pursuant to Art. 6(1)(a) GDPR, if such consent was requested,
  • for the performance of contractual or pre-contractual measures pursuant to Art. 6(1)(b) GDPR,
  • or on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR in the efficient organization of marketing, sales, and service processes.

11.2.4 Recipients and Third-Country Transfer

HubSpot processes personal data as a processor. HubSpot is certified under the EU-US Data Privacy Framework, so an adequacy decision pursuant to Art. 45 GDPR is in place. We have concluded a data processing agreement with HubSpot pursuant to Art. 28 GDPR.

Further information on data protection at HubSpot can be found at: [https://legal.hubspot.com/de/privacy-policy](https://legal.hubspot.com/de/privacy-policy).

11.3 Online Meetings and Video Conferences

We use various tools to conduct online meetings, video conferences, and webinars, each of which is described separately below.

11.3.1 Zoom

We use Zoom for video conferences and webinars (provider: Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113).

Depending on the type of use, this may involve processing in particular your name, email address, meeting metadata (date, time, duration), as well as audio, video, or chat content.
Processing takes place for conducting and following up on online meetings.
The legal basis is Art. 6(1)(b) GDPR (contract or pre-contractual measures) and, where applicable, Art. 6(1)(a) or (f) GDPR.
Processing in third countries (e.g. the United States) cannot be ruled out; appropriate data protection safeguards are in place.

11.3.2 HubSpot Meeting Tool

We use the HubSpot Meeting Tool (provider: HubSpot Inc.) for scheduling and conducting individual online meetings, especially in sales and customer success contexts.

In particular, contact and scheduling data is processed (e.g. name, email address, requested appointment). Processing takes place for the organization and conduct of meetings. The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR. Data processing in third countries is possible; such processing takes place on the basis of appropriate safeguards pursuant to the GDPR.

11.3.3 Microsoft Teams

We use Microsoft Teams for online meetings, especially in customer success contexts (provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399
USA).

This may involve processing your name, email address, meeting metadata, as well as audio, video, and chat content.

Processing serves to conduct online meetings and communicate with customers.
The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Processing in third countries cannot be ruled out; appropriate data protection safeguards are in place.

11.3.4 Data Processing Agreement

We have concluded data processing agreements with all named providers pursuant to Art. 28 GDPR.

12. Content on Our Website

12.1 Contacting Us

When you contact us (e.g. via contact form, email, or other inquiries), we process personal data. Which data is collected in this context depends on the respective communication channel or form.

The data you provide is processed to handle your inquiry, for further communication, and—where necessary—for initiating or performing contractual relationships. In addition, the data may be used for internal organization, qualification of inquiries, and tracking communication and sales processes.

Processing takes place on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR in the efficient handling of inquiries and maintaining customer and prospective customer relationships. If your contact request aims at concluding a contract or relates to an existing contractual relationship, the additional legal basis is Art. 6(1)(b) GDPR.

The data collected when you contact us is stored and processed in our internal systems. It is deleted as soon as processing is no longer necessary for the stated purposes and no statutory retention obligations prevent deletion.

12.2 Application Management / Job Board

We collect and process applicants’ personal data for purposes of handling the application process. Processing takes place electronically. This is particularly the case when an applicant submits relevant application documents to us electronically, for example by email or via a web form on the website. If we conclude an employment or service contract with an applicant, the transmitted data is stored for purposes of handling the employment relationship in compliance with legal requirements.

If we do not conclude a contract with the applicant, the application documents are automatically deleted six months after notification of the rejection decision, unless deletion conflicts with other legitimate interests on our part. Another legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
The legal basis for processing your data is Art. 6(1)(b), 88 GDPR in conjunction with Section 26(1) BDSG.

12.3 Online Courses via ablefy

We offer online courses that are provided and processed through the service ablefy (ablefy GmbH, Potsdamer Straße 125, 10783 Berlin, Germany). If you purchase or use a course, the personal data required for this purpose is processed, in particular inventory and contact data, contract and billing data, as well as usage data in connection with course access.

Our website contains links to pages and functions at ablefy. When you click such a link, you leave our website. From that point on, further data processing in connection with course purchase and course participation takes place via ablefy.

The legal basis for processing in connection with the course offer is generally Art. 6(1)(b) GDPR (contract / pre-contractual measures). To the extent further communication takes place (e.g. newsletters or marketing emails), this occurs only on the basis of corresponding consent or another data protection law basis (see section “Newsletter, Email Communication, and Marketing Automation”).

Further information on data processing by ablefy can be found in ablefy’s privacy policy: [https://myablefy.com/privacy](https://myablefy.com/privacy).

13. Your Rights as a Data Subject

13.1 Right to Confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

13.2 Right of Access Art. 15 GDPR

You have the right to obtain from us, at any time and free of charge, information about the personal data stored about you and a copy of this data in accordance with the statutory provisions.

13.3 Right to Rectification Art. 16 GDPR

You have the right to request rectification of inaccurate personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to request completion of incomplete personal data.

13.4 Erasure Art. 17 GDPR

You have the right to request that we erase personal data concerning you without undue delay, provided one of the reasons stipulated by law applies and processing or storage is not necessary.

13.5 Restriction of Processing Art. 18 GDPR

You have the right to request restriction of processing from us if one of the legal requirements is met.

13.6 Data Portability Art. 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and the processing is carried out by automated means, provided the processing is not necessary for performing a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

13.7 Objection Art. 21 GDPR

You have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you based on Art. 6(1)(e) (data processing in the public interest) or (f) (data processing based on a balancing of interests) GDPR.

This also applies to profiling based on those provisions within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless processing serves the establishment, exercise, or defense of legal claims.

In individual cases, we process personal data for direct marketing purposes. You may object at any time to the processing of personal data for purposes of this type of advertising. This also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.

13.8 Withdrawal of Data Protection Consent

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

13.9 Complaint to a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of personal data.

14. Storage, Erasure, and Restriction of Personal Data

In principle, we process and store personal data only for as long as this is necessary for the respective processing purposes or as long as statutory retention obligations exist.

Personal data is erased as soon as the data is no longer necessary for the stated purposes and no statutory retention obligations or other legitimate reasons prevent deletion.

15. Data Protection Officer

You can reach our data protection officer at: dpo@verso.de.

You may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

16. Currency and Changes to This Privacy Notice

This privacy notice is currently valid.

Further development of our website and offers or changes in statutory or official requirements may make it necessary to amend this privacy notice. You can access and print the current privacy notice at any time on the website at “[https://verso.de/datenschutz/”](https://verso.de/datenschutz/”).