Privacy Policy

Updated in October 2023

Scope

At International School Frankfurt Rhein-Main, we take data privacy seriously and are committed to protecting the personal information that you share with us when using our website https://isf.sabis.net.

Purpose of the data collection

The purpose of the data collection is to optimize our website(s), analyze errors, customize our website to your needs, and provide you the opportunity to get in touch with us and check our services.

General Data Processing

In principle, we collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of the personal data of our users are only carried out after the consent of the user. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.

Legal basis for the processing of your data:

• Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a) the EU General Data Protection Regulation (EU-GDPR) serves as the legal basis.
• In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b) GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
• Insofar as it is necessary to process personal data in order to fulfill a legal obligation to which our company is subject, Art. 6 (1) lit. c) GDPR serves as the legal basis.
• In the event that vital interests of the data subject or any other natural person require the processing of personal data, Art. 6 (1) lit. d) GDPR is used as the legal basis.
• If the processing is necessary to safeguard the legitimate interests of our company or a third party and if the interest, fundamental rights, and fundamental freedoms of the person concerned do not outweigh the former interest, Art. 6 (1) lit. f) GDPR applies as the legal basis for the processing.

Legitimate interests can be in particular:

• the answering of inquiries;
• the performance of direct marketing activities;
• the provision of services and/or information intended for you;
• the processing and transfer of personal data for internal or administrative purposes;
• the operation and administration of our website;
• the technical support of the users;
• the prevention and detection of fraud and criminal offenses; and/or
• the protection of network and data security, insofar as these interests are in accordance with the applicable law and with the rights of the user.

Categories of recipients:

• Service providers for the optimization of websites, online marketing service providers and tools, service companies for information and communication technology, and companies for software and equipment maintenance, some of them are described in detail below;
• Social networks and communities;
• Internal recipients according to the “need to know” principle.

User data / Server log files

Whenever you visit our website, our systems automatically collect data and information from the computer system of the calling computer. The following types of data are collected: Browser type, the version used, the operating system of the user, the IP address of the user, date and time of retrieval, websites from which the user's system has come to our website or to which the user of our website accesses. The legal basis for the temporary storage of data and log files is Art. 6 para. 1) lit. f) GDPR with the above-mentioned legitimate interests. The temporary storage of the IP address by the system is necessary to enable the website to the computer of the user. For this purpose, the user's IP address must remain stored for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) GDPR. The data will be deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the purpose of providing the website, this is the case when the respective session has ended. The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Furthermore, we reserve the right to check the files if, based on concrete evidence, there is a legitimate suspicion of illegal use or a concrete attack on the pages. In this case, our legitimate interest is the processing for the purpose of clarification and criminal prosecution of such attacks and illegal use.

Use of cookies

We use cookies. Cookies are text files that can be stored and retrieved on the user's computer system when visiting a website in the Internet browser or by the Internet browser. Cookies can contain a characteristic string of characters that enables the browser to be uniquely identified when the website or service integrated into it is accessed up again. We use cookies to enable the operation of our website (technically necessary cookies), to make our website more user-friendly (functional cookies), and for marketing and advertising purposes (marketing cookies).

Technical necessary cookies: Some elements of our website require that the calling browser can be identified even after a page change. The purpose of this use is to enable the functionality of the website in the first place. Examples of technically necessary cookies are the ones used to maintain an anonymous user ID within a browsing session without logging in or providing any identification and/or to remember your activities while browsing the website pages. The processing is therefore based on Art. 6 para. 1 lit. b) or f) GDPR.

Functional cookies: There may be functions that are not technically necessary for the operation of our website, but which considerably simplify its use, such as the adoption of language settings or font sizes, the memorization of search terms, playing videos, using maps, etc. Processing is also carried out on the basis of Art. 6 (1) lit. b) or f) GDPR.

Marketing cookies: These cookies record the user’s visit to our website, the pages visited, and the links followed, which enable an analysis of the surfing behavior of the users to make the website more relevant to the visitor’s interests. In this way, e.g.: search terms entered in search engines, frequency of page views, use of website functions, and information about the operating system and browser, etc. are transmitted. The user data collected in this way are pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) 1 lit. a) GDPR if the user has given his consent to this - e.g., by selection in a cookie opt-in banner - otherwise Art. 6 para. 1 lit. f) GDPR in conjunction with If third-party services are integrated, the processing by them is governed by their respective data protection provisions, which are mentioned and/or linked below. For further information, please refer to our "Cookies Policy."

General statements about web beacons/tracking pixel

Web beacons are invisible graphics with the size of a pixel. They are used by partner companies, for the purpose of tracking a user via various web pages to create a profile for use in advertising tailored to the user (targeting). A pixel integrated into the web page is loaded from the partner's server when the web page is accessed. In this way, the partner receives your IP address, as well as information about your browser and its version, browser plug-ins used (browser fingerprint), your operating system, and your network operator. For the integration of external services through web beacons / tracking pixels or other scripts, the specifications for advertising cookies apply accordingly.

Content of external providers

On our website, we use active JavaScript content and fonts, which may also come from external providers such as Google. By accessing our website, these providers may receive information about your visit to our website, for example by transmitting your IP address. You can prevent this transmission by installing a JavaScript blocker such as the browser plugin 'NoScript' or by deactivating JavaScript in your browser. However, this can lead to functional restrictions.

Some of our web pages integrate third-party content within the offer, such as videos from YouTube, map material from Google Maps, images, texts and multi-media files, RSS feeds, or other services from other websites. This always requires the transmission of your IP address to the providers of these contents. We cannot make any statement about the use of your data by these providers and have no influence on further processing. We do not know whether the data will be used for other purposes, such as profile building. Please refer to the corresponding data protection information of the respective third-party providers.

A plugin of the New Relic web analytics service is used on this website. This service is provided by New Relic Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105, USA. The legal basis for this activity is your consent, according to Art. 6 para. 1 lit A DSGVO. 
This allows statistical evaluations of the accessibility, availability of services, and the speed of the website to be recorded. Through the plugin, New Relic receives the information that a user has called up the corresponding page of the offer. If you are logged in as a user of New Relic, New Relic can assign the visit to your account there. 

If you are not a member of New Relic, it is still possible for New Relic to obtain and store your IP address. The purpose and scope of the data collection and information on the processing and use of the data by New Relic, as well as setting options for protecting users' privacy, can be found in New Relic's privacy policy. For information on New Relic's privacy practices, you can contact their privacy team at privacy@newrelic.com. If you are a member of New Relic and do not want New Relic to collect information about you on our Site to associate with your membership information stored with New Relic, you must log out of New Relic prior to visiting our Site or not give cookie permission in this regard.

By consenting to New Relic, there is a possibility that your information will be transferred to the USA. Following the SCHREMS II ruling, the European Court of Justice considers the U.S. to be a country with inadequate data protection, which has been mitigated by an adequacy decision by the EU. As of 11/23, New Relic is a participant in the Data Privacy Framework program. Nevertheless, there is a risk that U.S. authorities could process your data for monitoring and surveillance purposes, possibly without legal recourse.

You can protect yourself against further persecution by tracking pixels from these providers by deactivating the acceptance of third-party cookies in your browser settings.

The legal basis for the transmission of personal data when integrating third-party providers is Art. 6.(1) lit. a) GDPR if the user has given his consent to this - e.g. by selection in a cookie opt-in banner - otherwise Art. 6 (1) lit. f) GDPR in conjunction with recital 47.

Google Maps

We use the offer of Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function comfortably

By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In the process, personal data is transmitted to Google (IP address, time of the request, content of the request, amount of data transmitted, website from which the request came, language and version of the browser, information about the operating system). This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research, and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. If you agree to the use of Google Maps, please be aware that Google Fonts will be loaded too. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. The legal basis for the data processing is Art. 6 (1) a) DSGVO.

For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider's privacy policy. There you will also find further information about your rights in this regard and setting options for protecting your privacy: https://policies.google.com/privacy. For exceptional cases in which personal data is transferred to the USA, standard contractual clauses apply.

Hubspot

On our website, we use the service HubSpot, of HubSpot Inc, 25 First Street, 2^nd Floor, Cambridge, MA 02141, USA. HubSpot is an integrated software solution that covers various online marketing activities. This includes, for example, our website content management, email marketing, social media publishing & reporting, contact management, and the provision of any landing pages and contact forms.

Through our sign-up service, we enable our website visitors to learn more about our company. In addition, you can download content and provide your contact information and other demographic information. This information, as well as our website content, is stored on servers operated by our software partner HubSpot and may be used by us to contact our website’s visitors. In addition, we use the information to determine which of our company's services are of interest to you.

Through the usemessages.com service, we can fend off attacks and optimize peaks in performance. The processing also takes place in a third country, but for which there is an adequacy decision EU. As of 10/23, HubSpot is a participant in the Data Privacy Framework program. Nevertheless, it cannot be ruled out that in the third country, e.g. authorities can access the collected data.
The legal basis for the transfer of personal data is your consent pursuant to Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO, which you have given on our website.

For more information, please refer to the HubSpot CRM privacy policy.

HubSpot is a software company from the USA. To legitimize the transfer of data to the USA, HubSpot Inc. relies on EU standard contractual clauses: https://legal.hubspot.com/dpa Further information on data protection can be found in HubSpot's privacy policy: HubSpot Privacy Policy, HubSpot Information on EU GDPR, and Information on cookies used by HubSpot.

Facebook Pixel

Furthermore, the website uses the so-called Facebook pixel of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; "Facebook"), in connection with the Facebook Custom Audiences function. Through the use of these tools, users of the website can be shown interest-based advertisements ("Facebook Ads") in the context of visiting the social network Facebook or other websites that also use the process. In this way, we pursue the legitimate interest in analyzing user behavior in order to optimize both our website and our advertising for you.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have called up the corresponding website of our Internet presence or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will find out and store your IP address and other identifying features.

The deactivation of the "Facebook Custom Audiences" function for logged in users at https://www.facebook.com/settings/?tab=ads#_möglich.

The legal basis for the processing of your data is Art. 6 (1) lit. f) GDPR. Further information on data processing by Facebook is available at https://www.facebook.com/about/privacy.

Vimeo

Our website uses the plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18^th Street, New York, New York 10011, USA. When you visit one of our pages equipped with a Vimeo plugin, a connection to the Vimeo servers is established. In the process, the Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA. If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account. For more information on the handling of user data, please see Vimeo's privacy policy at: https://vimeo.com/privacy.

The transmission to Vimeo takes place on the basis of consent pursuant to Art. 6 (1) lit a) DSGVO by clicking on the initially covered, inactive video. To view the video, this consent is required, but you can also use the site without viewing the video. You can revoke this consent by deleting the cookies in the browser settings. It is also possible that when you activate the Vimeo player, additional third-party services are loaded by Vimeo, such as Google Analytics. This is beyond our control.

Contact form and e-mail contact

On our website is a contact form available, which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask is transmitted to us and stored. These data are name, address, e-mail address, telephone number, etc. Not all of these data must be mandatory. At the time the message is sent, the following data is also stored: The IP address, date, and time. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

Alternatively, it is possible to contact us via the provided e-mail address. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

The legal basis for the processing is:

• For the receipt of the data based on the sending of the contact form as consent in accordance with Art. 6 (1) lit. a) in connection with Art. 5 (expected processing) GDPR or alternatively on the basis of the legitimate interest of answering your contact request according to Art. 6 (1) lit. f) GDPR.
• For the processing of data transmitted in the context of sending an e-mail, Art. (1) lit.f GDPR with the above-mentioned legitimate interests.
• If the e-mail contact aims at the conclusion of a contract, an additional legal basis for the processing is Art. 6 (1) lit. b) GDPR.

The data will be deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended and there is no reason for further storage. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified. Retention periods under commercial and tax law may exist.

The user has the possibility to revoke his or her consent to the processing of personal data at any time. If the user contacts us by sending an e-mail to privacy@sabis.net, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.

Data in user-generated content

If you write comments or contributions, upload files to our servers, publish pictures, or use other services, your IP address and - if you are logged in - your user data will be saved for our security. Due to the large number of illegal contents that are posted on the Internet every day, we reserve the right to use this information for the defense in legal disputes or for criminal prosecution, i.e. also to pass it on to the opponents of claims, criminal prosecution authorities, and courts. The legal basis for the content provided is Art. 6 (1) lit a) and/or b) GDPR, for all other data collected in this process Art. 6 (1) lit f) GDPR.

Commentary subscriptions

You can subscribe to our newsletter to receive updates about our products and services. You can unsubscribe at any time. Instructions for this are included in each of the emails. The legal basis for sending the newsletter applies.

Data transmission via the Internet

The data transmitted between your browser and our website across the Internet is done through encrypted channels using the https protocol. However, if you wish to communicate with us by means of encrypted e-mail, this is possible by using SMIME encryption. Please inform us of your wish to use encryption, as we regularly send unencrypted e-mails due to the current low market penetration of e-mail encryption methods.

Data transfer

If you provide us with personal data, this data will only be passed on to third parties if this is necessary for the processing of the contractual agreement or if another legal reason legitimizes this passing on. However, we provide certain services with the cooperation of service providers. We have carefully selected these service providers and have taken appropriate measures to protect your personal data.

Storage periods

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws, or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.

Data Subject Rights

In certain circumstances, you have certain rights regarding your personal data. A summary of each right and how you can exercise it is set out below. To exercise any of these rights, please contact us by sending an e-mail to privacy@sabis.net.

• Right of access – you have the right to request from us a copy of the personal data we hold about you.
• Right of rectification – you have the right to ask us to correct inaccurate, irrelevant, incomplete, out-of-date, false, or impertinent data we hold about you.
• Right to request deletion – in certain circumstances, you can ask for the inaccurate, irrelevant, incomplete, out-of-date, false, or impertinent data we hold about you to be erased from our records.
• Right to restriction of processing – under certain conditions, you have the right to ask us to restrict the processing of your personal data.
• Right of portability – you have the right to have the data we hold about you in a structured, generic format, commonly used, and machine-readable format. You also have the right to transmit this data to another organization, where technically feasible.
• Right to object – you have the right to object to certain types of processing, such as direct marketing. You are allowed, for well-founded and legitimate reasons related to a particular situation, to refuse to provide your personal data or to have it subject to a certain treatment, as well as to revoke the consent you have given us and to opt out of any marketing communications that we may send you.
• Right to object to automated processing, including profiling – profiling-based activities are not carried out under any circumstances.
• Right to lodge a complaint – if you have a legal basis to object to our processing of your personal data, you have the right to complain to the Data Protection Authority (DPA) in the country where you reside, or the alleged infringement of data protection laws that have taken place.

Concerns and inquiries

For any concerns or questions, you may contact us by using the "Contact Us" page on this Website.

For data protection inquiries, or if you consider that we did not process your personal data in accordance with the applicable regulations, please contact us by sending an e-mail to privacy@sabis.net.

Acceptance and changes to the policy

By using our website, you are explicitly consenting and confirming that you have read and agree to all the terms and conditions in this Privacy Policy.

At times, we may change and/or update this policy. Any changes we may make to this policy in the future will be posted on this page. We encourage you to periodically review this page for the latest information on our privacy practices.