Privacy policy
Details of the responsible office
The responsible body for data processing on this website is:
JOKARI GmbH & Co. KG,
represented by
Andrea Bünnigmann
Carsten Bünnigmann
Frank J. Goebbels
An der Vogelrute 34
D-59387 Ascheberg-Herbern
Germany
Telephone: +49 25 99 / 50 19 70
E-Mail: info@jokari.de
Information on the data protection officer
If you have any questions regarding data protection, please do not hesitate to contact our external data protection officer:
Mr. Arndt Halbach of GINDAT GmbH.
Wetterauer Str. 6, 42897 Remscheid, Germany
Mail: datenschutz@jokari.de
Tel. +49 2191 / 909 430
Data processing via the website
Your visit to our website is logged. The following data, which your browser transmits to us, is initially recorded:
- the IP address currently used by your PC or router
- the date and time
- browser type and version
- your PC's operating system
- the pages you view
- the name and size of the requested file(s)
- and, if applicable, the URL of the referring website.
This data is collected solely for data security purposes, to improve our website, and for error analysis based on Art. 6 (1) (f) GDPR. We reserve the right to use this data in the event of system misuse to determine the reasons and triggers of the misuse and, if necessary, to initiate legal action. Otherwise, your computer's IP address is only evaluated anonymously (shortened by the last three digits).
You can visit our website without providing any personal information.
We would like to point out that data transmission over the Internet (e.g., when communicating via email) is subject to security gaps. Complete protection of data from access by third parties is not possible. Therefore, you should send us confidential data by another means, e.g., by mail.
Applications
The controller processes the personal data of applicants for the purpose of processing the application process. The legal basis is Section 26 (1) Sentence 1 of the Federal Data Protection Act (BDSG). Processing may also take place electronically. This is particularly the case if an applicant submits relevant application documents to the controller electronically, for example, by email or via a web form on the website. If the controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be deleted in accordance with the statutory provisions after the advertised position has been filled, provided that no other legitimate interests of the controller conflict with deletion. Other legitimate interests in this This includes, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG). For this purpose, the data will be stored for 6 months after the application process has been completed and then deleted.
Please note that email is not a secure medium. Should your application reach our email server, we protect your applications with high technical and organizational measures. We have no influence on the path of your application to our company, via the public internet, and cannot guarantee the level of protection of your application. If your sending email server supports STARTTLS, our email server will also use STARTTLS, thus ensuring transport encryption.
Contact
Personal data (e.g., your name, address, or contact details) that you provide to us voluntarily, e.g., as part of an inquiry, via the contact form, or in any other way, will be stored by us and processed solely for correspondence with you and solely for the purpose for which you provided this data. This data is processed based on our legitimate interest in responding promptly to inquiries. Inquiries from interested parties are based on Art. 6 (1) (f) GDPR.
Secure data transmission
To protect the security of your data during transmission, we use state-of-the-art encryption (SSL) over HTTPS.
Processing of data (customer and contract data)
We process personal data only to the extent necessary to establish, define, or modify the legal relationship (master data). This is done on the basis of Art. 6 (1) (b) GDPR, which permits the processing of data to fulfill a contract or for pre-contractual measures. We process personal data about the use of our website (usage data) only to the extent necessary to enable the user to use the service or to bill them. The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
Data transfer upon conclusion of a contract for services and digital content
We only transfer personal data to third parties if this is necessary for the execution of the contract, for example, to the company entrusted with the delivery of the goods or the credit institution responsible for payment processing. Further transfer of data will not occur or only if you have expressly consented to the transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. The basis for data processing is Art. 6 (1) (b) GDPR, which permits the processing of data to fulfill a contract or to take pre-contractual measures.
We may engage service providers to carry out and process processing operations by way of contract data processing. Specifically, we have engaged service providers for sending the newsletter and hosting our website. The contractual relationships with our service providers are governed by the provisions of Art. 28 GDPR, which contain the legally required points regarding data protection and data security.
Without your consent or contractual necessity, data will only be transferred outside the European Union (EU) and the European Economic Area (EEA) to countries with an adequate level of data protection or based on appropriate safeguards. These may be of a legal, technical, or organizational nature.
Data collection by Google Analytics (GA4)
This website uses features of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, Email: support-deutschland@google.com.
Google Analytics enables the website operator to analyze the behavior of website visitors. This provides the website operator with various usage data, such as page views, length of stay, operating systems used, and user origin. Google may compile this data into a profile associated with the respective user or their device.
Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to a Google server in the USA and stored there. The basis for data processing is your consent in accordance with Art. 6 (1) (a) GDPR.
You can revoke your consent at any time with future effect by making the appropriate setting in our Cookie Consent Tool (change of consent). Consent can be revoked at any time.
There is currently no adequacy decision from the EU Commission for data transfer. The appropriate level of data protection is therefore guaranteed by the use of the EU standard contractual clauses.
IP Anonymization
We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide the website operator with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.
Google Tag Manager
We use Google Tag Manager, a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Tag Manager is a technical tool that allows us to centrally manage website tags. Google Tag Manager itself does not process any personal data; it merely loads other components (e.g., analytics or marketing tags), which can themselves collect data. These components are described separately in our privacy policy.
The basis for using Google Tag Manager is our legitimate interest in the efficient management of website tags in accordance with Art. 6 (1) (f) GDPR. However, if Google Tag Manager loads tags that access technically unnecessary data (e.g., marketing tags), this is done exclusively on the basis of your prior consent in accordance with Section 25 (1) TDDDG and Art. 6 (1) (a) GDPR.
We have concluded a data processing agreement with Google in accordance with Art. 28 GDPR. Due to the use of Google services, it cannot be ruled out that technical information (e.g., IP address) will be transmitted to the USA. Google is certified according to the EU-US Privacy Framework, which was recognized as adequate by the European Commission on July 10, 2023. In addition, we have concluded the EU Standard Contractual Clauses (SCCs) with Google to ensure an appropriate level of data protection.
Further information about Google Tag Manager can be found in Google's privacy policy: https://www.google.de/intl/de/policies/privacy or https://marketingplatform.google.com/about/analytics/tag-manager/use-policy.
Googe Maps
Our website uses the Google Maps map service via an API, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To actively use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there.
Data transfer to the USA
Google LLC, the parent company of Google Ireland Limited, is certified according to the EU-U.S. Data Privacy Framework. This certification guarantees an appropriate level of data protection in accordance with the requirements of the General Data Protection Regulation (GDPR). It ensures that personal data transferred from the European Union to the USA is processed in accordance with European data protection standards.
Legal basis
The use of Google Maps is based on your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by selecting the appropriate setting in our Cookie Consent Tool (please link accordingly).
Further information
Detailed information on handling User data can be found in Google's privacy policy: https://www.google.de/intl/de/policies/privacy
Google Ads und Google Conversion Tracking
This website uses Google Ads. Ads is an online advertising program from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, Email: support-deutschland@google.com. As part of Google Ads, we use what is known as conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser stores on the user's computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. The cookies cannot be tracked across the websites of Ads customers. The information collected using the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie in your internet browser under user settings. You will then not be included in the conversion tracking statistics. Conversion cookies are stored on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. For more information about Google AdWords and Google Conversion Tracking, please see Google's privacy policy: https://www.google.de/policies/privacy
You can configure your browser to inform you about the use of cookies and to only allow cookies on a case-by-case basis, to exclude cookies for specific cases or generally, and to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.
Google Analytics Remarketing
Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google Ads and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, Email: support-deutschland@google.com . This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been tailored to you based on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browsing history with your Google Account for this purpose. This way, the same personalized advertising messages can be displayed on every device on which you log in with your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs, which are temporarily linked to our Google Analytics data to define and create target groups for cross-device advertising. You can permanently opt out of cross-device remarketing/targeting by deactivating personalized advertising in your Google Account; to do so, follow this link: https://www.google.com/settings/ads/onweb
The data collected in your Google Account is aggregated solely on the basis of your consent, which you can give or withdraw to Google (Art. 6 (1) (a) GDPR). For data collection processes that are not aggregated in your Google Account (e.g., because you do not have a Google Account or have objected to the aggregation), the data is collected in accordance with Art. 6 (1) (f) GDPR. The legitimate interest arises from the website operator's interest in the anonymized analysis of website visitors for advertising purposes. Further information and the data protection provisions can be found in Google's privacy policy at: https://www.google.com/policies/technologies/ads
Serverside tracking with GA4, Facebook CAPI & Google Ads
Serverside tracking
We use server-side tracking to make the processing of personal data within the scope of analysis and marketing measures more privacy-friendly and secure. Tracking data is not sent directly from the device to third parties, but is first transmitted to our own tracking server.
Technical implementation
Server-side tracking was set up using the server-side Google Tag Manager (sGTM) in combination with a self-hosted server (own infrastructure). The server is located in a data center within the EU and is operated exclusively by us or on our behalf. This way, we retain full control over the data collected and forwarded.
Services and tools used
Google Analytics 4 (GA4) is integrated via server-side tagging. IP addresses are anonymized, and only pseudonymized user data is processed. Service provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Meta (Facebook) Conversion API (CAPI)
Events such as page views or conversions are recorded on the server side via our infrastructure and – if you have consented – passed on via the Conversion API to Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.
Google Ads (including conversion tracking)
Conversions from Google Ads are also processed on the server side and, with your consent, transmitted to Google in pseudonymized form to evaluate the effectiveness of our campaigns.
Purpose of processing
Server-side tracking is used to measure the success and optimize our website and advertising measures in compliance with data protection regulations. By intermediate processing on our own server, we minimize the amount of data transmitted directly to third parties and simultaneously improve data quality.
LiveChat
This site uses the API of the LiveChat chat service for direct customer communication via online chat. The provider is LiveChat Software S.A., ul. Zwycięska 47, 53-033 Wrocław, Poland.
To use the LiveChat features, it is necessary to save your IP address. This information is usually transmitted to a server within the EU and stored there. The provider of this site has no influence on this data transfer.
LiveChat is used for direct communication with our support team.
The legal basis for this use is your consent in accordance with Art. 6 I a GDPR.
Please note that direct communication may not be possible without your consent.
Further information on how user data is handled can be found in LiveChat Software S.A.'s GDPR Implementation Statement at www.livechatinc.com/general-data-protection-regulation/ and in the privacy policy: https://www.livechatinc.com/privacy-policy
Social Media
Meta Pixel
Our website uses the visitor action pixel from Facebook, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook" and "Instagram"), to measure conversions. This allows the behavior of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and to optimize future advertising measures. The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, allowing a connection to the respective user profile and allowing Facebook to use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. This enables Facebook to enable the placement of ads on Facebook pages and outside of Facebook. We, as the website operator, cannot influence this use of the data. You can find further information on protecting your privacy in Facebook's privacy policy: https://www.facebook.com/about/privacy
This measurement only takes place if you have given your consent. The legal basis is Art. 6 (1) (a) GDPR. You can revoke your consent at any time.
You can deactivate the "Custom Audiences" remarketing function on Facebook in the Ad Settings section at:
https://accountscenter.facebook.com/ad_preferences. You must be logged in to Facebook to do so. If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement
You can also revoke your consent by changing your cookie settings at any time.
TikTok Pixel
Description and Scope of Data Processing
This website uses the TikTok Pixel, an analytics tool provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok"). TikTok is an international video portal operated by ByteDance Ltd., based in China. The TikTok pixel enables us to analyze user interactions on our website and use them for advertising purposes. Personal data such as IP address, device information, browser data, visited websites, click behavior, and other interactions are collected and transmitted to TikTok.
TikTok is responsible for the processing of personal data collected via the TikTok pixel.
For further information on data processing by TikTok, please refer to TikTok's privacy policy at the following URL: https://www.tiktok.com/legal/privacy-policy
Legal basis
The processing of your personal data is based on Art. 6 (1) (f) GDPR (legitimate interest). Our legitimate interest lies in the analysis and optimization of our advertising measures. TikTok's processing of personal data is based on different legal bases depending on the purpose of the processing (e.g., consent pursuant to Art. 6 (1) (a) GDPR or legitimate interest pursuant to Art. 6 (1) (f) GDPR). For details, please see TikTok's privacy policy at the following URL: https://www.tiktok.com/legal/privacy-policy
Purpose
The data collected via the TikTok pixel is used to:
• Target our ads to users,
• Analyze and improve the performance of advertising campaigns,
• Provide personalized advertising.
The data collected includes profile data, usage data, location data, and interactions on our website.
Retention period
TikTok retains user data for as long as necessary to provide the service to users, to fulfill its contractual obligations, and to exercise its rights with respect to the information in question. If user information is not required to provide the service, TikTok will retain user data only for as long as TikTok has a legitimate business purpose for storing that data.
Transfer to Third Countries
TikTok may transfer personal data to ByteDance Ltd. in China or other third countries outside the European Economic Area (EEA). Such transfers are subject to the EU Standard Contractual Clauses (SCCs) that TikTok has entered into to ensure an adequate level of data protection. Further information can be found at the following URL: https://www.tiktok.com/legal/privacy-policy
LinkedIn:
Purpose/Information:
We use the LinkedIn Insight Tag on our website. The LinkedIn Insight Tag collects metadata such as URL, IP address, timestamp, device, and browser characteristics. This technology allows us to evaluate our campaign on LinkedIn without identifying you. LinkedIn only provides reports and notifications (which do not identify you) about website visitors and ad performance. You can control the use of your personal data for advertising purposes via your LinkedIn account settings. The main service provider is LinkedIn Ireland Unlimited Company, Ireland.
Further information:
https://www.linkedin.com/legal/privacy-policy
https://www.linkedin.com/legal/cookie-policy
https://www.linkedin.com/legal/l/cookie-table
Transfers to third countries are possible. Standard contractual clauses have been concluded as appropriate safeguards in accordance with Art. 46 GDPR. For third countries/companies for which an adequacy decision has been adopted, the adequacy decision also applies. For further information (such as a copy of the safeguards), you can contact the details provided under 1.2.
Further recipients can be found in section 1.4 on general recipients.
Deletion/Objection:
You can deactivate this tool via the cookie settings. The cookie settings can be found at the bottom of the home page.
Cookie lifetime: up to 90 days (this only applies to cookies set via this website).
Legal basis:
Art. 6 (1) a GDPR (consent)
Klaviyo
We use the service provider Klavio (225 Franklin St, Floor 10, Boston, MA 02110, United States of America) to send our newsletter (after express consent in accordance with Art. 6 (1) (a) GDPR). Klaviyo is a service that, among other things, can be used to organize and analyze the distribution of newsletters. The data entered for the purpose of subscribing to the newsletter is stored on Klaviyo's servers in the USA.
You can unsubscribe from the newsletter at any time and without complications. We provide a corresponding link in every newsletter. You can also unsubscribe from the newsletter directly on our website.
Data analysis by Klaviyo:
With the help of Klaviyo, we are able to analyze our newsletter campaigns.
Detailed information on the features of Klaviyo can be found at the following link: https://www.klaviyo.com/privacy.
You can object to the use of your data at any time, e.g., by emailing us at the email address provided in this privacy policy. Privacy Policy.
Klaviyo is certified under the EU-U.S. Privacy Shield Framework and is subject to TRUSTe's Privacy Seal and the U.S.-Swiss Safe Harbor Framework.
Use of cookies / Usercentrics Consent Management Platform
Our website uses so-called cookies. Cookies are small text files that are saved by your browser and stored on your computer. The basis for data processing is Art. 6 (1) (f) GDPR.
Some of the cookies we use are deleted immediately after you close your browser (so-called session cookies). Other cookies remain on your device and enable your browser to be recognized the next time you visit (persistent cookies).
Data processing in connection with cookies that serve solely to enable the functionality of our website is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR.
In all other cases, we only use cookies with your consent. The legal basis is therefore Art. 6 (1) (a) GDPR. You can revoke your consent at any time by changing your cookie settings. If you do not wish to use cookies, you can set your browser to refuse the storage of cookies. Please note, however, that in this case you may not be able to use all the functions of our website. Changing your consent in the cookie settings.
Scope of processing of personal data
We use the Usercentrics Consent Management Platform (CMP) from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany, on our website to ensure compliance with data protection regulations and to record and manage your consent. The Usercentrics CMP enables us to implement your preferences for the use of cookies and similar technologies in accordance with the law.
Processing takes place exclusively within the European Union. No personal data will be processed without your consent.
The Usercentrics CMP uses technologies such as cookies and local storage to store user consent. The following data is processed:
• Opt-in and opt-out data
• Referrer URL
• User agent
• User settings
• Consent ID
• Time of consent
• Consent type
• Template version
• Banner language
• IP address
• Geographical location
This data is stored exclusively on our servers and is not shared with unauthorized third parties.
Legal basis for the processing of personal data
The legal basis for the processing of your personal data within the scope of the Usercentrics CMP is Art. 6 (1) (c) GDPR (fulfillment of legal obligations).
Purpose of data processing
The personal data is processed to:
• Ensure compliance with legal obligations
• Store and manage your consent
The data enables us to record and implement your preferences for the use of cookies on our website.
Duration of storage
The consent data (granted consent and revocation of consent) is stored for a period of one year. After this period, the data is automatically deleted if it is no longer required for the stated purposes.
b
Cookies are stored on your device and transmitted from there to our servers. As a user, you have full control over the use of cookies at all times. You can deactivate, restrict, or delete cookies already stored using the settings in your internet browser.
Please note that by deactivating cookies you may no longer be able to use all the functions of our website to their full extent.
Algolia
On our website, we use the search engine provider Algolia Instantsearch from Algolia Inc. (301 Howard St, 3rd floor, San Francisco, CA 94105 (USA) ("Algolia") to search and index our website content.
Algolia Instantsearch is used to make the information contained on our website easier to find and thus ensure user-friendliness. The legal basis for the processing of data is Art. 6 (1) (f) GDPR, our legitimate interest in ensuring a more user-friendly search on our website.
When using Algolia Instantsearch, your IP address and your search query are transmitted to an Algolia server and stored there for 90 days for statistical purposes.
Since personal data is transferred to the USA, additional protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed to standard data protection clauses with the provider in accordance with Art. 46 (2) (c) GDPR. These require the recipient of the data in the USA to To process data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA.
Further information on how Algolia processes your data can be found in the provider's privacy policy: https://www.algolia.com/de/policies/privacy
Automatic translation function DeepL
To make our website more user-friendly, we use the DeepL API Pro, a translation service provided by DeepL SE, Maarweg 165, 50825 Cologne, Germany ("DeepL"). This interface automatically translates the content of our website into the language stored in the user's browser settings. Translation takes place in real time and serves solely to improve the comprehensibility of the content. The texts to be translated are transferred to DeepL's servers but not stored. The DeepL API Pro is used in accordance with applicable data protection regulations and in compliance with the GDPR.
Further information on data processing by DeepL can be found at https://www.deepl.com/privacy.
Change your consent in the cookie settings.
Lernplatform JO!STUDY
Description and Scope of Data Processing
The teaching and learning platform JO!STUDY (https://jostudy.de) is a web-based learning management system. It is based on the open source software Opigno/Drupal. In addition to the following information, the contents of the privacy policy of www.jokari.de apply to this domain.
By using JO!STUDY, personal data about users is stored. According to the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the North Rhine-Westphalia Data Protection Act (DSG NRW), we are obliged to explain which types of personal data are processed for what purpose, the legal basis for this, who has access to the data, and what rights users have regarding the processing of the data. The legal basis is your consent within the meaning of Art. 6 (1) (a) GDPR. If consent is not required, the legal basis in this case is our legitimate interest in ensuring the functionality of the learning platform in accordance with Art. 6 (1) (f) GDPR.
Consent to the processing of personal data when using the JO!STUDY learning portal
Purpose of this declaration
With this declaration, I consent to the processing of my personal data when using the web-based learning platform JO!STUDY by JOKARI GmbH & Co. KG. This consent is based on Art. 6 (1) (a) GDPR in the case of the voluntary submission of my biometric data, in accordance with Art. 9 (2) (a) GDPR. JO!STUDY processes the following categories of personal data of users:
Inventory data
All persons with a JO!STUDY user ID (registered users) have a user account on the JO!STUDY platform and are thus authorized to access the platform. The JO!STUDY user profile stores the person's first and last name and their email address.
Course data
JO!STUDY stores the courses for which users are authorized and with which role. Users receive access to a course either through automatic assignment or through self-registration. This authorization and role data is necessary for the system to function properly. Data and content from the JO!Wiki area are also counted as course data.
Usage Data
Usage data is generated by users' activity in the system. The actions they can perform depend on their role. For every action within JO!STUDY, the system automatically logs the following data:
- First name, last name, and user ID of the person performing the action
- If applicable, first name, last name, and user ID of the affected person
- IP address of the accessing computer
- Date and time of the access
- Source of the access
- Action (including description)
- Affected course
Content Data
Content data is also generated by the users themselves and depends on their role. Users can create content, for example, in polls, feedback surveys, hyperlinks, calendars, group management, tasks, tests, interactive content, assessments, forums, glossaries, or wikis. Uploaded files are also considered content data.
This data category also includes grades awarded for assessed learning activities. Grades can be assigned either automatically by the system, as with electronic self-tests, or manually by the supervisor role, as with tasks. When grades are assigned automatically, managers determine the underlying default settings and have the option of manual review and correction.
System and log data for technical administration
Legal basis for data processing
When consent is processed in connection with the storage of cookies, this is done on the basis of Art. 6 (1) (a) GDPR, or in the case of the provision of biometric data, on the basis of Art. 9 (2) (a) GDPR.
Purpose of data processing
Personal data in JO!STUDY is processed in accordance with Art. 5 (1) (b) and (c) GDPR for specific purposes and subject to data minimization. Inventory, course, usage, and content data are processed for the purpose of preparing, organizing, and conducting courses, conveying content, and monitoring learning success. The usage data is also used for the purposes of system administration and maintenance, technical controlling, troubleshooting technical problems, or resolving security incidents.
The data may also be processed for statistical purposes without consent if processing is necessary for these purposes and the legitimate interests of the data subject do not override them. JOKARI GmbH & Co. KG provides appropriate and specific measures to protect the interests of the data subject.
Data Access
The following roles exist in JO!STUDY, with ascending levels of rights:
Participants
Counselors/Trainers
Support Admin (System Role)
Administrator (System Role)
These roles have varying degrees of access to personal data on JO!STUDY. Data access may only be granted for the stated purpose, to the extent necessary to fulfill the task. The principle of data minimization also applies.
Participants
Participants only receive access to the course through various means. The Participant role includes individuals who have registered as users on JO!STUDY. They are automatically enrolled in the associated course on JO!STUDY. These individuals are manually authorized by the Manager role directly in the course on JO!STUDY.
People in these roles see the following data depending on the teaching scenario:
First name, last name, email address: To enable contact with course supervisors, the first name, last name, and email address of people with the "Supervisor" role are always visible to people with the "Participant" role. People with the "Participant" role can only see the first name, last name, and email address of other people with these roles if they have allowed this in their profile settings.
Content data: Contributions of all roles in offered course activities, including uploaded files. The visibility of this data depends partly on the course activity settings selected by administrators. The settings for the visibility of data for other course participants are set by default to minimize data visibility. People with the "Student" or "Other Participant" roles always see only their own assessments.
Supervisor/Trainer
The "Supervisor" role with editing rights can, in addition to the rights of the "Supervisor" role, only upload files to directories. These roles are assigned by the administrator. They are responsible for assigning tasks to the supervisors and the associated access to personal data, especially that of participants.
Individuals in these roles see the following data, depending on the teaching scenario:
First name, last name, email address: Always visible for all roles in the course to ensure the fulfillment of supervision tasks. For the same reason, the first name, last name, and email address of supervisors are visible to everyone in the learning space.
Content data: Contributions of all roles in offered course activities, including uploaded files. The visibility of this data depends partly on settings chosen by administrators. Since both roles are primarily used for correcting and manually assessing assignment solutions, supervisors also see the participants' assessment data.
Administrator
The Administrator role is only assigned to a maximum of three employees of JOKARI GmbH & Co. KG. These employees are responsible for the system administration of JO!Study. Individuals with the Administrator role generally see all personal data, including usage data and web server log data. Access is granted solely within the scope of their official duties and when necessary. The individuals assigned this role are sworn to confidentiality.
Course Data
Authorizations for courses in JO!STUDY are deleted three years after the course was created.
Usage Data
Usage data is deleted as part of the course lifecycle, at the latest three years after the course was created in JO!STUDY.
Content Data
Content data is deleted as part of the course lifecycle, at the latest three years after the course was created in JO!STUDY.
Data Sharing
Subject to legal provisions, personal data will not be shared with third parties or used for purposes other than those stated here.
Third-party applications connected via a secure JO!STUDY API can only receive the data that is also available via the web interface. These applications must be separately approved by the data protection officer of JOKARI GmbH & Co. KG before being put into operation.
Data Transfer to Third Countries
The transfer of the above-specified personal data from JO!STUDY to third countries is not intended.
Revocation option
Consent to the processing of personal data when using JO!STUDY is voluntary and can be revoked at any time with future effect – in writing or by email to JOKARI GmbH & Co. KG (info@jokari.de).
Revocation of consent to use the learning portal as a whole:
This will result in access to the platform no longer being maintained, as there will no longer be a legal basis for processing personal data. In this case, access will be blocked and the user account deleted.
Revoking consent to use your profile photo:
This will not affect your other use of the platform. Your profile photo will be removed immediately and will no longer be displayed or used.
Your rights
According to Articles 15-21 GDPR, if the conditions described therein are met, you can assert the following rights with regard to the personal data we process.
You can request information about your personal data processed by us in accordance with Article 15 GDPR.
If incorrect personal data is processed, you have the right to rectification in accordance with Article 16 GDPR.
If the legal requirements are met, you can request the deletion or restriction of processing (Articles 17 and 18 GDPR).
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent up to the time of revocation.
Right of objection in accordance with Article 21 GDPR
The data subject has the right to object at any time to the processing of personal data concerning him or her which is based on Article 6 (1) (e) or (f) GDPR, for reasons arising from his or her particular situation. This also applies to profiling based on these provisions.
Standard deadlines for deleting data
Unless there is a statutory retention period, the data will be deleted or destroyed when it is no longer required to achieve the purpose of the data processing. Different retention periods apply to personal data; for example, data relevant to tax law is generally retained for 10 years, while other data required by commercial law is generally retained for 6 years. Finally, the retention period may also be based on statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB) are generally three years, but in certain cases can be up to 30 years.
Right to lodge a complaint with a supervisory authority
According to Article 77 of the GDPR, every data subject has the right to lodge a complaint with a supervisory authority if they believe that the processing of personal data concerning them violates the GDPR. The competent supervisory authority for data protection issues is the State Data Protection Commissioner of the federal state in which our company is headquartered.
The State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf
Tel.: +49 211 38424-0
Fax: +49 211 38424-999
Email: poststelle@ldi.nrw.de
Disclaimer
Liability for Content
As a service provider, we are responsible for our own content on these pages in accordance with general law (pursuant to Section 7 (1) of the German Telemedia Act (TMG). However, as a service provider, we are not obligated to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity (Sections 8 to 10 of the German Telemedia Act). This does not affect obligations to remove or block the use of information under general law. However, liability in this regard is only possible at the time of knowledge about a specific violation of law. Upon knowledge of such violations, we will remove such content immediately.
Liability for Links
Our website contains links to external third-party websites over whose content we have no influence. Therefore, we cannot accept any liability for this external content. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were reviewed for possible legal violations at the time the link was created. Illegal content was not recognizable at the time the link was created. However, permanent monitoring of the content of linked pages is unreasonable without concrete evidence of a legal violation. Upon notification of any legal violations, we will remove such links immediately.