Privacy Policy

Welcome to the Berlin College of Business and Technology privacy notice.

This privacy policy informs you about the nature, scope, and purpose of the processing of your personal data by the data controller in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR). The definitions of the GDPR, in particular according to Art. 4, are used as a basis.

1.1. Controller

The controller according to data protection law is:

Berlin College of Business and Technology (“BCBT”, “we”)
Lohmühlenstraße 65, 12435 Berlin, Germany
E-Mail: info@berlincollege.de

1.2. Data Protection Officer

You can reach our appointed data protection officer as follows:

Data Protection Officer
Staff of Berlin College of Business and Technology
Lohmühlenstraße 65, 12435 Berlin, Germany
E-Mail: admin@berlincollege.de

---

2. Details of Data Processing

2.1. Website Operation and Website Functions

When you visit our website, we process personal data as follows:

We use services provided by third parties. These services include the use of cookies (Necessary, Functionality, Experience, Measurement, Marketing). Specific details on each cookie and the available setting options can be found under “Learn more and customize” in our consent management.

Within the consent management, you may consent to or object against processing based on legitimate interest. You can adjust your preferences or revoke your consent at any time using the “Privacy settings” button in your browser window. Please note that without your consent, some website functions may be limited.

2.1.1. Provision of the Website Content

• Processing: Provision of website content
• Purpose:
  • Establish a technical connection between your device and our website (session execution).
  • Maintain and improve website functionality.
  • Enhance information and data security (e.g., data stored in log files).
• Categories of Processed Data:
  • IP address of the accessing system
  • Browser type and version
  • Internet service provider
  • Date, time, and success of access
  • Referring third-party websites
  • Third-party websites accessed via our site
• Categories of Recipients:
  • Web hosting
  • Various cookie service providers (as detailed in our consent management)
  • Note: Google Tag Manager (Google Inc.) – no processing of personal data
• Storage Period or Criteria:
  • Data from web hosting is processed in accordance with appropriate guarantees pursuant to Art. 46 GDPR.
  • Session data is deleted at the end of the session, log files after 7 days or upon anonymization, and cookies as described in the consent management.
• Legal Basis:
  • Art. 6(1) f) GDPR (legitimate interests)
  • Art. 6(1) a) GDPR (consent – see Section 2.1.2)

2.1.2. Website Optimization, Reach Analysis, and Social Media Integration

We process personal data for the purposes of website optimization, reach analysis, and integration of marketing and social media functions. Detailed information on these processing activities can be found in our consent management under “Learn more and customize.” The legal basis for this processing is Art. 6(1) a) GDPR (consent), which you may revoke at any time during your browser session.

2.1.2.1. Performance Marketing

• Processing: Use of tracking pixels and creation of audiences
• Purpose:
  • Measure the success of ads in search engines and social networks
  • Improve ad efficacy and conversion rates
  • Inform ad broadcasters about success and conversions
  • Enhance targeting and audience segmentation
• Categories of Processed Data:
  • Possibly personal master data (e.g., name, e-mail address)
  • IP address, log data, and tracking information
• Categories of Recipients:
  • Ad broadcasters – e.g., Meta Platforms, Inc., Google LLC
• Third-Country Transfer:
  • (Only based on binding corporate rules pursuant to Art. 47 GDPR)
• Legal Basis:
  • Art. 6(1) a) GDPR (consent)

2.1.3. Contact via Website

2.1.3.1. Contact Form & Brochure

You can contact us via our website using the contact form.

• Processing: Handling contact inquiries and providing information
• Purpose:
  • Enable communication with BCBT
  • Respond to your inquiries and provide study-related information
• Categories of Processed Data:
  • Personal master data (name, e-mail address)
  • Phone number (optional)
  • Selected program (if applicable)
  • Message content (optional)
  • IP address, log data, and tracking information
• Categories of Recipients:
  • Online form
• Storage Period or Criteria:
  • Data is retained for 3 months after receipt/response to the inquiry
• Legal Basis:
  • Art. 6(1) a) GDPR (consent)

2.1.3.2. Online Meeting Booking

You can schedule an online meeting with us to learn more about our programs and services.

• Processing: Online meeting scheduling
• Purpose:
  • Facilitate communication with BCBT
  • Arrange online consultations
• Categories of Processed Data:
  • Selected meeting date and time
  • Personal master data (name, e-mail address)
  • Phone number (optional)
  • Message content (optional)
  • IP address, log data, and tracking information
• Categories of Recipients:
  • CRM services – e.g., HubSpot Germany GmbH (EU servers)
• Third-Country Transfer:
  • (Only based on binding corporate rules pursuant to Art. 47 GDPR)
• Storage Period or Criteria:
  • Data is retained for 12 months after the meeting takes place
• Legal Basis:
  • Art. 6(1) a) GDPR (consent)

2.2. Digital Services when the operation starts

Our digital services—including the online materials — available to registered users for study and related activities.

2.2.1. App Operation and Features

For the operation of our digital services, personal data is processed as follows:

• Processing: Provision and operation of the mobile app
• Purpose:
  • Host BCBT services
  • Manage user identity (including Single Sign-On)
  • Maintain and improve information and data security
• Categories of Processed Data:
  • User ID
  • Device IP address
  • Internet service provider details
  • Date and time of app usage
• Categories of Recipients:
  • App hosting – partner university
• Third-Country Transfer:
  • (Only based on binding corporate rules pursuant to Art. 47 GDPR)
• Legal Basis:
  • Art. 6(1) b) GDPR (contract performance)
  • Art. 6(1) f) GDPR (legitimate interests)

In addition, various technologies are used to track app usage for service improvements and troubleshooting:

• Processing: App tracking and monitoring
• Purpose:
  • Error monitoring and troubleshooting
• Categories of Processed Data:
  • E materials usage data
  • Error and log data
• Categories of Recipients:
  • Analytics services
• Third-Country Transfer:
  (Only in accordance with appropriate safeguards pursuant to Art. 46 GDPR)
• Storage Period or Criteria:
  • 90 days for error logs
  • 3 years for usage data of registered users
  • 30 days for log files
• Legal Basis:
  • Art. 6(1) a) GDPR (consent provided via mobile OS settings)

You can object to online material tracking via the privacy settings of your mobile device. Initial consent is requested at the first online material launch. BCBT continuously strives to minimize personal data processing and maximize data anonymization.

2.2.2.2. Study Program Participation

• Processing: Provision and execution of study programs
• Purpose:
  • Enable participation in study programs
  • Deliver learning content and facilitate assignment exchanges
  • Support engagement in student communities
  • Issue student identification
• Categories of Processed Data:
  • Name
  • E-mail address
  • Phone number
  • Address
  • Date and place of birth
  • Student number
  • Uploaded profile picture (if applicable)
  • Study progress, grading, and competency profiles
• Categories of Recipients:
  • Cloud services
  • Communication platforms
• Storage Period or Criteria:
  • Data is processed until contract fulfillment and retained in accordance with legal obligations.
• Legal Basis:
  • Art. 6(1) b) GDPR (contract performance)

In some cases, entrance examinations with document verification (including identity documents) may require the disclosure of this data for study performance.

2.3. Job Application Process

Applications submitted via our recruiting website are processed through email service.

• Processing: Job application process
• Purpose:
  • Provide a secure application process
  • Recruit and hire future employees
  • Manage and communicate during the application process
• Categories of Processed Data:
  • Personal master data (name, e-mail address)
  • Contact details (address, telephone number)
  • CV data (education, career history)
  • Visa information
  • Cover letter (optional)
  • LinkedIn profile information (optional)
  • Salary expectations (optional)
• Categories of Recipients:
  • Application management
• Storage Period or Criteria:
  • Data is retained for up to 6 months after the application process (in case of rejection), unless extended by consent (e.g., Talent Pool).
  • Upon contract conclusion, data is maintained in personnel records.
• Legal Basis:
  • Art. 6(1) a) GDPR (consent)
  • Art. 6(1) b) GDPR (contract initiation or performance)

Please note that for data protection reasons, we cannot process applications received outside the proper channel. Under European data protection law, withholding personal data in your application may put you at a disadvantage compared to other applicants.

---

3. Rights of the Data Subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR. You are entitled to the following rights:

3.1. Right of Access

Pursuant to Art. 15 GDPR, you have the right to request confirmation as to whether we are processing your personal data. If so, you can request details on:

• Processing purposes
• Categories of personal data processed
• Recipients or categories of recipients
• Storage period or the criteria for determining the storage period
• Your rights to rectification, erasure, restriction of processing, or objection
• The origin of your data (if not provided by you)
• Any automated decision-making (including profiling) and relevant meaningful information
• Transfers of personal data to third countries or international organizations and the safeguards applied pursuant to Art. 46 GDPR

3.2. Right to Rectification

Under Art. 16 GDPR, you have the right to request correction or completion of your personal data without undue delay.

3.3. Right to Restriction of Processing

Pursuant to Art. 18 GDPR, you have the right to request the restriction of processing of your personal data if:

• You contest the accuracy of the data
• The processing is unlawful but you oppose its deletion
• You require the data for asserting, exercising, or defending legal claims
• You have objected to processing pursuant to Art. 21 GDPR

3.4. Right to Erasure

In accordance with Art. 17 GDPR, you may request the deletion of your personal data, except where processing is necessary for exercising the right to freedom of expression, complying with a legal obligation, serving the public interest, or defending legal claims.

3.5. Right to Notification

If you have exercised your right to rectification, erasure, or restriction, we are obliged under Art. 19 GDPR to notify all recipients of your personal data about these changes, unless doing so proves impossible or involves a disproportionate effort.

3.6. Right to Data Portability

Under Art. 20 GDPR, you have the right to receive your personal data in a structured, commonly used, and machine-readable format or request its transfer to another controller.

3.7. Right to Object

According to Art. 21 GDPR, you have the right to revoke your consent at any time. We will cease processing your personal data unless we demonstrate compelling legitimate grounds overriding your interests, rights, and freedoms. This right also applies to direct marketing purposes and related profiling.

3.8. Right to Revoke Consent

In accordance with Art. 7(3) GDPR, you have the right to revoke your consent at any time. The revocation does not affect the lawfulness of processing based on consent prior to its revocation.

3.9. Right to Complain to a Supervisory Authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. Typically, you can contact the supervisory authority in your place of residence, work, or the location of the alleged infringement. For BCBT, the relevant authority is the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

---

4. Actuality and Changes to This Privacy Policy

This privacy policy is valid in its current version. The latest version of the data protection declaration can be accessed and printed at any time from our website.