Data Privacy Policy
Welcome to The Company Family Program (CoFam) and our online presence, especially www.cofam-program.com
We are pleased that you are interested in our offers. The protection of your privacy and your personal data is very important to us. Your data is therefore always collected and used in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR), the German Federal Data Protection Act (BDSG), the German Act on Data Protection and Privacy in Telecommunications and Digital Services (TDDDG) and the German Digital Services Act (DDG). In the following, we - as the party responsible for data processing - will therefore inform you which data we collect and how we process this data.
Personal data within the meaning of Art. 4 No. 1 GDPR means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data is only stored to the extent necessary to provide the booked service, to comply with legal requirements or for the purpose stated below.
Personal data is processed as part of the employee children exchange programs. The purpose of the processing is to organize the exchange of children between the ages of 14 and 18 of employees of cooperating companies. The cooperating companies and CoFam partly process your data as joint controllers. This applies in particular to the exercise of the rights of data subjects and the fulfilment of information obligations in accordance with Articles 13 and 14 GDPR. Even if there is joint responsibility, the parties fulfil the data protection obligations according to their respective responsibilities for the individual process stages.
The controller for this online presence within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
The Company Family Program
Indre Bermann
Fischenbeck 17 C
45472 Muelheim an der Ruhr
Tel +49 208 30994833
E-Mail: i.bermann@cofam-program.com
a) However, the collection of personal data is essential if you wish to contact us via our portal, subscribe to our newsletter or use other offers on our website for which personal data is essential.
b) In accordance with legal regulations and in the interests of data economy, we generally only collect data that is required for the provision of this particular service. If we ask you to provide further information in our forms, this is always voluntary and marked as such. Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The data is also stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
c) In the event of an application for participation in an exchange program or other service, the data collected will be used for the processing of this application and participation, within the legal requirements for advertising purposes and for statistical purposes. We process personal data of the participating families, private and professional contact details, living situation, family circumstances, interests, health information, language skills, leisure activities. We also collect additional data from the families in individual cases to carry out the application process and matching.
In addition to the data from the application form, this may include further information on personal circumstances, such as health information. In addition, we process - insofar as it is necessary for the implementation of the "Employee Child Exchange Program" - personal data that is legitimately transmitted to us by other third parties.
d) If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.
All you need to do is send us an informal notification by e-mail. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
We would like to point out that revocation in the context of the application and participation in exchange programs will lead to exclusion from the application process and exclusion from the program.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.
e) If you subscribe to our newsletter, we also store and use the personal data you provide in your application on the basis of Art. 6 para. 1 lit. f GDPR in order to provide you with the best possible service as a newsletter subscriber.
f) The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given consent. We also use the personal data stored by us to maintain customer relationships, for customer support (e.g. information on the course of your stay), to carry out our own advertising and marketing measures (e.g. sending advertising mailings within the legally permissible framework, queries on customer satisfaction) and for order processing. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.
a) Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis. The lawfulness of the processing is given on the basis of your consent.
You can withdraw your consent at any time. We would like to point out that the revocation is effective for the future and processing that took place before the revocation is not affected.
b) When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
c) Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
d) In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
e) If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
This applies in particular to the following case groups:
- Testing and optimization of procedures for needs analysis and direct customer contact,
- advertising, unless you have objected to the use of your data,
- Ensuring IT security and IT operations,
- Prevention and investigation of criminal offenses,
- measures for business management and the further development of services and products.
f) Through your use of social media services, usage profiles are created by these companies based on your usage behavior and used to display advertisements. Cookies are usually stored on your computer for this purpose. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
Insofar as this is necessary for the provision of the contractual service owed by us or legal obligations, your data will also be passed on to subcontractors or service providers to provide the service in our name or on our behalf (e.g. technical processing of mail and email dispatch, payment processing, customer service).
Within CoFam, only the departments involved in processing your application will have access to your personal data. At the beginning of the application process, your employment relationship with your employer, who cooperates with CoFam, will be checked as listed in the joint transparency information. In addition, the data will be passed on to persons or companies for the purpose of processing your participation in the program. Please note that the data protection regulations at the registered office of these persons and companies may differ from those in Germany.
Your data will also be disclosed and transferred to third parties if we are obliged to do so by law or on the basis of legally binding court proceedings.
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided.
Data will only be transferred to third countries (countries outside the European Economic Area - EEA) if this is necessary for the execution of our offers, required by law or if you have given us your consent. If required by law, we will inform you of the details. Data is not transferred to bodies in countries outside the European Economic Area (so-called third countries) during the application process.
Among other things, we use tools from companies based in the USA or other third countries that do not have a level of data protection comparable to that in the EU. If these tools are active, your personal data may be transferred to these third countries and processed there.
We would like to point out that the USA, as a safe third country, generally has a level of data protection comparable to that of the EU. Data transfer to the USA is therefore permitted if the recipient is certified under the "EU-US Data Privacy Framework" (DPF) or has suitable additional guarantees.
We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in third countries. For example, companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It cannot be ruled out that authorities, such as secret services, may process, evaluate and permanently store your data located on servers hosted in third countries for surveillance purposes. We have no influence on this processing activity.
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk within the meaning of Art. 32 GDPR.
Your personal data will be stored for the purposes stated under "Purpose of collecting personal data". The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The legislator has issued various retention obligations and periods. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data in accordance with Art. 17 para. 3 GDPR. If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted, i.e. the data is blocked and not processed for other purposes. This includes data that must be retained for tax law reasons.
Our Internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser. In some cases, cookies from third-party companies may also be stored on your device when you use our online services (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.
Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy policy and, if necessary, request your consent.
In principle, it is possible to use our website without cookies or similar technologies that do not serve technical purposes. By accepting additional functional cookies, we can improve the ease of use and personalization of our offer to you. We therefore recommend that you permanently activate cookies for our website.
We provide a cookie consent tool for individual configuration, which you can find more details on in the following paragraph.
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 lit. b) GDPR and serve the needs-based design and continuous optimization of our website.
Cookie consent with Real Cookie Banner
We use the "Real Cookie Banner" consent tool to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents. Details on how "Real Cookie Banner" works can be found at https://devowl.io/de/rcb/datenverarbeitung/
The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consent.
On our website you have the option of registering for our newsletter. We process the personal data transmitted via the registration form in order to send you the individual newsletters. For the purpose of measuring reach and evaluating our email marketing campaigns, we collect data on your use of our newsletters, e.g. whether, how often and for how long you read them and which links you click on.
The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. a GDPR, possibly in conjunction with. § Section 7 para. 2 no. 3 UWG . We may also send you certain information by email on the basis of legal permission in accordance with Section 7 (3) UWG. You can revoke your consent at any time with effect for the future (e.g. via the "unsubscribe" link in the newsletter). If you exercise your right of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose no longer applies. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. You can object to the storage if your interests outweigh our legitimate interest.
A fully automated decision means that decisions are made by technical means without the direct involvement of a person.
Automated decision-making in accordance with Art. 22 GDPR does not take place on our website. In the event that we use this procedure in individual cases, we will inform you of this separately if required by law.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
We do not process your data with the aim of evaluating certain personal aspects (profiling).
Our online presence uses Google Fonts and the Google Fonts API to visually display fonts and symbols. When using Google Fonts, Google also collects, processes and uses data about the use of the fonts functions by visitors to the websites, unless the data is stored on the local servers of our online presence. You can find more information about data processing by Google in Google's privacy policy at http://www.google.com/privacypolicy.html. You can also change your settings there in the data protection center so that you can manage and protect your data.
The use of Google Web Fonts is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TDDDG. Consent can be revoked at any time.
If your browser does not support web fonts, a standard font will be used by your computer.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://privacy.google.com/businesses/gdprcontrollerterms/ und
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
You can find more information on the handling of user data in Google's privacy policy:
https://policies.google.com/privacy?hl=de
The Google Fonts terms of use can be found at https://fonts.google.com/about# and https://policies.google.com/terms?hl=en
Our online presence uses Google Maps and the Google Maps API to visually display a map and geographical information. When Google Maps is used, Google also collects, processes and uses data about the use of the Maps functions by visitors to the websites. The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://privacy.google.com/businesses/gdprcontrollerterms/ und
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
You can find more information on the handling of user data in Google's privacy policy:
https://policies.google.com/privacy?hl=de
There you can also change your settings in the data protection center so that you can manage and protect your data. You can find the terms of use for Google Maps at https://www.google.com/intl/de_de/help/terms_maps.html https://www.google.com/intl/de_de/help/terms_maps.html
Our online presence uses the translation service TranslatePress of SC Reflection Media SRL, Str. Armoniei, nr. 23A, Ap. 46, Timis County, Timisoara City, Romania.
The purpose of this use is to offer our users the opportunity to use our website in another language.
We are not aware of any data being transferred to SC Reflection Media SRL in the process.
The legal basis for the use of TranslatePress is Art. 6 para. 1 lit. f) GDPR. The use of TranslatePress is in the interest of easy accessibility and accessibility of our online offers for international visitors. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.
You can find more information on the handling of user data in the TranslatePress privacy policy at https://translatepress.com/privacy-policy/. https://translatepress.com/privacy-policy/.
Our online presence uses the WPForms plugin. The provider is WPForms LLC, WPForms 7732 Maywood Crest Dr, West Palm Beach, FL 33412, USA.
With this plugin, we collect data via the application form and the contact form.
The plugin offers a GDPR extension in the version used. The activated option deactivates all user cookies and prevents the IP address from being saved. Entered form data is sent in encrypted form by email and stored on an email server. According to the manufacturer, the requests sent in WordPress are not stored in the version we use. A detailed description of the implemented GDPR measures can be found in the following article. https://wpforms.com/introducing-new-gdpr-enhancements-for-your-wordpress-forms/.
This website uses plugins from the social network LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). The LinkedIn plugins can be recognized by the corresponding logo or the "Recommend" button. Please note that the plugin establishes a connection between your internet browser and the LinkedIn server when you visit our website. LinkedIn is thus informed that this website was visited with your IP address. If you click on the LinkedIn "Recommend button" and are logged into your LinkedIn account at the same time, you have the option of linking content from our website to your LinkedIn profile page. In doing so, you enable LinkedIn to associate your visit to our website with you or your user account. You should be aware that we have no knowledge of the content of the data transmitted or its use by LinkedIn.
Further details on the collection of data and your legal options as well as setting options can be found on LinkedIn at https://www.linkedin.com/ https://www.linkedin.com/
We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. Furthermore, user data is generally processed within social networks for market research and advertising purposes.
This website uses a link to YouTube from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use the "extended data protection mode" when embedding, so that usage information is only transmitted when the video is started. In this case, the specific page of our website you visit and the video you watch are transmitted. If you are logged into your YouTube account, you enable YouTube to assign your page views directly to your personal profile.
If you want to ensure that no data about you is stored on YouTube, do not click on the embedded videos. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://privacy.google.com/businesses/gdprcontrollerterms/ und
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
Further information on the handling of user data can be found in Google's privacy policy at:
Last but not least, security also depends on your system. You should always treat your access information confidentially, never allow passwords to be saved by the web browser and close the web browser window when you end your visit to our website. This will make it more difficult for third parties to access your personal data.
Use an operating system that can manage user rights. Set up several users on your system, even within the family, and never use the Internet with administrator rights. Use security software such as virus scanners and firewalls and keep your system up to date.
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection , the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
- in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;
- in accordance with Art. 7 para. 3 GDPR, to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future;
- pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters and
- Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR):
If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on this provision. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 (1) GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).
You are of course entitled to these rights free of charge. To revoke your consent to the use of data, to request information or the correction, blocking or deletion or to exercise the other rights of data subjects, please contact:
The Company Family Program
Indre Bermann
Fischenbeck 17 C
45472 Muelheim an der Ruhr
Tel +49 208 30994833
E-Mail: i.bermann@cofam-program.com
We would like to point out that you can most easily assert your data subject rights in connection with your social media use against the social media companies and that you can make further settings options there to protect your privacy with the social media companies.
You can contact the supervisory authority responsible for you for complaints within the meaning of Art. 77 GDPR using the following contact details:
North Rhine-Westphalia
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de
If you no longer wish to receive our newsletter or advertising emails, click on the link: "Unsubscribe newsletter", which is included at the end of all e-mails we send.