At the candena GmbH, Munstermannskamp 1, 21335 Lüneburg, Germany (hereinafter “candena”), we are committed to protecting the privacy of your personal data. This document sets out what data will be collected, processed and used in connection with the online programme entitled “PISA Online Programme for School Improvement” for educational practitioners to learn online in English language (hereinafter “Programme”) as a service on the website (hereinafter: “Service”).
We take the protection of personal data very seriously, and comply strictly with the rules of data protection law, in particular the German Federal Data Protection Act (hereinafter "BDSG") and the German Telemedia Act (hereinafter "TMG"). Our service will only collect personal data to the extent to which this is technically required or if the User has given his expressed consent. The Service comprises courses based on innovative online learning and teaching methods, which are open to educators, experts and members of the public from around the world (hereinafter: "Users"). The program is aimed at developing and implementing new forms of scientific, collaborative problem-solving methods and facilitating the peer review of findings. To enable Users to participate in the Programme offered by the Service, candena provides a collaborative platform with various work and communication functions (forums, blogs, message services and contact buttons). It is important to us that Users can at all times trust in candena complying with data privacy, and that Users know which personal data candena will collect during a visit to the Service, and how candena processes, uses and transmits these data. The following explanations serve to provide you with information in this respect. Furthermore, we would like to make you familiar with the security measures which we have taken in order to protect your personal data from manipulation, loss, destruction and improper use.

§ 1 Controller

The Service is offered by candena. candena is the controller as defined by German data protection laws.

§ 2 Profile data

The User may enroll with the Service with his email address or with his existing social network profile. Once the User enrolls with the Service and sets up a user account, we will collect and store the following personal data:

  • First Name
  • Last Name
  • E-mail
  • Gender
  • Avatar
  • Age
  • Country of residence
  • Educational Background
  • Career Level
  • Occupation
  • Organisation
  • Industry
  • Prior Course Participation

These details are mandatory and required to create a User profile. With the exception of the User’s e-mail address, time zone, gender, age, this information will be added to the User profile and can be viewed by other Users. If a User is member of a team his e-mail-address may be disclosed to a limited number of other team members (max. 5 persons) in accordance with the chosen profile settings. The User can also add/upload the following details to the profile:

  • industry of employment (Construction, Education, Manufacturing, etc.)
  • company/organization
  • a brief introduction of yourself
  • student at (University) (radio boxes)
This information is optional. The user decides which personal information he wishes to disclose to other Users. Should the User choose not to enter any information or upload a photograph the respective fields in the profile will not be displayed. Should the User wish to receive a certificate on the successful completion of an online course (incl. credit points, an administration fee may be incurred), the following data will be collected:
  • full name
  • certificate request
  • date of birth
  • place of birth

This information is required to issue certificates. This data cannot be viewed by other Users.The User can access and change the profile data at any time. They are only used for the purpose of creating and managing the profile as well as implementing and providing the online courses offered by the Service as well as to monitor learning success and carry out research projects and internal quality assurance measures.When registering, the User must accept the terms of this privacy notice by ticking the relevant box. The User can only register with the Service if he agrees to the terms of this privacy notice. Should the User revoke his consent at a later date the User account will be closed and the access be blocked.

Once the User has completed the registration he will receive a message sent to his e-mail address provided in which he is asked to confirm the registration.

§ 3 Usage data, statistical analyses

If, as a participant of the Service, the User takes part in its Programme, candena will collect and store data about the Users learning habits as well as communication data generated between the User and the other Users (e.g. tests, questions and answers). This data and content will be used exclusively to conduct the online programme , including the platform functionalities provided, as well as to monitor learning success and carry out research projects and internal quality assurance measures.
In addition, User statistics will be compiled to make it possible to track participants’ activities in general, to eliminate errors and to adapt and improve the existing online programme where necessary. A corresponding role concept exists for carrying out the statistical analyses. According to this, all analytics are anonymous and not specific to a particular individual. Moreover, they may only be generated and used by the respective programme instructors, programme supervisors and organizers as well as administrators.

§ 4 Forums, blogs, messaging services and contact buttons

The online platform of the Service allows Users to exchange information with teaching staff, speakers, mentors and tutors as well as other programme participants via forums, blogs and messaging services. These options are to be used exclusively for communication in connection with the programmes offered by the Service and not for private purposes. Information made available by the User in this regard will be forwarded via the Internet and some of this information can be viewed by all Users. Even using the highest security standards, it is not possible to guarantee absolute protection of information when communicating via the Internet. The User should therefore give careful consideration to what personal information he would like to share with others and should not pass on any confidential information.

§ 5 Data security

The IT equipment used for the Service is located within the EU/EWR under the scope of the EU Data Protection Directive 95/46/EC and complies with the applicable statutory data protection and data security provisions. All premises and equipment are secured to prevent both unauthorized access and loss of data, and are regularly checked and maintained. Access to the systems is subject to strict requirements and is continuously monitored and logged in such a way that it can be reviewed and verified. Authorized persons receive regular training and are required to comply with the data protection provisions.

§ 6 Cookies

The Service uses cookies, i.e. files that are stored on your computer and that send certain information to our server (e.g. your IP address, browser configuration, log-in data, pages visited etc.) Only session cookies will be used for the Service, enabling candena to identify the User as a known user when he logs in again and adapt the website to the User needs, for example by restoring technical settings or making it possible to switch between different page views without losing any data. candena will use the information obtained exclusively for the purpose of structuring the website according to the needs of the Users. The information will not be made available to third parties.
The User can restrict or prevent the use and storage of cookies by changing the corresponding browser settings. In most Internet browsers, this can be done by accessing the cookie settings via the menu at the top of the screen. In this case, it may no longer be possible to access certain parts of the Service, or such access may be very limited.

§ 7 Forwarding data to third parties

Personal data will only be forwarded to third parties if this is necessary in order for candena to be able to make the Service available, or if the User has given his expressed consent.
Any other disclosure of User data will only be made within the framework of the statutory information obligations, or upon a judicial decision. In the event of an order issued by a competent body, candena may, in individual cases, disclose such data, provided that this is necessary for purposes of criminal prosecution, danger prevention activities by the state police authorities, in order to fulfil the statutory tasks of the federal and state offices for the protection of the constitution (Verfassungsschutzbehörden), the German federal intelligence service (Bundesnachrichtendienst), the military counterintelligence agency (Militärischer Abschirmdienst) or the federal criminal office (Bundeskriminalamt) within the framework of its task of preventing the dangers associated with international terrorism or in order to enforce intellectual property rights.

§ 8 Order data processing

In as far as we work with cooperation partners when providing the service and this is required under applicable law, we have entered into corresponding contracts on order data processing.

§ 9 Web analysis and other third party services

The Service uses Google Analytics on its website. Google Analytics makes it possible for website owners to obtain information on the number of visitors to their website, where they come from and their surfing habits while on the site, which can then be used to improve the website concerned. To this end, certain data is transmitted in anonymized form to Google servers in the USA where it is automatically analyzed. The version of Google Analytics used by the Service is programmed in such a way that the last 8 digits of the user’s IP address are deleted even before the data is transmitted to the USA. This makes it impossible for the transmitted data sets to be assigned to a specific User. If the User nevertheless does not want User data to be compiled and analyzed by Google Analytics, he can follow this link and install the deactivation add-on developed by Google.
The Service uses Google+, which is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). Visiting our website involves a link to the Google server, which creates and integrates a connection to the browser of the website visitor and the website displayed. The plugin transmits the visit of our website to Google. We have no influence on the scope, content or transmission of the data and IP address of the User which Google obtains through the connection. In respect of the use of data which is transmitted to Google, the User can view the guidelines set down by Google on the following website: The Service uses so-called social plug-ins of the social network ("Facebook"). Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. For detailed information on the functions of the various plug-ins and their appearance, please go to the following website:

The service uses plugins of the social network LinkedIn from the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter “LinkedIn”). The LinkedIn plugins are indicated by the LinkedIn logo or the “Recommend button” on the Service. When the User uses the Service, the plugin creates a direct connection between the User’s browser and the LinkedIn server. This informs LinkedIn that the User has visited the Service using a certain IP address. When the User clicks on the LinkedIn “Recommend button” while logged in to a LinkedIn account, the User can link content from the Service to the LinkedIn profile. In this way, LinkedIn allocates the User’s visit to the Service to a user account. As the owner of the Service candena is not informed about the content of the data transferred or its use by LinkedIn. See the LinkedIn Privacy Policy for details of data collection (purpose, extent, further processing, use) as well as the User’s rights and setting options. The User can find these details under:
The web pages of our internet presence which contain Facebook social plug-ins establish a direct connection with the Facebook servers via the User’s browser. Facebook will then be provided with the information that the User has accessed the page of the Service which contains the social plug-in. If the User is logged into Facebook at that time, the visit to our pages as well as all of the User’s internet activities in connection with the social plug-ins (e.g. clicking the "Like" button, creating a comment etc.) can be attributed to the User’s Facebook profile and be stored on Facebook. Even if the User does not have a Facebook profile, it cannot be excluded that Facebook may store the User’s IP address. With regard to the purpose and extent of the data collection and the processing and use of such data by Facebook, we hereby make reference to the Facebook Privacy Policy: There, you will also find an overview of the setting options in the personal Facebook profile in order to protect privacy, as well as the rights associated with this. In order to prevent Facebook from collecting the above data, the User can log out of Facebook prior to visiting the Service. In order to prevent the general access by Facebook to User data on the Service, the User can exclude Facebook social plug-ins by an add-on for the browser (e.g. "Facebook-Blocker",

§ 10 Disclosure, correction, deletion or blocking of data

The User can view personal data at any time via the relevant menu prompts on the Service’s website and correct any incorrect data. If necessary, the User can also request that his data or profile be deleted or blocked, provided that the statutory conditions for such a deletion or blocking have been met. Should the User request that his data be deleted, any comments, contributions to forums, documents or other forms of communication on the collaborative platform will not be deleted and will remain available to the other Users of the Service. Users’ personal data will as a matter of programme only be stored as long as this is required in order for candena to be able to provide the Service and/or as long as such storage is legally permitted. The stored personal data will be deleted when the User revokes his consent to the storage, when knowledge of the data is no longer required in order to reach the objectives pursued with the storage, or if their storage is unlawful for other statutory reasons.

§ 11 Policy amendment

Given the constant technical advances in our Services, we shall update our privacy policy from time to time. Where the changes to our privacy policy do not affect the use of the data we already have, the updated privacy policy shall take effect as of the date of its publication on our website. Changes to our privacy policy that affect our use of data that have already been collected and stored are only permissible if they are reasonable and can be reasonably expected of you. In such cases, you will be informed in due time via e-mail, on our websites, in our Services or via other means. You have the right to object to the new privacy policy within (4) weeks of being notified of its coming-into-force. Should you object to the new policy, we reserve the right to terminate the contractual relationship and to delete your user account. You are assumed to agree with the new policy should you not state otherwise within the given time frame. When notifying you of the new privacy policy, we shall inform you of your right to object and of the relevance of the objection deadline.