Privacy Policy

Giesecke+Devrient Currency Technology GmbH, Prinzregentenstr. 161, 81677 Munich, Germany (“G+D”, “we” or “us”) would like to welcome you on its Learning Management System (“LMS”). Your privacy and the protection of your personal data are of utmost importance to us. Therefore, this Privacy Policy explains how we safeguard your privacy when you use and when you share your personal information with us via the LMS.

 

Contact details of the Group Data Protection Officer

Giesecke+Devrient GmbH, Group Data Protection Officer, Prinzregentenstraße 161, 81677 Munich, privacy@gi-de.com

 

Processing of Personal Data

“Personal data” is any information that can identify or make an individual identifiable. In order to provide you with a personal account on our Learning Management System (LMS), we need to store your e-mail address together with your first name, last name, your company, nationality, your function in regard to the banknote processing system (e.g. operator or supervisor) and the machine type for which you can access eLearning content. The LMS also tracks your progress within the learning content and your scores in tests in order to provide you a certificate when you successfully pass a final test. 
In addition, the LMS may collect and process access data that your internet browser automatically transmits to us for technical reasons in order grand access to the LMS. Depending on the access protocol used, this data contains general information such as session data, IP address, browser version, operating system and website-specific settings.

 

Purpose and Legal Basis

We process your personal data for the following purposes:

  • To manage your account;
  • To give you access to the LMS and its content;
  • To improve the LMS and to defend it against attempted attacks;
  • For statistical evaluations based on anonymized data.

We will not process your personal data if we do not have a proper justification foreseen in the law for that purpose. Depending on the contractual relationship we have with you or your employer, the legal basis for processing is Article 6(1)(b) GDPR (performance of a contract) or Article 6(1)(a) GDPR (consent) as well as Article 6(1)(f) GDPR (legitimate interests). 

 

Cookies

The LMS uses cookies for different purposes. Cookies are small text files that websites save onto your computer via your web browser. Cookies cannot execute programs or place viruses on your computer. Following cookies may be used by the LMS:

gieseckedevrient_lms_session: to grant access to different parts of the LMS without having to login again

laravel_cookie_consent: to store user consent for use of cookies

user_logged_in: to grant access rights to LMS content

XSRF-TOKEN: to protect against CSRF attacks

 

Origin of data

Your personal data is generally collected from you directly, insofar as possible. If you are using the LMS as an officer, employee or contractor of a customer, channel partner or other business partner of G+D group (“G+D Business Partner”),  we may also receive data from the G+D Business Partner you work for.

 

Recipients or categories of recipients

If you are using the LMS as an officer, employee or contractor of G+D or another G+D group entity, information on your use will be shared with that G+D group entity and used for the administration of your employment or other contractual relationship with G+D or the G+D group entity you work for (legal basis: performance of contract, Article 6(1)(b) GDPR). For more information please contact the G+D department which administers your employment or other contractual relationship.
If you are using the LMS as an officer, employee or contractor of a G+D Business Partner, through a user account created by or for the G+D Business Partner, information on your use will be shared with the G+D Business Partner you work for. We may also process and use your data for the administration of our contractual relationship with the G+D Business Partner you work for, or share your data for such purpose with the G+D group entity which holds the contract with the G+D Business Partner you work for. For example, if you are a technician working for a G+D Business Partner, both G+D and the G+D Business Partner may use information on trainings you complete for tracking minimum training requirements applicable to the G+D Business Partner you work for. The legal basis for this is the legitimate interest (Article 6(1)(f) GDPR) in administering the contractual relationship with the G+D Business Partner you work for. 
Data we provide for the foregoing purposes to the G+D Business Partner you work for will be controlled by that G+D Business Partner. For more information on the contractual relationship with the G+D Business Partner you work for, and on how the G+D Business Partner will process your information, please contact the G+D Business Partner you work for.
Your data will be exported and stored for the foregoing purposes outside of your account and it will continue to be stored and used even after a possible deletion of your account for as long as it is required for the foregoing purposes.
Your personal data won’t otherwise be transferred to any third party, except subject to separate prior notice and in strict compliance with applicable laws, and can only be accessed by G+D’s eLearning administrators and administrators of Fischer, Knoblauch & Co Medienproduktionsgesellschaft mbH, Lilienthalallee 7, 80807 Munich, Germany (the provider of our LMS). 
The data is stored for the duration of your use of the LMS account. Once a year we will ask you by e-mail if you want to keep your account. If you don’t confirm, we will permanently delete your account with all related data (including certificates). You can also request the deletion of your account at any time. Please address requests for account deletion via e-mail to currency-technology-trainingcenter@gi-de.com

 

Rights of the data subject

You may exercise the following data subject rights in accordance with the applicable data protection law and if the legal requirements are met:

  • Right to access to your personal data stored by us (Article 15 GDPR);
  • Right to rectification of inaccurate or incomplete personal data concerning you stored by us (Article 16 GDPR);
  • Right to erasure of your personal data stored by us, e.g. if there is no longer a legitimate business purpose for processing in accordance with applicable law and statutory storage obligations do not require further storage (Article 17 GDPR);
  • Right to restriction of processing, if the accuracy of the personal data is contested by you or the processing is unlawful (Article 18 GDPR);
  • Right to data portability, i.e. the right to receive the personal data concerning you, which you have provided us with in a structured, commonly used and machine-readable format (Article 20 GDPR);
  • Right to object for the processing of your personal data insofar as such processing is carried out based on Article 6 par. 1 lit. e. or f. GDPR (Article 21 GDPR);
  • Right to withdraw consent (Article 7 GDPR)
  • Right to lodge a complaint with the competent supervisory authority (Article 77 GDPR);

a list of the data protection authorities in Germany can be found under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
The supervisory authority responsible for G+D headquarters in Munich is the State Office for Data Protection Supervision in Bavaria (www.lda.bayern.de).

 

You can contact us at any time to enforce your privacy rights.


We only use technically necessary cookies on this website. These functional cookies are always enabled as they are required for the basic functions of the website. Without these cookies, this website cannot be used as intended. Purposeful use of the Online Learning Portal is not possible without the cookies.

You can find further information on the cookies used and your right to object to the use of technically required cookies in our Privacy Policy.