Security Awareness Training Courses Privacy Policy

With the G DATA Security Awareness Training Courses (hereinafter referred to as “G DATA CDA”), G DATA provides training in an e-learning format that effectively increases employees’ awareness of IT risks. Personal data is collected, stored, and processed as part of providing the platform, rolling out the training content, and evaluating the courses.

 

1. Data Controller and Data Protection Officer

G DATA CyberDefense AG (G DATA) is responsible for the data processing described below in accordance with data protection regulations. You can submit contact requests by e-mail to info@remove-this.gdata.de

Our data protection officer is Bitkom Servicegesellschaft mbH, Albrechtstrasse 10, 10117 Berlin, Germany. You can submit contact requests by e-mail to datenschutz@remove-this.bitkom-consult.de

 

2. Purposes and Legal Bases of Data Processing

2.1 Processing Log Data

When you visit our website, certain data transmitted by your browser is automatically stored on our servers. The resulting log files contain data such as your IP address, the URL, the time, type and number of requests, the amount of data transmitted, the date, the time and duration of the individual access, your browser type, and other similar security data that is used to avert danger if our IT systems are attacked and to protect against license violations.

The collection and use of the information stored in the log files is only for the purposes of correctly delivering the contents of our websites and improving our services. The data processing is based on our legitimate interest (pursuant to Article 6(1)(f) of the GDPR).

 

2.2 Registration and Implementation

We store and use the data actively provided by you or the employees of the licensee as part of the registration process (such as opening an account) and while using our services for the purpose of the contractual provision of our services that you would like to make use of (pursuant to Article 6(1)(b) of the GDPR). This data usually includes:

  • First name
  • Last name
  • E-mail address
  • One-time password
  • Company/organization
  • Which courses are assigned to which person
  • Report on completed courses
  • Assignment in user groups
  • Language settings

 

2.3 Monitoring Learning Progress

To help you get the most out of your learning, our system collects data about your personal usage, such as your learning progress, watched videos, and questions answered or similar activities. This feature may or may not be used by your employer’s administrators, depending on the implementation. This data is not processed for G DATA’s own purposes.

 

2.4 Certifying Learning Progress

Users will receive a certificate via e-mail once they successfully complete a training course or complete learning content. The data processing is carried out for the fulfillment of our contractual obligations towards you as a user (pursuant to Article 6(1)(b) of the GDPR).

 

2.5 Answering Support Requests

If users submit support requests, they will be processed and answered by us. The processing is carried out for the fulfillment of our contractual obligation towards you as a user (pursuant to Article 6(1)(b) of the GDPR).

 

2.6 Data Processing When Using Our Website

When you use our website, we process additional personal data, among other things, to display the website, for website evaluation, for statistical analysis, and to display personalized advertising. A detailed description of the data processing on our website can be found at https://www.gdatasoftware.com/privacy

 

2.7 Phishing simulation (optional feature)

Phishing describes the situation where emails, for example from banks, online shops, or other internet platforms, are imitated as perfectly as possible in terms of design, sender address and customer approach to inspire confidence in the reader and so intercept private, sometimes secret data, such as user IDs and passwords. That data is for example then used for hacker attacks or online banking fraud. Phishing is also used to spread malware and launch targeted attacks against companies. This can lead to the loss of sensitive information and cause considerable damage to the infrastructure, which can even bring production to a standstill. In the "Phishing Simulation", we analyze the handling of precisely these emails. We send you special phishing emails over a predefined period and then collect the results in a management report. To send the emails, we use the data you already provided for contract processing and handling your enquiries:

  • First name
  • Surname
  • Email address

 We then create a management report and show in detail the awareness situation for all participants in a company. The report contains only statistical data, no personal data about you is disclosed. Consequently, your identity cannot be established. Among other things, the following statistical data is shown:

  • Visits to unsafe websites
  • Number of emails opened (phishing emails)
  • Disclosure of sensitive data
  • Number of opened attachments

 

3. Recipients of Personal Data

The people within our company who have access to your personal data are those who require it for the purposes stated in each case.

When using test licenses, we pass on your data to our partners for sales purposes, provided you have consented to this when registering. You have the right to revoke your consent at any time.

Furthermore, we share data with service providers that we use to provide our products and services, such as our learning platform provider.

 

4. Your Rights as a Data Subject

4.1 Right to Information

Please note: You have the right to request information at any time from G DATA CyberDefense AG regarding personal data relating to you that we have stored (Article 15 GDPR) to request information. You are also entitled to request information regarding the recipients or categories of recipients with whom this data is shared, as well as the purpose and duration of storage.

 

4.2 Rectification, Erasure, Restriction of Processing

You also have the right to demand the rectification (as stipulated in Article 16 of the GDPR), the erasure (as stipulated in Article 17 of the GDPR), or the restriction (as stipulated in Article 18 of the GDPR) of the processing of your personal data.

 

4.3 Data Portability

Furthermore, as stipulated in Article 20 of the GDPR, you can request the transmission of your personal data at any time.

 

4.4 Right to Object to Processing

In the event of the processing of personal data for the performance of a task carried out in the public interest ((Article 6(1)(e) of the GDPR)) or for the purposes of legitimate interests (Article 6(1)(f) of the GDPR), you can object to the processing of your personal data at any time with future effect. In the event of an objection, we must refrain from all further processing of your data for the aforementioned purposes, unless

  • there are compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or
  • the processing is necessary for the establishment, exercise, or defense of legal claims.

As stipulated in Article 21(1) of the GDPR, data subjects have the right to object to data processing on grounds relating to their personal situation.

How Can I Exercise My Rights?

To exercise these rights, please write to G DATA CyberDefense AG, G DATA Campus, Königsallee 178, 44799 Bochum, Germany or send an e-mail to info@remove-this.gdata.de

 

4.5 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority. To do so, you can contact the data protection supervisory authority responsible for your place of residence or our company headquarters. The mailing address of the supervisory authority responsible for G DATA CyberDefense AG is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestrasse 2-4, 40213 Düsseldorf, Germany

Last update: June 2024