Data protection provisions
Introduction
How can you contact us?
What is understood by certain terms?
What personal data is processed by us?
Why and on what legal basis do we store personal data?
How do we use Cookies, analysis and tracking tools and Social Media registrations?
Who do we pass personal data onto?
How do we work together with partners for you?
For what do we use international partners?
Which settings can you alter with regard to data protection?
How can you revoke your consent?
What rights do you have?
How do we protect personal data?
What opportunities exist for minors to use our services?
What other information is important?

NEW DATA PROTECTION PROVISIONS

Page 2

Introduction
The function of these data protection provisions is to inform you about the processing of
personal data in our company. Through these provisions we are meeting our obligations from
the European General Data Protection Regulation (EU-GDPR, EU 2016/679), in particular
Article 13 and 14, as well as Article 26 Paragraph 2 and the Telemedia Act
(Telemediengesetz).
Please read these provisions carefully. If you have any questions, please contact [verlinkt auf
Mail-Adresse, z. B. Datenschutz@] us.
For Mortimer English Club the protection of your privacy and therefore your personal data
always has the highest priority.
These provisions describe how we handle certain information about you, your computer or
your mobile device (“device”). This information possibly contains personal data.
In this document we also explain how we use Cookies and analysis tools on our entire
website.
We observe the applicable data protection law and these data protection provisions at all
times. We only pass on data in the cases which are specified in these provisions.
How can you contact us?
You can contact us at the following address:
Mortimer Franchise GmbH
Auf dem Hof 13
D-58849 Herscheid
You can contact our data protection officer at:
Goalgetter GmbH
Willhoop 3
22453 Hamburg
Datenschutz@Mortimer-English.com [Weiterleitung an
datenschutz@goalgetter.gmbh]

What is understood by certain terms?
Affected person
Natural person, to which the personal data refers.
Analysis tools
Programs which enable an analysis of user behaviour.
Anonymisation
Through a change to the data, it is no longer possible to assign it to a natural person.
Cloud
Use of IT infrastructures and services, which are not available on site on local computers, but
are instead rented as a service and which are accessed via a network (e.g. the internet).
Controller
A body, e.g. company, organisation, authority which decides about the means and the
purpose of processing personal data.
Cookies
Cookies are small text files which are stored on your computer or in your browser.
Devices

NEW DATA PROTECTION PROVISIONS

Page 3
A (mobile) object, such as smartphones, tablets, notebooks, PC, with which you can use
Apps or programs and information services.
GDPR
General Data Protection Regulation, the new regulation of data protection for the European
Union.
IP address
Is an address in the computer network, which is based on the Internet Protocol (IP). This
address is assigned to devices and makes the device addressable and therefore accessible.
Mac address
Is the address of each individual network adapter.
Personal data
This is information which refers to a specific or specifiable natural, living person.
Pseudonymisation
A change to the data in a manner that means it can no longer be assigned to a specific
affected person without obtaining additional information.
Processing
Each type of process in connection with personal data, such as collecting, recording, storing,
modifying, transferring and deleting.
What personal data is processed by us?
We process various types of data when you visit our website or use our products and
services. This can, if necessary, be directly or indirectly personal, which means under the
influence of other data sources.
We collect a lot of this data in a pseudonymised or anonymised form.
This includes, among other aspects, the following information:
Data categories:
 Personal data
 Address data
 Log data
 Account data
 Bank data
 Contact data
Information when visiting our websites:
When you visit our website, we store your IP address for the communication, in addition
further data is transferred through the browser and stored by our web server. This includes,
among other aspects, information about the end device, time of access, the origin of the
request, browser and version, the use of our website and, if necessary, whether you have
already visited us.
Purpose of processing: The presentation of our website and the associated services.
Legal basis: Art. 6 Paragraph 1 letter b, fulfilment of the contract
Information about the contact form:
If you use our contact form in order to send us enquiries, your information from the contact
form, in particular the contact data which you have provided, is stored by us for the purpose
of dealing with your enquiry and in the event of further questions.
Purpose of processing: Offering you the opportunity to contact us and to answer
your questions.
Legal basis: Art. 6 Paragraph 1 letter b, initiation and fulfilment of

NEW DATA PROTECTION PROVISIONS

Page 4

contracts
Why and on what legal basis do we store personal data?
Purpose of processing:
We process your data independently of whether or not it is assigned to a person, for the
following purposes:
 in order to meet our contractual obligations to you.
 in order to enable a problem-free operation of our products and services.
 for a convenient and simple use of our products and services.
 for the improvement and optimisation of the functions, security and stability of our
products and services.
 for the fulfilment of administrative tasks.
Initiation and fulfilment of contracts
As a matter of principle we only store data which we require for the fulfilment of our
contractual obligations to you.
Consent
In some areas it is possible that we offer data processing based on consent. In these cases
we will inform you separately about these circumstances and offer you the opportunity to
allow us to perform this processing.
In these cases we will describe the purpose of the data processing to you and inform you of
your right of revocation.
Legitimate interest
There is also the opportunity to process data based on our legitimate interest. In the process
we are bound to disclose our interest to you and consider the balance of interests between
your interest and ours.
Duration of storage and deletion periods
We only store the personal data to the necessary extent for the fulfilment of the purpose. The
duration of storage is based on legal requirements and the duration of the contractual
relationship.
Should the data no longer be used, it will be anonymised and/or deleted in accordance with
legal provisions (incl. periods).
Should you request the deletion of your data, please note that while we will block your data
immediately, due to technical restrictions it can take up to 30 days until we have permanently
deleted the data.
Furthermore please note that following confirmation of the deletion request there is no longer
an opportunity to restore your data.
How do we use Cookies, analysis and tracking tools and
Social Media registrations?
When you use a product or a service, Cookies will be stored in your browser. Through
Cookies you browser can possibly be identified, so that our website is correctly displayed.
We also use Cookies on our website in different areas, in order to analyse the use of our
website and therefore optimise it, for example the shopping basket function for orders in our
online shop.
Alongside our own systems we use the following tools of other service providers for
marketing purposes and to make your visit to our website or the use of our products/services
more user-friendly:
Analysis tools

NEW DATA PROTECTION PROVISIONS

Page 5

Google Analytics
We use Google Analytics, a web analysis service of Google Inc. (“ Google”). Google
Analytics uses Cookies, which enable us to analyse your use of our website.
The data generated by Cookies about your use of our website is anonymised, as we have
activated the Google IP anonymisation feature. In the process Google sets the last octet of
Ipv4 IP addresses and the last 80 bits of IPv6 addresses to zeros in memory. Therefore
complete IP addresses are not stored on the Google servers. This procedure is generally
carried out on servers within the European Union.
Google uses the collected data on behalf of Mortimer English Club in order to analyse your
use of the website in order to create reports about website activities.
You still have the opportunity to prevent the recording of your use of the website for Google
Analytics. For this please download the browser plugin provided by Google and install [Link:
https://chrome.google.com/webstore/detail/google-analytics-opt-
out/fllaojicojecljbmefodhfapmkghcbnh?hl=de] it.
You can find further information about Google Analytics here [Link:
https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376].
Purpose of processing: The analysis of website usage and therefore the improvement
or optimisation of our website.
Legal basis: Art. 6 Paragraph 1 letter f, the particular interest exists
in the optimisation of our website.
Who do we pass personal data onto?
A transfer of your personal data to third parties for reasons other than those listed below
does not take place.
We only pass on your personal data to third parties, if:
 you have given us your express consent for the underlying processing,
 it is permitted by law and required for the handling of our contractual relationships
with you,
 the passing on of data is based on a legal obligation, and
 the passing on of data is based on a particular interest and there is no reason to
assume that you have an overriding legitimate interest in the non-disclosure of your
data.
We pass on data to the following recipients or categories of recipients in accordance with the
aforementioned reasons:
 Employees (internal and external)
 IT infrastructure service providers
 Payment processors
 Service providers for technical support
 Software service providers
 Providers of analysis tools
 Other service providers
For what do we use international partners?
We use a worldwide IT infrastructure network, for example computers, cloud-based servers,
networks and software solutions, for the performance of our services.
These partners are based in different countries, in part also outside the European Union. In
these countries the same level of data protection is not always legally prescribed and
established in the way it is in the European Union. Consequently we have taken a series of
measures, in accordance with the guidelines of the GDPR, in order to ensure a greatest
possible protection of your personal data. They are:

NEW DATA PROTECTION PROVISIONS

Page 6
 Cooperation with companies in a country which has been recognised through an
adequacy decision of the European Union
 Cooperation with companies in accordance with the EU-US Privacy Shield
 Cooperation with companies on the basis of the EU standard contractual clauses
 Cooperation with companies on the basis of agreed guarantees
We have these measures guaranteed by our partners within the scope of legal requirements.
Furthermore in special cases there is the opportunity to perform the passing on of data
based on your express consent.
How can you revoke your consent?
If you have given us your consent for certain data processing, e.g. the receipt of a newsletter,
submission of offers by third parties, you have the right at any time to revoke this consent –
also in part. Please inform us of this revocation in text form.
Should the processing of data take place on a balance of interests in accordance with Art. 6
Paragraph 1 letter f of the GDPR, you also have the right in this case to object to the
processing, provided there are reasons for this which result from your particular situation or it
concerns direct advertising.
In the event of direct advertising you have a general right to object without information about
the particular situation being necessary. Please inform us about your objection in text form.
What rights do you have?
You have, subject to possible legal restrictions, the following rights which you can make use
of:
The right to information, correction, deletion, restriction of processing, data portability
and objection.
We would like to expressly point out at this juncture that we reserve the right, as is required
by law, to carry out a corresponding identification check and, if necessary, also further
measures for the unequivocal verification of identity.
Right to information:
If you would like information about the personal data stored by us, we ask you to inform us of
this in text form. For reasons of security and due to regulations it is possible that we
pseudonymise certain data, such as credit card information.
Right to correction:
Should you discover or are of the opinion that incorrect information about you is stored, you
can inform us about this in text form. We will investigate the circumstances and if necessary
correct the data accordingly.
Right to deletion:
Should you want your data to be deleted, please inform us of this request in text form. We
will delete your data in accordance with legal requirements.
However we would like to point out at this juncture that we are bound to also store data for
longer periods, due to legal provisions, for example a retention period for accounting
documents of 10 years currently applies (German Fiscal Code) or for guarantee reasons up
to 3 years.
Furthermore we would like to point out that while we will block your data immediately, due to
technical restrictions it can take up to 30 days until we have permanently deleted the data.
Furthermore please note that following the confirmation of the deletion request there is no
longer an opportunity to restore your data.
Right to the restriction of processing:

NEW DATA PROTECTION PROVISIONS

Page 7
You have the right to restrict the processing of data. For this please inform us of the affected
data categories from your point of view and the reason for your request in text form. We will
immediately investigate the circumstances and inform you of the result.
Right to data portability:
Please inform us in text form, which data you would like transferred to which person. We will
immediately investigate your request and inform you of the result.
Right to complain:
If you are dissatisfied with our work in connection with data protection, you have the right to
complain to your local supervisory authority which is responsible for data protection. For
Mortimer English Club, for example, the following supervisory authority is responsible, the
State Representative for Data Protection and Freedom of Information:
Landesbeauftragter für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
How do we protect personal data?
For the protection of your personal data Mortimer English Club has taken measures which
correspond with data protection law and the state of the art in the industry. These measures
are constantly reviewed and if necessary adapted. The objective is to protect your data
against the accidental or deliberate manipulation, the partial or complete loss, the destruction
or against unauthorised access by third parties.
For the transfer of data between our website and our back-end systems the communication
is encrypted in accordance with the SSL procedure (Secure Socket Layer).
We protect the systems and processing through a series of technical and organisational
measures. This includes, among other aspects, data encryption, pseudonymisation and
anonymisation, logical and physical access restriction and control, firewalls and recovery
systems, integrity tests.
Our employees are regularly trained in the appropriate sensitive handling of personal data
and in accordance with legal requirements are obliged to maintain data secrecy.
What opportunities exist for minors to use our services?
Persons who are below the age of 16 years can use our services, if the consent of the
holder(s) of parental responsibility for this is available in text form (in the event of joint
custody all holders of parental responsibility must agree).
What other information is important?
Change to the existing data protection principles
These data protection provisions will be revised at irregular intervals, in order to adapt them
to the current developments in the company, our products and services, legal requirements
and social developments.
Date: 25 May 2018