We treat your data with care
Thank you for visiting our website and for your interest in the International Software Architecture Qualification Board. The protection and security of our visitors’ and users’ data is important to us. We have therefore designed our website and business processes to collect or process as little personal data as possible. The following privacy statement explains what information we collect during your visit to our website and what parts of this information are used, if any, and how. You are welcome to find out in detail below how we handle your personal data.
Responsible party within the meaning of data protection law
International Software Architecture Qualification Board
Contact details of our internal data protection officer
If you have any questions that are not answered in this data protection policy or if you would like further information on any of the points, please contact our internal data protection manager Tess Parthum (Email: datenschutz(at)isaqb.org).
What data do we collect from you?
We process so-called access data (in particular your IP address) on our website for statistical evaluations for the purpose of the operation, security and technical optimization of our website. This enables us to present our website to you more effectively and to identify errors. When accessing our website, the browser used on your terminal device will automatically send information to our website server, which means that when our website is accessed, we collect access data and temporarily store it in a so-called log file.. The name of the website accessed, the file accessed, the date and time of access, the amount of data transferred and notification of successful access, the browser type and version, the operating system, the so-called referrer URL (the previously visited page) and the requesting provider and your IP address. You are not identifiable to us from this data.
Log data is regularly deleted in a timely manner. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
- IP address
- Time stamp of the access
- Name and version of the browser software
- Origin of your page request
- Operating system used
Based on your input in forms:
- Surname/First name
- Email address
- Data released or entered by the user
How do we collect your data?
In the course of accessing our website, access data is automatically logged. Otherwise, all other data is collected through your input.
What do we use your data for?
To provide our products and services and to optimize and protect our website. With your consent, we use your input to respond to your contact requests/messages. We do not use your data for purposes other than those specified.
We also use your data for advertising, provided you have consented to this. Only in special exceptions will your data be passed on to third parties, e. g. for criminal prosecution in the event of misuse or attack on our IT systems.
If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent.
The processing of these data is based on Art. 6 (1) (b) GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) GDPR) or on your agreement (Art. 6 (1) (a) GDPR) if this has been requested.
The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e. g. after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions – in particular retention periods.
Depending on where a cookie comes from, a distinction can be made between so-called first-party cookies and third-party cookies:
Cookies that are generated and stored locally by the website operator, i. e. the controller, or by a processor commissioned by the controller. Only the operator has access to these cookies.
Cookies that are generated, set and accessed by third-party providers that are not acting as order processors on behalf of the operator of the website.
Depending on the validity period, a distinction can also be made between so-called transient and persistent cookies:
Cookies that are automatically deleted when you close the browser. These include, in particular, session cookies.
Cookies that remain stored on your terminal device for a specified period of time after you close the browser.
Depending on their nature and purpose, the user’s consent may be required for the use of certain cookies. In this respect, cookies can be differentiated according to whether the user’s consent is mandatory for their use:
Cookies that are strictly necessary for the website operator, expressly requested by the subscriber or user, to provide that service (“Strictly Necessary Cookies”).
Cookies requiring consent
Cookies that are used for all purposes other than those mentioned above.
Technically necessary cookies
The cookies we use are so-called “technically necessary cookies”. Technically necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies. These cookies are set automatically when you access our website or a particular function, unless you have prevented cookies from being set through settings in your browser.
Our cookies are only needed for the duration of your current service call or session and are deleted again or lose their validity as soon as you leave our website, or your current session expires (so-called “session cookies”).
We use tracking technology on our website to measure and evaluate our website and optimize our content. To protect our users and partners, we can also detect and prevent fraud and security risks.
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. Google may consolidate these data in a profile that is allocated to the respective user or the user’s device.
Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e. g. cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.
This analysis tool is used on the basis of Art. (1) (f) GDPR. The operator of this website has a legitimate interest in the analysis of user patterns to optimize both, the services offered online and the operator’s advertising activities. If a corresponding agreement has been requested (e. g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR; the agreement can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
On this website, we have activated the IP anonymization function. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyze your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.
You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.
This website utilizes Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).
Hotjar is a tool used to analyze your user patterns on this website. Hotjar allows us to, for instance, record your mouse and scroll movements as well as your click. During this process, Hotjar also has the capability to determine how long your cursor remained in a certain position. Based on this information, Hotjar compiles so-called Heatmaps, that make possible to determine which parts of the website the website visitor reviews with preference.
We are also able to determine how long you have stayed on a page of this website and when you left. We can also determine at which point you suspended making entries into a contact form (so-called conversion funnels).
Furthermore, Hotjar can be deployed to obtain direct feedback from website visitors. This function aims at the improvement of the website offerings of the website operator.
Hotjar uses technologies that make it possible to recognize the user for the purpose of analyzing the user patterns (e. g. cookies or the deployment of device fingerprinting).
The use of this analysis tool is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the analysis of user patterns in order to optimize the operator’s web offerings and advertising. If a corresponding agreement has been requested (e. g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR; the agreement can be revoked at any time.
Deactivation of Hotjar
If you would like to deactivate the recording of data by Hotjar, please click on the link below and follow the instructions provided under the link: https://www.hotjar.com/opt-out.
Please keep in mind that you will have to separately deactivate Hotjar for every browser and every device.
For more detailed information about Hotjar and the data to be recorded, please consult the Data Privacy Declaration of Hotjar under the following link: https://www.hotjar.com/privacy.
Plug-ins and Tools
Twitter website tag for remarketing
Our website uses “website tag for remarketing” of the Twitter network. The provider is Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland. By using the website tag, a direct connection to the Twitter servers is established. It is thus transmitted to the Twitter server that you have visited our website. Twitter links this information to a unique ID that is stored on your terminal device in the form of a cookie or provided by your terminal device (“advertising ID” for smartphones). If you visit other websites that also use the “website tag for remarketing”, this information will also be linked to your unique ID.
The legal basis for the processing of your personal data is based on your previously given consent according to Art. 6 para.1 lit. a GDPR.
You can change your privacy settings on Twitter in the account settings https://twitter.com/account/settings.
LinkedIn Marketing Solutions (formerly: LinkedIn Ads)
We use “LinkedIn Marketing Solutions” on our website, a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).
IP addresses are shortened or (if used to reach members across devices) hashed. LinkedIn does not provide us with personally identifiable information, but only provides reports (in which you are not identified) on site audience and ad performance. This allows us to track the effectiveness of LinkedIn ads for statistical and market research purposes. Members’ direct identifiers are removed by LinkedIn within seven days to pseudonymize the data. LinkedIn then deletes this remaining pseudonymized data within 180 days.
We use LinkedIn Marketing Solutions on the basis of your consent (Art. 6 para. 1 sentence 1lit. a DSGVO). You can withdraw your consent at any time via our Cookie Consent Manager. This does not affect the lawfulness of the processing that took place until your.
In the context of LinkedIn services, your data may be transmitted to LinkedIn Inc. in the USA. The data processing may therefore take place outside the EU or the EEA. With regard to LinkedIn Inc., no adequate level of data protection can be assumed due to processing in the USA. Consequently, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to appeal. We have no influence on whether and to what extent LinkedIn processes your data for its own purposes or links it to other user profiles of yours. The transfer to a third country is based on Art. 49 para. 1 lit. a DSGVO.
We use the service “Microsoft Ads” on our website, a service of Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (“Microsoft”).
We use Microsoft Advertising on the basis of your consent (Art. 6 para. 1 sentence 1lit. a DSGVO). You can withdraw your consent at any time via our Cookie Consent Manager. This does not affect the lawfulness of the processing that took place until your withdrawal.
In the context of Microsoft services, your data may be transferred to Microsoft Corp. in the USA. Data processing may therefore take place outside the EU or the EEA. With regard to Microsoft Corp., no adequate level of data protection can be assumed due to processing in the USA. Consequently, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to appeal. We have no influence on whether and to what extent Microsoft processes your data for its own purposes or links it to other user profiles of yours. The transfer to a third country is based on Art. 49 para. 1 lit. a DSGVO.
We use “Facebook Pixel” on our website, a service provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. (“Facebook”). Facebook Pixel enables Facebook to display our ads on Facebook, so-called “Facebook Ads”, only to those Facebook users who have been visitors to our website, in particular those who have shown interest in our online offer. Facebook Pixel also makes it possible to check whether a user was redirected to our website after clicking on our Facebook Ads. Facebook Pixel uses, among other things, cookies, which are small text files that are stored locally in the cache of your web browser on your end device. If you are logged in to Facebook with your user account, your visit to our online presence will be noted in your user account. The data collected about you is anonymous for us, so it does not offer us any conclusions about the identity of the user. However, this data can be linked by Facebook to your user account there. If you have a user account with Facebook and are registered, Facebook can assign the visit to your user account.
Insofar as you have given your consent for the storage of Facebook Pixel, this is done on the basis of Art. 6 para.1 lit. a GDPR for marketing and optimization purposes, in particular to place relevant and interesting ads for you on Facebook and thus improve our offer, make it more interesting for you as a user and avoid annoying ads.
Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
You can object to the aforementioned collection by Facebook Pixel and the use of your data to display Facebook ads. You can make the relevant settings as to which types of advertisements are displayed to you within Facebook on the following Facebook website: https://www.facebook.com/settings?tab=ads.
We would like to point out that this setting will be deleted when you delete your cookies. In addition, you can deactivate cookies that are used for range measurement and advertising purposes via the websites listed below:
Please note that this setting will also be deleted when you delete your cookies.
You can find further information on data protection from the third-party provider on the following Facebook website: www.facebook.com/about/privacy
Information on the Facebook pixel can be found on the following Facebook website: www.facebook.com/business/help/651294705016616
YouTube with expanded data protection integration
Our website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network.
As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.
Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e. g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.
Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.
The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6 (1) (f) GDPR, this is a legitimate interest. If a corresponding agreement has been requested, the processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR; the agreement can be revoked at any time.
Google Web Fonts
To ensure that fonts used on this website are uniform, this website uses so-called Web Fonts provided by Google. When you access a page on our website, your browser will load the required web fonts into your browser cache to correctly display text and fonts.
To do this, the browser you use will have to establish a connection with Google’s servers. As a result, Google will learn that your IP address was used to access this website. The use of Google Web Fonts is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator’s website. If a respective declaration of consent has been obtained (e. g. consent to the archiving of cookies), the data will be processed exclusively on the basis of Art. 6 (1) (a) GDPR. Any such consent may be revoked at any time.
If your browser should not support Web Fonts, a standard font installed on your computer will be used.
For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to determine whether data entered on this website (e. g. information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e. g. IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.
reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.
Data are stored and analyzed on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If a respective declaration of consent has been obtained, the data will be processed exclusively on the basis of Art. 6 (1) (a) GDPR. Any such consent may be revoked at any time.
If you would like to subscribe to the newsletter offered on this website, we will need from you an email address as well as information that allow us to verify that you are the owner of the email address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.
The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). You may revoke the consent you have given to the archiving of data, the email address, and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 (1) (f) GDPR.
After you have unsubscribed from the newsletter distribution list, your email address will be deleted by us or the newsletter service provider.
This website uses Sendinblue for the sending of newsletters. The provider is the Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Sendinblue is a service that, by using the software of Newsletter2Go, allows, among other things, to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter are archived on Sendinblue’s servers in Germany.
For this purpose, the browser you use must connect to Sendinblue’s server. This enables Sendinblue to know that this website has been accessed via your IP address. When you call up the sub-page with the form or each page on which the form appears, the IP address is transmitted.
The use is based on Art. 6 para. 1 lit. f DSGVO. If a corresponding consent was requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
If you do not want to permit an analysis by Sendinblue, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.
Data analysis by Sendinblue
Sendinblue enables us to analyze our newsletter campaigns. For instance, it allows us to see whether a newsletter message has been opened and, if so, which links may have been clicked. This enables us to determine which links drew an extraordinary number of clicks.
Moreover, we are also able to see whether once the email was opened or a link was clicked, any previously defined actions were taken (conversion rate). This allows us to determine whether you have made a purchase after clicking on the newsletter.
Sendinblue also enables us to divide the subscribers to our newsletter into various categories (i. e. to “cluster” recipients). For instance, newsletter recipients can be categorized based on age, gender, or place of residence. This enables us to tailor our newsletter more effectively to the needs of the respective target groups.
For detailed information on the functions of Sendinblue please follow this link: https://www.sendinblue.com/newsletter-software/.
The data is processed based on your consent (Art. 6 (1) (a) GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this. After you have unsubscribed from the newsletter distribution list, your email address will be deleted by us or the newsletter service provider.
For more details, please consult the Data Protection Regulations of Sendinblue at: https://de.sendinblue.com/datenschutz-uebersicht/.
Your data subject rights
With regard to the data processing listed here, you are entitled to various data subject rights that are regulated in the GDPR. First of all, you have the right to obtain information about your data transmitted to us and processed by us (Art. 15 GDPR). In addition, you can request the restriction (Art. 18 GDPR), correction (Art. 16 GDPR) and deletion (Art. 17 GDPR) of your data. You also have a right to object (Art. 21 GDPR) and a right to data portability (Art. 20 GDPR).
If you wish to exercise any of your aforementioned rights, you can contact us at firstname.lastname@example.org.
In addition, you have the right to complain to the supervisory authorities.
The State Commissioner for Data Protection and for the Right to Inspect Records (LDA Bbg)
Stahnsdorfer Damm 77, 14532 Kleinmachnow, Germany
Phone: +49 33203 / 356–0
The iSAQB GmbH reserves the right to adapt this data protection declaration at any time so that it always complies with the current legal requirements or in order to implement changes to the services in the data protection declaration, e. g. when new services are introduced, or changes are made to the website. The new data protection declaration will then apply to a renewed call-up of this website.
Status: December 2020