ON@PRO is operated by TUMAINI institute for prevention management in cooperation with ASCENSIA Diabetes Care. We are committed to protect the privacy and security of your personal information (‘personal data’).
This policy (together with our site policy) describes how we collect and use your personal data during your use of our site, in accordance with the General Data Protection Regulation (GDPR) and associated data protection legislation.
Types of data we collect about you
1. Data we collect about you automatically
Like many other Web sites, ON@PRO makes use of log files. These files merely logs visitors to the site – usually a standard procedure for hosting companies and a part of hosting services’s analytics. The information inside the log files includes type of device (and its unique device identifier) you use to access our site, internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date/time stamp, referring/exit pages, and possibly the number of clicks. This information is used to analyze trends, administer the site, track user’s movement around the site, and gather demographic information. IP addresses and other such information are not linked to any information that is personally identifiable.
Cookies and Web Beacons
2. Data you give us
Depending on your access to ON@PRO, you may give us data about you including:
- Guest access: No personal data will be collected. Only the automatically collected data above are relevant.
- Student access: Personal data such as occupation and the country you work in will be collected. However, these data only will be identifiable through an anonymous access code your responsive Ascensia team associate gave you.
- Ascensia Access for Team Associates: Personal details such as name, email address and the country you work in will be collected in addition to the automatically collected data.
- Ascensia Access for Team Leader: Personal details such as name, email address will be collected in addition to the automatically collected data.
How we use your data
We process your data for one or more of the following reasons:
- To provide you with the services and/or information you have requested
- For the purposes for which you use this website (enrolling on course, viewing profile history, and making enquiries, managing accounts and certificates)
- For purposes arising from your use of this website, for example, to ensure that we understand who uses our site and how our site is used, and to improve our site and ensure it is secure. This process occurs because it is necessary to meet our legitimate interests in operating this website. Information processed for this purpose includes, but is not limited to: IP addresses.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
Please note that we may process your data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Sharing your data with third parties
We may share your data with third parties who provide services on our behalf, such as for administrative purposes. All our third-party service providers are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
Where your data is shared with third parties, we will seek to share the minimum amount necessary.
Where we store or use your data
We may store data collected by the website manually or electronically. The data is stored on our secure servers and/or in our premises within Germany. Automated mails will only be sent directly from the portal. Cloud based service providers are currently not used for this purpose.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to the website and any transmission is at your own risk.
Under certain circumstances, by law you have the right to:
- request access to your data (commonly known as a ‘subject access request’). This enables you to receive a copy of your data and to check that we are lawfully processing it.
- request correction of your data. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
- request erasure of your data. This enables you to ask us to delete or remove your data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).
- object to processing of your data where we are relying on our legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for direct marketing purposes.
- request the restriction of processing of your data. This enables you to ask us to suspend the processing of your data, for example if you want us to establish its accuracy or the reason for processing it.
- request the transfer of your data to another party.
See the contact information in our site policy if you have one of these requests mentioned above.
Retaining your data
We will only retain your data for as long as we need it to fulfil our purposes, including any relating to legal, accounting, or reporting requirements.