Data Protection - Privacy Policy

PERSONAL DATA / HOW DO WE USE IT?

  • “Personal Data” is information or pieces of information that could allow you to be identified, such as for
    example:
  • Name and contact details (e.g. postal and email address, phone number)
  • Account information (e.g. user name, profile picture or social media account ID)
  • Country of residence
  • Date of birth
  • Technical information, e.g. screen/user name, IP address, browser and device data, information collected through cookies, pixel tags and other technologies, server log file data, app usage data and location data
  • Preferences (e.g. preferred program)
  • Company or school name and address
  • Credit- and/or debit card numbers
  • Medical condition (e.g. allergies or illness)

 

1. How does XPF collect Personal Data?

Directly from you: Information is collected directly from you, either by you providing the
information directly to us or you acting in a manner that provides us with the information, for example:

    • Offline: We collect Personal Data from you offline, for example when you contact us, 
      enrol in a program or for a service or provide information to us in writing.
    • Online: We collect your Personal Data through programs, for example when you sign up
      for a newsletter or a brochure, enroll in a program or service. We also collect Personal

Data:

    • Through cookies. Cookies allow a web server to transfer data to a computer or
      device for recordkeeping and other purposes. If you do not want information
      collected through the use of cookies, there is a simple procedure in most
      browsers that allows you to decline the use of cookies.

    • Through your use of a online application. When you download and use one of
      our online applications, and to the extent allowed by your privacy settings in the
      application, we track and collect application usage data, such as the date and
      time the mobile application on your device accessing our servers and what
      information and files have been downloaded to the mobile application based on
      your device number.

    • Through your device. Provided that you have enabled that function on your
      device, we collect the physical location of it to provide you with personalized
      location-based services and content.

       

From our affiliates, business partners, assistance providers or insurance/claim handlers. 
We may receive personal data from other parties in conjunction with your course/program,
including:

  • Our affiliates, such as a local partner (for e. g. overseas agency) that promotes the sales
    of XPF services and offers customer service in your country of residence and provides us
    with the Personal Data that is needed to come to an agreement with you, or the school
    in your country of destination that provides some of the services that you have booked.
  • Business partners, such as local sales agents that promote the sales of our services within
    Germany or in your country of residence.
  • Claims handlers who receive information about your insurance claims in case of an
    insurance situation.

 From other sources. We may receive your Personal Data from other sources, such as public
databases; joint marketing partners such as marketing agencies or providers of software and
services for digital marketing automation and analytics; social media platforms, including but not
limited to; Facebook, Instagram, Snapchat, Musically, LinkedIn, Twitter, YouTube and messenger
services such as WhatsApp or Facebook Messenger; from people with whom you are friends or
otherwise connected with on social media platforms, as well as from other third parties. For
example, if you elect to connect your social media account to an XPF account, such Personal Data
that you have registered in your profile, such as your email address, phone number, postal
address, date of birth, name and user name may be shared with us. Furthermore, we use cookies
to track members of social media networks.

If you browse our sites. We may also collect information about your use of our services through
your browser to trace activity on our sites, such as your Media Access Control (MAC) address,
computer type (Windows or Macintosh), screen resolution, operating system name and version,
device manufacturer and model, language, Internet browser type and version, service provider,
and the name and version of the XPF program you are using/interested in. In addition, an IP

Address is identified and logged automatically in our server log files whenever you visit the XPF
webside, along with the time of the visit and the page(s) that were visited. These data are only
stored and used together with other Personal Data that you have submitted if you have given
your consent to do so.

 

 

2. How do we use Personal Data?

Your Personal Data will be processed by XPF for the purposes of completing your enrollment,
providing you with the services that you have ordered (including travel insurance coverage), for
customer service, administrative services or as otherwise necessary to perform the contract
between you and us or as further described in this policy.

We may also use Personal Data:

  •  For statistical purposes, calculating usage levels, and helping diagnose server problems
    with the XPF programs as well as to ensure that the XPF program infos function properly.
  • To allow you to contact and be contacted by other users through the XPF program, as
    permitted by the applicable product.
  • To allow you to participate on message boards, chat, profile pages and blogs and use
    other services enabling you to post information and materials.
  •  If you have given your consent:

    To check and improve our offers by identifying usage trends, determining the
    effectiveness of our promotional campaigns and content based on your past
    activities on the XPF programs.

     To provide you with personalized location-based services and content through
    the use of your device’s physical location. For example, you might be redirected
    to the local XPF website in your language if your device indicates that you are
    browsing from that country, or you may be suggested the nearest XPF partner
    office to your location for further information.

    To market our products and services, including special promotions based on
    your interests, for example through email marketing solutions such as Salesforce
    Marketing Cloud’s management software which maintains mailing lists and
    schedules and modifies email messages based on what recipients read, click-on
    or forward. All such email communication will include a clear unsubscribe link.

     

     

 

3. How do we share Personal Data?

Depending on the program we need to share your Personal Data with our partners, business
partners and service providers both within and outside Germany:

  • Our corporate affiliates are for example a local XPF Representative that promotes the
    sales of our services and offers customer service in your country of residence, or the
    school in your destination country that provides some of the services that you have
    signed up for.
 
  • Business partners are for example local agents that promote the sales of XPF
    services/programs in your country of residence; transportation or accommodation
    providers in your destination country; or course leaders, activity leaders or other
    contractors for management of any of our programs; or a travel insurance company that
    prepares the insurance for you.

  • Service providers, such as providers of IT systems, for example for managing customer
    relations or payments, scheduling classes or storing learning results; or providers of
    software and services for digital marketing automation and analytics.
 

We have put appropriate safeguards in place for transfers of your Personal Data outside the
Germany, including the standard data protection clauses adopted by the European Commission,
available at http://eur-lex.europa.eu/legal-
content/EN/TXT/?uri=CELEX%3A32004D0915 and http://eur-lex.europa.eu/legal-
content/en/TXT/?uri=CELEX%3A32010D0087. For more information on standard data protection
clauses in place, please see the contact section below.

We also share Personal Data as we believe to be necessary:
(a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities
including public and government authorities outside your country of residence; (d) to enforce our
terms and conditions or a contract; (e) to protect our operations or those of any of our affiliates;
(f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others;
and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

 

 

4. On what do we base our right to collect and use Personal Data?

We base our right to collect and use your Personal Data on the need to do so in order to provide you with
the services or products that you have ordered from us, or when there is a legitimate interest for us (i.e.
the service provider) to use your Personal Data, such as for the marketing of products or services similar
to the one(s) you have already purchased from that same legal entity.
To the extent we use sensitive Personal Data, we base this on your explicit consent. Sensitive data can for
example be information about health, ethnicity or religious beliefs, read more under “Sensitive data”.
To the extent that we use your Personal Data to send you offers beyond what is considered to be within
our legitimate interest, such as marketing of products and services provided by an XPF affiliate, we base
this on your specific consent.

SECURITY / UNSUBSCRIBE

1. Security

We use appropriate organizational, technical and administrative measures to keep the Personal Data
under our control accurate and up-to-date, as well as to protect the Personal Data against unauthorized
or unlawful processing and the accidental loss, destruction or damage of the Personal Data.

2. Unsubscribe

If at any time you wish to stop receiving marketing communications from XPF you can let us know by
using the contact option listed in the “Contact Us” section, sent us an e-mail or letter. In your request,
please indicate that you wish to stop receiving marketing communications from us.
Please note that changes may not be effective immediately. We will comply with your request as soon as
reasonably practicable.

PROVIDING PERSONAL DATA TO OTHERS

Third Party Sites

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other
practices of any third parties, including any third party operating any site to which the XPF program
contain a link. The inclusion of a link on XPF program does not imply endorsement of the linked site by us
or by our affiliates.
Additionally, we may provide you with access to third-party functionality that permits you to share your
activities on XPF programs to your social media account(s), for example Facebook or LinkedIn. Please note
that any information that you provide through the use of this functionality is governed by the applicable
third party’s privacy policy, and not by our Privacy Policy. We have no control over, and shall not be
responsible for, any third party’s use of information that you provide through use of this functionality.

YOUR RIGHTS AND RESPONSIBILITIES UNDER THE DATA PROTECTION LAW

1. How long do we store personal data?

We will only keep your Personal Data for as long as it is necessary for the purposes for which it has been
collected or in accordance with time limits stipulated by law and market practice, unless further retention
is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal
claims or unless a specific time period has been communicated.
We will keep limited parts of your Personal Data which are necessary for marketing purposes until you
withdraw your consent, but in no event for longer than 10 years after your last completed service or
delivery of product unless we are legally required / ordered to do so.

2. If you are under the age of 16

If you are under the age of 16, you should review this text together with your parent or guardian to make
sure you both understand them. We are not responsible for checking your age but sometimes we still do
verification checks. If we learn that you are under the age of 16 and that we have collected information
about you without consent from your parent or guardian, we will delete the information as soon as
possible and you will not be able to join a XPF program or use any XPF services.

3. Sensitive Data

We do not generally seek to collect any sensitive Personal Data. Sensitive Personal Data is data related to
racial or ethnic origin, political opinions, religious or philosophical beliefs, health or medical condition,
criminal background or trade union membership. In certain situations, this might however be necessary
(for example in order to provide you with the services and program you have requested and in relation to
your insurance). We will make sure that we receive your explicit consent to such processing and treat this
information securely.

4. Updates To This Privacy Policy

Our Privacy Policy may change from time to time, in particular if required by law. We will post any Privacy
Policy changes on this page and, prior to implementing such changes, we will provide a more prominent
notice. Where required by law, we will seek your prior consent to any change.

5. Your Rights

You have a right to, once per calendar year, contact us and without cost find out which information about
you that is being used. You have a right to receive your Personal Data in a readable format and you have a
right to transfer your personal to another data controller besides XP Foundation.

You have the right to, at any time, withdraw your consent or object to us using your Personal Data for
direct marketing purposes and you may at any time request that the use of your Personal Data is
restricted or that we shall delete your Personal Data. Note however that a restriction or deletion could
mean that we are not able to provide you with information, services or products as you have requested.
Upon your request, we are also obliged to correct Personal Data about you that is incorrect, incomplete
or misleading.

6. Contact Us

If you would like to have a copy of the information XPF holds about you; a copy of the standard data
protection clauses or would like to exercise any of your rights, please contact us under

Xplore Foundation gemeinnützige GmbH
Ballindamm 27, 20095 Hamburg
Germany

E-Mail: hallo@xplorefoundation.com
If you have complaints about our handling of your Personal Data, you have a right to contact the
supervisory authority in the country where you live.

COOKIE POLICY

 

What is a cookie?

Cookies are small text files or pieces of information that are stored on your computer or
mobile device (such as a smartphone or tablet) when you visit our sites. A cookie will usually
contain the name of the website from which the cookie has come from, the "lifetime" of the
cookie (i.e. how long the cookie will remain on your device), and a value, which is usually a
randomly generated unique number.

 

What do we use cookies for?

We use cookies to make our sites easier to use, to better tailor sites and our programs to
your interests and needs. Cookies can do this because websites can read and write these
files, enabling them to recognize you and remember important information that will make
your use of a website more convenient (for example by remembering preference settings).
Cookies may also be used to help speed up your future activities and experience on our sites.
We also use cookies to compile anonymous, aggregated statistics that allow us to
understand how users use our sites and to help us improve the structure and content of our
Sites. We cannot identify you personally from this information.

What types of cookies do we use?
Two types of cookies may be used on the Sites, which are called "session cookies" and
"persistent cookies". Session cookies are temporary cookies that remain on your device until
you leave the Site. A persistent cookie remains on your device for much longer or until you
manually delete it (how long the cookie remains on your device will depend on the duration
or "lifetime" of the specific cookie).

Third party cookies
We also use suppliers (for e. g. insurance providers) that may also set cookies on your device
on our behalf when you visit our sites to allow them to deliver the services they are
providing. If you would like more information about these cookies, as well as information
about how to opt-out of receiving such cookies, please see their privacy policies.

What cookies do we use?
Below we list the different types of cookies that may be used on XPF sites. Note that to the
extent information collected through cookies constitutes personal information, the
provisions in the Privacy Policy apply and complement this Cookie Policy.

Essential cookies
Essential cookies are necessary for the site to work and enable you to move around it and to
use its services and features. Without these absolutely necessary cookies, the site will not
perform as smoothly for you as we would like it to and we may not be able to provide the
site or certain services or features you might request.

Type Description How to manage cookies?

 

Type

Description

How to manage Cookies?

Session 

Session cookies are used to maintain the state of the application.

Accept/refuse via

browser setting

Load balancing



Load balancing cookies be used to

distribute the assets across the globe and

lighten the server load.

Accept/refuse via

browser setting

User ID

User ID User ID cookies are used to ensure that users only see their own information.

Accept/refuse via

browser setting

Security 

Security cookies are used for security


Accept/refuse via

browser setting

 

Preference Cookies

Preference cookies collect information about your choices and preferences. They allow us to
remember language or other local settings and customize the site accordingly.

Type

Description

How to manage Cookies?

Language

Language cookies are used to store the

language the user has selected, and to

show the correct options.

Accept/refuse via

browser setting

Location

The user’s approximate address (city,

state, country, postal code) as

determined by the IP address is retained

in order to automatically select the

proper country and show partners and

information days within the area.

Accept/refuse via

browser setting

Mobile 

If the user is viewing the site on a mobile

device, a cookie is set to indicate that the

main website was selected (i.e., that the

device is Flash-enabled), or the non-Flash mobile site.


Accept/refuse via

browser setting

Reference 

The reference site is recorded to better

understand the user’s preference.

Accept/refuse via

browser setting

Last visit and activity


Date of last visit and activity and other

information is recorded to be able to

provide users with an update on “what’s

changed on the site since your last visit,”

and to better understand the user’s

preferences.

Accept/refuse via

browser setting

Recently watched

video

Date and title of recently watched video

is recorded to be able to better

understand the user’s preferences.

Accept/refuse via

browser setting

Flash Cookies

Flash cookies are used to enable audio

and video content to be played.

Accept/refuse via

browser setting

Page history


Page history cookies are used to track the

sequence of pages the user has visited. If

the user gets an error message while

visiting the site, the cookie information

gets saved to a log file for error reporting

and resolution.

Accept/refuse via

browser setting

 

Social Plug-in Tracking Cookies

Such cookies are used to track members [and non-members] of social media networks for
market research analytics, and product development.

Type

Description

How to manage Cookies?

Facebook

Cookies are used to track Facebook

members [and non-members] for market

research analytics, and product

development.

Accept/refuse via

browser setting

Twitter

Such cookies are used to track members

[and non-members] for market research

analytics, and product development.

Accept/refuse via

browser setting

 

Analytics Cookies

Analytics cookies collect information about your use of the site, and enable us to improve
the way it works. For example, analytics cookies show us which are the most frequently
visited pages on the site, help us record any difficulties you have with the Site, and show us
whether our advertising is effective or not. This allows us to see the overall patterns of usage
on the site, rather than the usage of a single person.

Type

Description

How to manage Cookies?

Google analytics


cookies collect

aggregate statistical

data to improve Site

presentation and

navigation. Google

supplements the

aggregate data with

demographics and

interest information,

so that we can

better understand

our visitors.

https://tools.google.com/dlpage/gaoptout


Adobe Omniture

analytics cookies

collect aggregate

statistical data to

improve Site

presentation and

navigation.

Accept/refuse via browser setting


 

Marketing Cookies

Advertising Cookies are used for marketing purposes.

Type

Description

How to manage Cookies?

Advertising 

Deliver behavioral/targeted advertising

Accept/refuse via

browser setting

Market analysis

Conduct market analysis Accept/refuse via

browser setting

Accept/refuse via

browser setting

Campaign /

promotion

 Measure effectiveness of campaign 

Accept/refuse via

browser setting

Fraud detection

Detect click fraud

Accept/refuse via

browser setting

 

How Do I Manage Cookies?

Although most internet browsers are initially set up to automatically accept cookies, most
internet browsers allow you to change the settings to block cookies or to alert you when
cookies are being sent to your device.

In addition to the options provided above, you may refuse, accept or remove cookies from
the Site at any time by activating or accessing the setting on your browser. Information
about the procedure to follow in order to enable, disable or remove cookies can be found on
your Internet browser provider’s website via your help screen.

Please be aware that if cookies are disabled or removed, not all features of the site may
operate as intended, for example you may not be able to visit certain areas of our site or you
may not receive personalized information when you visit the site.

If you use different devices to view and access the sites (e.g. your computer, smartphone,
tablet etc) you will need to ensure that each browser on each device is adjusted to suit your
cookie preferences.

Pixel Tags
Some of the pages you visit on the site may also collect information through the use of pixel
tags (also called clear gifs) that may be shared with third parties which directly support our
promotional activities and website development. For example, website usage information
about visitors to our sites may be shared with a third party advertising agency to better
target Internet banner advertisements on our websites. The information collected through
the use of these pixel tags is not, however, personally identifiable, although it could be
linked to your personal information.

Contact Us
If you have any questions about this Cookie Policy, please contact us.

Please note that e-mail communications are not always secure; so please be careful when

providing sensitive information in e-mails