Privacy Policy

Privacy Policy

CONSTRUCTOR INSTITUTE OF TECHNOLOGY PRIVACY NOTICE

With this Privacy Notice, we, Constructor Institute of Technology AG, a company duly registered under the laws of Switzerland, with a registered office at Rheinweg 9, 8200 Schaffhausen, Switzerland, registration number: CHE-285.404.370 (“CIT”, “we” or “us”), describe how we collect and process personal data of our customers when using our website and Services.

CIT is part of the Constructor ecosystem and as such affiliated with

  • Constructor Education and Research Genossenschaft, a cooperative duly registered under the laws of Switzerland, with registered office at Rheinweg 9, 8200 Schaffhausen, Switzerland, registration number: CHE-262.787.249; 
  • Constructor University in Bremen gGmbH, a private university, organized under the laws of Germany, with address at Campus Ring 1,28759 Bremen, Germany; 
  • Constructor Knowledge AG, a company duly registered under the laws of Switzerland, with registered office at Rheinweg 9, 8200 Schaffhausen, Switzerland, registration number: CHE-306.263.108 (together “Affiliates”).

CIT offers computer science and software engineering expertise at Master of Science, PhD, and postdoctoral levels (“Services”). Our Privacy Notice includes information about data we collect in connection with our Services as well as how our website automatically collects information pursuant to the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Swiss Federal Act on Data Protection of 25 September 2020 (FADP).

1. WHAT THIS PRIVACY NOTICE COVERS

This Notice applies to visitors, CIT’s prospective students, current students and partners (“individuals” or “you”) as applicable in the course of using our Services or visiting our websites, including the institute.constructor.org domain (website). 

This Notice applies to personal data, as defined below in Section 2, we collect to provide you with Services. This Notice does not apply to anonymized, de-identified or aggregate information if it is not personal data.

This Notice describes the rights available to you regarding our use of your personal data. Use of personal data collected through our Services shall be limited to the purposes of providing the Services for which you have engaged us, as described in this Notice, and otherwise with your consent. Some information provided to us that may, either alone or when connected with other information to which we may have access, individually identify you. 

If you do not agree with our policies and practices described in this Notice, please do not use our Services, do not visit our website, and do not provide your information to us. Under the GDPR and the FADP, we might be both data controller and data processor (including data subprocessor) depending on the nature of the processing of your personal data. Please read on to find out about our different roles.

If you are a prospective or current employee of CIT, this Notice does not apply to you. For more information on your privacy rights and our privacy practices, please refer to our employment guide.

2. WHAT PERSONAL DATA WE PROCESS AND HOW

Personal data is information that relates to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data does not include any anonymized and depersonalized data where an identity is absent or has been removed and cannot 
be recovered.

Below are the categories of information, including personal data that we may collect or share for a business purpose as permitted by law and depending on the Services you receive:

(a) Information provided voluntarily by you:

Contact information, such as name, email address, phone number, your photo, ID, passport number, date of birth, gender, nationality, current country of residence, billing information, physical address, Zoom / WhatsApp / Skype and similar services information, call recordings, information you input in open text fields in help/contact us forms. 

Content information, such the information you may choose to post, send, receive and share in our website or Services. Examples of Content information include educational background information, diplomas, transcripts, CV, motivation letter, reference letters, language certificate, education content viewed in the Services, training interactions, the files and links you upload, and the aggregate insights obtained from this information.

Customer support information, such a summary of the problem you are experiencing, and any other documentation or information that would be helpful in resolving an issue submitted to us. We do not collect your payment information, such as your credit card, but we ask our payment providers to manage this information on our behalf.

(b) Information we collect automatically from you:

Analytics information, such as when you visit and interact with any of our website and Services. This information includes the features you use; the links you click on; the type, size and filenames of attachments you upload to the Services; frequently used search terms; and your interaction with third-party integrations and others on the Services.

Device information, your connection type and settings, information about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash activity, collected through cookies, web beacons and similar technologies.

(c) Information we receive from other sources

From time to time, we may receive information about you from:

  • third-party providers,
  • our Affiliates,
  • professional social networks and publicly accessible websites,
  • third-party integrations set up with your CIT account,
  • and from our business partners.

We will collect this information only where these third parties are legally permitted or required to share your personal information to us. When required by law, we inform you on such collection of information in due course.

3. HOW WE USE YOUR PERSONAL DATA AND WHICH LEGAL BASIS WE RELY ON

We collect and process personal data for a variety of purposes, including:

Type of personal dataPurposesLegal basis
Contact information
  • To process your application
  • To process payments
  • To administer your student account
  • To provide the Services to you
Performance of a contract with you
Contact information
  • To establish and manage our relationship with you
Our legitimate interests
Contact information
  • To send you marketing communications and newsletters
  • To conduct surveys
  • To interact with or use third-party tools or integrations
Our legitimate interests, or, if required under applicable law, to the extent you have provided your consent
Contact information
  • To manage registrations at our events (e.g. conferences, webinars)
Your consent to process your data
Contact information
  • To comply with legal obligations, including the cases where we need to respond to requests by government or law enforcement authorities.
  • To protect our legitimate business interests and legal rights
To comply with a legal obligation
Customer Support information
  • To resolve technical issues, to respond to requests for assistance
  • To manage cancellations and refunds
Performance of a contract with you
Customer Support information
  • To analyze bug/crash information
Our legitimate interests
Customer Support information
  • To improve the Services
Our legitimate interests or your consent
Analytics information
  • To troubleshoot and to identify trends, usage, activity patterns and improvement of the Service
  • to monitor suspicious or fraudulent activity and to identify violations of terms of use or agreements
Our legitimate interests
Analytics information
  • For research and development of our Service
Our legitimate interests or your consent
Device information
  • Display content based upon your interests
  • For adverting purposes
  • To develop and improve our websites
Our legitimate interests, or, if required under applicable law, to the extent you have provided your consent

 

4. CHILDREN’S PRIVACY

We do not knowingly collect or ask for information from minors. Children (as defined under the applicable data privacy laws) may only access or use our Services with the consent and under the supervision of a parent or legal guardian who agrees to be bound by the Notice. If you are a parent or legal guardian of a child, you agree to be fully responsible for the acts or omissions of such user in connection with access to and use of the Services.

5. HOW LONG WE KEEP YOUR PERSONAL DATA

We retain personal data about you necessary to fulfill the purpose for which that information was collected, consistent with applicable laws.

We generally retain student files for 5 years after graduation, in compliance with our obligations under applicable laws, or for longer if required to do so according to our regulatory obligations or where we believe necessary to establish, defend, or protect our legal rights or those of others.

Academic records, such as transcripts and diplomas, may be retained longer to ensure access to the proof of academic qualifications.

When we destroy your personal data, we do so in a way that prevents that information from being restored or reconstructed.

6. COOKIES, TRACKING INFORMATION AND SOCIAL MEDIA WIDGETS

When you visit our website for the first time, you will be asked to consent or reject the use of cookies and the collection of data by cookies and similar tracking technologies. We do not use cookies until you consent or opt-in using cookie preferences here.

The cookies simply assess how you interact with our website. We use the following cookies on our website:

Strictly necessary cookies

These cookies are essential for websites (subdomains) within the Website and Services to function and cannot be switched off. We usually set strictly necessary cookies in response to your actions that amount to a request for Services, such as setting your privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies. This might result in some parts of the website or Services not working properly.

Functional Cookies

These cookies enable the website to provide enhanced functionality and personalization. We set some functional cookies, while third party providers whose services we have added to the Website set the rest of these cookies. If you do not allow functionality cookies, then the Website relying on functionality cookies may not function properly. The information these cookies collect may be anonymous, and they are not used to track your browsing activity on other websites.

Performance Cookies

These cookies allow us to count visits and traffic sources in order to measure and improve the performance of the website. Performance cookies help us gauge the relative popularity of various pages on the website as well as see how visitors move around the website. We aggregate all information these cookies collect, making it anonymous as a result. If you do not allow performance cookies, we will not know when you have visited the website, will not be able to monitor its performance, and as a result we will not be able to improve the website’s services and make it more comfortable for use.

Targeting Cookies

Depending on the parts of the website you visit, our advertising and marketing partners may set these cookies. Our advertising partners may use targeting cookies to build a profile of your interests and show you relevant adverts on the website. They use these cookies to uniquely identify your browser and internet device, which under certain privacy laws may amount to the processing of personal data. If you do not allow targeting cookies, you will experience fewer targeted advertisements on the website.

In accordance with applicable law, we may include visible and invisible image files in our newsletters and other marketing emails. If such image files are retrieved from our servers, we can determine whether and when you have opened the email, so that we can measure and better understand how you use our offers and customize them. You may disable this in your email program, which will usually be a default setting.

In addition to cookies, we and our marketing partners, affiliates, or analytics or service providers, use technologies such as beacons, tags, scripts, and other similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user-base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.

We may partner with third parties to either display advertising on our website or to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based upon your browsing activities and interests. Please read the privacy statement of such companies providing these features to understand how your personal data is processed.

Our website includes social media features, such as the Facebook Like button, and widgets, such as the ‘Share This’ button, or interactive mini-programs that run on our Websites. These features may collect your IP address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Please read the privacy statement of the company providing these features to understand how your personal data is processed.

7. HOW WE SHARE YOUR PERSONAL DATA

We only disclose your personal data

(i) at your request
(ii) to the extent required by law
(iii) to our business partner with your consent,
(iv) to our business partner based on our contractual liability, and
(v) to our service providers for the business purpose(s) described below.

Our employees process your data only within the scope of their job responsibilities on the basis of the principle of necessity. Our employees are located all over the world. You can contact us if you have any questions or would like to know from which countries your data can be accessed.

We may share personal data listed in Section 3 of this Notice

  • With your consent. We may disclose your personal data when you provide your consent and intentional direction. For example, when you request content or register for an event, you consent to receiving marketing communications from us and our third-party partner or co-sponsor of that content or event. For example, you may consent to participate in marketing, product, or customer service research or user surveys. Consent for children younger than 16 years old (or lower as required by law) must be given by the parent or guardian. You may always opt-out of receiving marketing communications by unsubscribing or submitting a privacy rights request. Please contact us at privacy@constructor.org.
  • Related to legal proceedings. We will share your information, including personal data, to respond to investigations, court orders, legal process, or to investigate, prevent or act regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person, or as otherwise required by law. If we are required by law or an order of a court of competent jurisdiction to disclose your information, we will promptly notify you of this requirement, if permitted by the court or applicable law, so that you may seek a protective order or other appropriate relief.
  • With service providers or data sub-processors. We may share personal data with our service providers, including our Affiliates, who help us to provide the Services, such as cloud storage, security, application communications, customer support, backup, and data analytics. Please refer to the list of our sub-processors in Annex A to know more. Processing of personal data by such third parties is governed by data processing agreements we have in place.
  • Merger, Acquisition, Sales. If we are involved in a merger, acquisition, restructuring or sale of all or a portion of its assets, equity or similar transaction, personal data may be transferred to the acquiring person or entity. We will use reasonable efforts to direct the acquiring person or entity to use your personal data in a manner that is consistent with our Privacy Notice.

8. HOW WE PROTECT YOUR INFORMATION

The security of your personal information is important to us.

We follow generally accepted security standards and we have adopted commercially reasonable security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access. We may use third-party products and services to secure or store your information.

Depending on where you live, you may have a legal right to be notified in case of security breach.

We may, subject to applicable law, transfer your information outside the country where you are located and to where information protection standards may differ (e.g. your information may be stored on servers located in other jurisdictions). We will utilise appropriate safeguards governing the transfer and usage of your personal information. See Section 9 for further information.

We will never request your account credentials. You should never share your CIT account information, including your username and password, with anyone else. We recommend that you use a unique password for your CIT account that is not associated with other websites. You should check your CIT account regularly to ensure that your personal data has not been tampered with or altered. You should only use the Services within a secure environment.

Overall, if you have any reason to believe that your interactions with the Services are no longer secure, please notify us immediately at privacy@constructor.org.

9. HOW WE TRANSFER YOUR DATA

Your personal data may be transferred to, and processed in, countries other than the country in which you are based, where our Affiliates, subsidiaries, partners or our third-party service providers operate.

We take measures to ensure that your information is safe and protected in compliance with the applicable data protection laws, including:

  • reliance on the adequacy decisions of the European Commission;
  • reliance of Standard Contractual Clauses to transfer your data outside the European Economic Area, United Kingdom and Switzerland;
  • implementation of organisational, contractual and technical security measures with our third-party service providers;
  • establishment of an intra-group data transfer agreement for internal transfers of personal data within our group of companies around the world.

10. YOUR PRIVACY RIGHTS

You may make certain choices regarding your personal data as permitted under applicable privacy laws. You may make these choices free of charge except as otherwise permitted under applicable law. We may ask you to further confirm your identity and limit our response to your requests as permitted under applicable law.

Individual Privacy Rights

Your privacy rights include:

  • Right to be Informed: You have the right to be informed about the collection and use of your personal data. This includes your right to request a copy of the standard contractual clauses including completed and signed annexes and excluding any confidential information, business secrets, and personal data of third parties in case we process your personal data
    relying on such terms and conditions with other data processors.
  • Right to Access: You have the right to view and request copies of your personal data. If you have an online account or profile with us, you may access your personal data via your account through the website or mobile app.
  • Right to Rectify or Correct: You have the right to update the personal data that we have collected about your directly or indirectly, including personal data collected by a service provider or contractor on our behalf. If you have an online account or profile with us, you may update your personal data by accessing your account through the website and mobile app.
  • Right to Request Erasure (Right to be Forgotten): You may request that we delete your personal data, subject to certain limited exceptions. For example, we may retain an archived copy of your records consistent with applicable law, to comply with legal obligations, or for other legitimate business purposes. We will use commercially reasonable efforts to honour your requests.
  • Right to Data Portability: You have the right to request that we transfer data that we have collected to another organization, or directly to you under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions. 
  • Right to Withdraw Consent: You have the right to withdraw previously granted consent to process your personal data.
  • Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  • Right to Object to Automated Processing: You have the right to object to decisions being made with your information solely based on automated decision making or profiling. We do not currently engage in automated decision-making or profiling. 
     

To exercise any of your above rights you may submit your request at privacy@constructor.org.

Constructor Institute of Technology Service-related Communications

We may send a welcome email to students for billing purposes, and at times may send Service-related announcements. Students may not opt out of service-related emails, as this is part of our Services.

Marketing Communications. 

You may choose to stop receiving our newsletter or marketing emails or texts by following the unsubscribe instructions included in each of these emails or texts, or you can contact us at privacy@constructor.org.

Privacy Questions and Concerns

To speak with or file a complaint with Our Data Protection Officer, contact Peter Suhren, First Privacy GmbH 
E-Mail address: office@first-privacy.com 
Phone number: +49421696632

You may also lodge a complaint with your supervisory authority. If you are and individual located in the EU, UK or Switzerland, please consult the below websites to figure out the supervisory authority applicable for you: 
https://edpb.europa.eu/about-edpb/about-edpb/members_en
https://www.edoeb.admin.ch/edoeb/en/home.html
https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/

11. THIRD PARTY LINKS AND APPLICATIONS

Our website includes links to other websites whose privacy practices may differ from those of CIT. If you submit information to any of those sites, your information is governed by the privacy policies that apply to those sites. We encourage you to carefully read the privacy notice of any website or application you visit.

12. PUBLICLY ACCESSIBLE PARTS OF OUR WEBSITE

Our website may offer publicly accessible blogs and community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal data from our blog or community forum, please contact us.

13. CHANGES TO OUR PRIVACY NOTICE

We reserve the right to amend this Notice at our discretion and at any time. We will do so by updating this Notice. Amended terms take effect upon being incorporated into this Notice, and your continued use of the website following the posting of any changes constitutes acceptance of any updated terms. If the changes will materially affect the way we use your personal data in connection with Services that we have already collected, we will use our best endeavours to notify you. You can always find the latest version of this Notice on our website: https://constructor.org/privacy-policy.

14. CONTACT INFORMATION

If you have questions or comments about this Notice, our other privacy notices, the ways in which We collect and use your information, your choices, and rights regarding such use, wish to exercise your rights under GDPR or FADP please contact us at privacy@constructor.org.

Last updated: December 4, 2024

Annex A: List of subprocessors

To support delivery of our Services, CIT (or one of its Affiliates), may engage and use data processors with access to certain personal data (each, a "Subprocessor"). This page provides important information about the identity, location and data processing of each Subprocessor.

Subprocessors

CIT currently uses the below listed subprocessors. Prior to engaging any subprocessor, CIT performs due diligence to evaluate their privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations.

Entity NameLocation of SubprocessorsAdditional Details
AdobeIrelandhttps://www.adobe.com/privacy.html
OverleafUKhttps://www.overleaf.com/legal
Eduroam (vendor: Switch AG)Netherlandshttps://eduroam.org/eduroam-privacy-notice/
Google Cloud Platform (vendor: Digital Schooling GmbH)Frankfurthttps://cloud.google.com/terms/data-processing-addendum
OpenAIUSAhttps://openai.com/policies/row-privacy-policy/
SuverymonkeyUSAhttps://www.surveymonkey.com/mp/legal/privacy/
SlackUSAhttps://slack.com/terms-of-service/data-processing
Mentimeter ABSwedenhttps://www.mentimeter.com/trust/privacy
ZoomUSAhttps://explore.zoom.us/en/gdpr/
Microsoft OfficeIrelandhttps://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA

 

Affiliates
Depending on the nature of the Services provided, CIT may also engage one or more of its Affiliates as Subprocessors to deliver some or all of the Services.

Updates
As our business grows and evolves, the subprocessors we engage may also change. We will provide notice of any new subprocessors by posting such updates here. Please check back frequently for updates.