Privacy Policy for the Learning Management System ("LMS") Academy+ by FR L'Osteria SE
1. Controller
The responsible party for processing personal data in connection with the use of the LMS Academy+ is:
FR L'Osteria SE
Otl-Aicher-Straße 60
80807 Munich
Email: academy@losteria.de
2. Contact Details of the Data Protection Officer
Holzhofer Consulting GmbH Martin Holzhofer Lochhamer Str. 31 82152 Planegg Tel.: (0 89) 1 25 01 56 00 Email: datenschutzbeauftragter-fr-losteria@holzhofer-consulting.de
3. Processing of Personal Data
3.1. For technical reasons, we process a limited amount of data (so-called connection data) each time our web service is accessed. This data is technically necessary to establish and maintain a connection between your device and our servers. These data are processed in the web server's main memory for the duration of the connection.
The following data or data categories are collected:
•
IP address
•
MAC address
•
Source port of the accessing device or a gateway (e.g. firewall or proxy)
•
Timestamp (date and time) of the request
•
Transferred data volume
•
Operating system used
•
Notification whether the request was successful (via HTTP error code)
•
Reason why a request may have failed (via HTTP error code)
•
Referer URL (website from which the request was made)
•
User-Agent (browser type and version)
•
Screen width and height
•
Browser language settings
3.2. The following personal data are processed in connection with the use of the LMS:
•
First name, last name
•
Email address
•
Personnel number / user ID
•
Gender
•
Original hiring date
•
Department
•
Position
•
Station information (e.g. Pizza, Pasta, Dishwashing, Salad/Dolci, Service, Bar, Management, Delivery)
•
Company affiliation (parent company, joint venture, or franchise partner)
•
Training history and results
•
Participation confirmations
•
Communication data (e.g. comments or forum posts)
4. Purpose of Data Processing
4.1. Temporary storage of data is necessary to facilitate website visits and deliver the website. Further storage in log files is carried out to ensure the functionality and security of IT systems. These purposes constitute our legitimate interest in data processing.
4.2. The processing of personal data in the LMS serves the following purposes:
•
Provision of training content
•
Documentation of training results
•
Proof of mandatory training obligations
•
Organization and management of training measures
•
Improvement of training offerings
5. Legal Basis for Processing
The processing of personal data is based on:
•
Article 6 (1) (b) GDPR (performance of the employment contract)
•
Article 6 (1) (f) GDPR (legitimate interest in conducting training and further education measures)
•
Article 6 (1) (c) GDPR (compliance with legal obligations, particularly in occupational safety and compliance training)
6. Recipients of Data
To provide and maintain the LMS, the above-mentioned personal data will be shared with the following recipients:
•
Cornerstone OnDemand Inc. as the technical service provider (data processing agreement according to Article 28 GDPR)
•
Supervisors or authorized contacts of partner companies to document qualifications or mandatory training obligations
7. Storage Duration
7.1. The data mentioned in section 3.1 will be deleted as soon as they are no longer necessary to achieve the purpose of their collection. In the case of providing the website, this is the case when the respective session is terminated. Log files are stored for up to 24 hours and are only accessible to administrators. After that, they are only available indirectly via backup tapes and are permanently deleted after four weeks.
7.2. Personal data related to the use of the LMS (section 3.2) will be stored as long as necessary for the stated purposes. Data will be automatically anonymized no later than six months after an employee leaves the company. This process is triggered by the (imported) departure date.
8. Data Subject Rights
Users have the following rights regarding their personal data:
•
Right of access (Article 15 GDPR)
•
Right to rectification (Article 16 GDPR)
•
Right to erasure (Article 17 GDPR)
•
Right to restriction of processing (Article 18 GDPR)
•
Right to data portability (Article 20 GDPR)
•
Right to object (Article 21 GDPR)
To exercise these rights, users can contact academy@losteria.de.
9. Withdrawal of Consent
If processing is based on consent, this can be withdrawn at any time with future effect.
10. Right to Lodge a Complaint with a Supervisory Authority
Data subjects have the right to lodge a complaint with the competent data protection supervisory authority.
11. Changes to the Privacy Policy
This privacy policy may be adjusted as necessary. Changes will be communicated to users via the LMS or by email.
Last updated: 10.03.2025
