Open Educational Badges

Data Privacy

The English version of the Privacy Policy is for informational purposes only. Only the German version is legally binding.

Privacy Policy

for the use of the website “openbadges.education”.

1. Subject of the Privacy Policy

We are pleased that you are interested in our website “openbadges.education” (hereinafter referred to as the “website”). Protecting your personal data (“data”) is a particularly important concern for us. Below, we would like to inform you about which data is collected when using the website and how we use this data. In this privacy policy, you will learn which personal data we collect, how we use it, and your rights. Personal data includes all information that can be used to identify you, such as your name, address, date of birth, email address, or a picture of you. Updates and changes will be made available on this website, so please check regularly to see what has changed. 

Our privacy policy was last updated on January 2, 2025.

2. Data Controller and Data Protection Officer

The following entities are jointly responsible for data processing in accordance with Article 26 of the General Data Protection Regulation (GDPR):

openSenseLab gGmbH
Von-Steuben-Str. 21
48143 Münster
info@opensenselab.org

mycelia gGmbH
Prinzenstr. 85C
10969 Berlin
post@mycelia.education

matrix gGmbH
Rittergut Haus Morp
Düsseldorfer Straße 16
40699 Erkrath
info@matrix-ggmbh.de

The jointly responsible parties cooperate in managing data processing and share responsibility for the handling of data accordingly. matrix gGmbH is responsible for responding to data subject requests and for providing data protection information. They can be contacted at: info@matrix-ggmbh.de

3. About the Website

Openbadges.education is an internet-based platform for adults and young people. The platform provides a service to represent skill acquisition through the issuing of digital badges. We offer a tool for creating, issuing, and collecting digital certificates (badges). This helps you as a learner to track your acquired skills, share them with others, and find additional learning opportunities.

Openbadges.education also helps organisations that offer learning opportunities to send you proof of your participation and/or skill development. To send you such proof, the organisation requires the following data from you:

  • First and last name
  • Email address

4. How We Use the Data

The website allows you to learn about Open Educational Badges, receive and collect digital badges, share them with others, and, in the role of an institution, issue them. The purpose of data processing is to properly present and offer our website and services. Specifically, your data may be processed as follows:

4.1 Informational Use of the Website

If you visit our website purely for informational purposes, you generally do not need to provide any personal data. In this case, we only collect and use the data that your internet browser automatically transmits to us, such as:

  • Date and time of access to one of our web pages
  • Type and settings of the browser you use
  • Operating system used
  • The website you visited before ours
  • Your IP address

We collect and use this data in a non-personalised form for the purpose of enabling the use of our web pages, improving our website, and for statistical purposes. The IP address is stored only for the duration of the session. There is no personal analysis. The legal basis for this processing is Art. 6 (1)(f) GDPR (legitimate interest). Our legitimate interest lies in ensuring the functionality and security of the website.

4.2 Registration and Login; Additional Features

To access further features of Open Educational Badges, you must register on the platform. Registration requires the following personal data:

  • First name
  • Last name
  • Email address

Once your profile is created, you may voluntarily provide additional information, such as setting up an institution to issue badges or collecting badges in a digital backpack as a learner. Login is done using your email address and password.

As an organisation, you can set up an institution and issue badges on the platform. You do not have to provide personal data when creating badges, except when entering a contact email address, which may be personal if it includes a specific staff member’s (business) email address. You may also assign additional users to the institution and assign roles or permissions.

The legal basis for this processing is Art. 6 (1)(b), (f) GDPR (contractual use; legitimate interest). We process this data to provide you with the platform.

When participating in an activity, a learning organisation issues you a badge and requires your name and email address to generate a digital certificate (Open Badge). Openbadges.education will email you instructions on how to display the badge in your profile.

We also have a legitimate interest in users creating meaningful profiles to facilitate access to learning content and useful analysis of skill profiles.

Your personal data will be stored for the duration of your use of the platform. Further storage only occurs where legally required or if we have a legitimate interest in doing so.

You may optionally upload a profile picture of your choice. The legal basis for this processing is Art. 6 (1)(a) GDPR (consent). By uploading the image, you consent to it being stored in your profile. Please note that this image may be visible to other users and can be copied or shared despite technical protection.

You can revoke your consent at any time with future effect. Data processing up to that point remains lawful.

4.3 Newsletter

We would like to keep you informed about the latest updates and information related to Open Educational Badges via our newsletter. The newsletter uses a double opt-in procedure, meaning you will only receive the newsletter after explicitly confirming that you want to subscribe. After subscribing, you’ll receive a confirmation email with an activation link. Only after clicking on this activation link will you start receiving newsletters.

You can unsubscribe from the newsletter at any time by contacting the email address mentioned in this section or by using the unsubscribe link in each newsletter. 

The legal basis for this processing is Art. 6 (1)(a) GDPR (consent). Providing your data is voluntary, but required to receive the newsletter.

Your data will be deleted once your consent is withdrawn, unless we have a legitimate interest in continued storage (e.g., contractual obligations). In any case, only the data strictly necessary for that purpose will be retained.

You can revoke your consent at any time by emailing hallo@openbadges.education.

4.4 Usage Statistics (Umami)

This website uses the privacy-friendly open-source analytics system Umami, developed by Umami Software, Inc., for basic insights into how the site is used. Only basic, non-personal data provided by your browser or device is collected, such as:

  • Number of page views
  • Server hostname
  • Browser language
  • Referrer URL
  • Screen dimensions
  • Page title
  • Page URL
  • Website ID

None of the data collected can identify you or your device personally. Umami also does not use cookies. No data is shared with third parties.

The legal basis is Art. 6 (1)(f) GDPR (legitimate interest). We use this data to analyse and improve our website and make it more user-friendly and secure.

For more information, see Umami’s documentation: https://umami.is/docs

4.5 Use of the AI Badge Assistant

When creating a badge, institutions can use an AI Badge Assistant, which helps identify relevant competencies based on the course description. This enhances our service by providing functionality we cannot offer internally. The data processed depends on what you include in the course description—ideally, no personal data should be included. The processing of this data is based on your consent in accordance with Art. 6 (1)(a) GDPR. There is no obligation to provide any data; you can always add competencies manually instead.

4.6 Collecting Contact Data for Badge Issuance

If we meet you at an event or via another external channel and receive your contact details, we may store and manage them using a tool for the purpose of issuing you a badge and staying in touch. The legal basis is Art. 6 (1)(b) GDPR. This processing is necessary to establish and fulfill a user relationship in regard to badge issuance. Without your email address, the badge cannot be issued.

5. Source of the Data

If you have received a badge from a third-party provider, we received your email address and, if applicable, your name from that provider in order to create and issue the badge to you.

6. Duration of Data Processing

We store your personal data for as long as you are a member of the platform. The validity period of your badges is determined by the issuing organisation, which sets an expiration date. Even after the badge has expired, you can still view it, however, it will be marked as “Expired.”

7. Recipients of Your Data and Data Transfer to Third Countries

The data collected when accessing and using the website, as well as any information you provide, is transmitted to our servers (which may be hosted by third parties) and stored there.

Your data may also be shared with individuals within the responsible organisations who are involved in processing the data. Other potential recipients include data processors (e.g., tools used for contact management) or contractual partners. 

Data is only shared with these recipients either based on a legal obligation we are subject to or within the framework of data processing agreements.

Some of the data collected through the platform is stored and hosted by our external data center provider: Hetzner Online GmbH.

Additionally, the company Disruptive Elements GmbH, which provides the AI Badge Assistant, is a recipient of data. This company may forward the data to OpenAI, a company specialising in artificial intelligence. This transfer is made in order to utilise specific AI services that support the optimization and customization of your course materials. As part of our service, it may be necessary to forward course descriptions and related information to external service providers.

The transfer of data to OpenAI involves a transfer to the United States. OpenAI has implemented data protection standards that aim to ensure an adequate level of data protection.

You can find more details about OpenAI and their data protection measures in their privacy policy here: https://openai.com/de-DE/policies/eu-privacy-policy/

8. Links to Third-Party Websites

When visiting our website, you may encounter content that links to third-party websites. We have no access to or control over the cookies or other features used by these third-party websites.

9. Third-Party Content

9.1 OpenStreetMap

We use OpenStreetMap on this website. OpenStreetMap is a plugin that allows map material to be embedded on our site. This service is provided by the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.

OpenStreetMap is a collaborative project that aims to create and provide freely usable geographic data such as street maps. Since it is an open-source project, the data is contributed and updated by a global community of cartographers. These maps can be used in various contexts—from map displays on websites to GIS applications, mobile apps, and more.

When using the maps, a connection is made to OpenStreetMap Foundation servers. No tracking cookies are involved—only those required for functionality.

The legal basis for this processing is Art. 6 (1)(f) GDPR (legitimate interest). Our legitimate interest is to display locations or provide geographical information. Further information: https://wiki.osmfoundation.org/wiki/Privacy_Policy

9.2 YouTube

We embed YouTube videos on this website. YouTube is an online video platform provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

As soon as you start a video on our site, a connection to YouTube’s servers is established. After a video starts, YouTube may place cookies on your device to store preferences and settings and then display personalized advertising. The information obtained may also be used for video analytics, usability improvements, and fraud prevention.

The legal basis for this processing is Art. 6 (1)(a) GDPR and § 25 (1) TDDDG, to the extent that your consent includes access to device information or the storage of cookies under the TDDDG (German Telecommunications-Telemedia Data Protection Act). This consent can be revoked at any time. Further information: https://policies.google.com/privacy?hl=de

10. Your Data Protection Rights

You have the following rights:

  • To understand how we use your data
  • To request access to the data we have stored about you
  • To ask us to correct your data if you believe it is inaccurate
  • To ask us to delete your data if it is no longer needed
  • To request that we use your data only in certain ways
  • To object to the processing of your data

You may revoke your consent at any time. A simple informal email is sufficient. Revoking your consent does not affect the legality of data processing carried out prior to the revocation.

Registered users may at any time amend or delete the personal data provided during registration. The data controller will provide information upon request about what personal data is stored about you and will correct or delete it upon request unless legal retention obligations apply.

All employees of the data controller are available as contact persons in this context.