Privacy information



As part of the use of the Tea Campus learning platform  (hereinafter referred to as ‚Tea Campus‘), personal data of yours will be processed by us as the data controller and stored for the duration necessary to fulfill the defined purposes and legal obligations. We inform you below about the data concerned, how they are processed, and what rights you have in this regard.


Personal data, according to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), are all information relating to an identified or identifiable natural person.



1. Purpose: What is the Tea Campus Learning Platform and what is it used for?


Tea Campus is an open-source learning management system, named Ilias, used by large and small companies, universities, schools, and authorities to implement individual learning scenarios. This includes the distribution and training of learning content, communication between teachers and learners, and collaborative knowledge building.


The learning platform is used by Hanseatic Tea Export GmbH for the implementation of tea trainings.



2. Name and contact details of the data controller:


This data protection information applies to data processing on the website by the responsible party:


Maxim Protasov

Hanseatic Tea Export GmbH

Konsul-Smidt-Str. 8J

28217 Bremen


Tel: +49 421 69647740



You can contact our data protection officer directly if you have any questions regarding data protection law or your rights as a data subject.



3. Processing of personal data and purposes of processing


Below we describe which personal data are processed for what purpose and for how long they are stored.


We work with the service provider Databay AG, Jens-Otto-Krag-Str. 11, 52146 Würselen, to provide the learning platform. The purpose of the cooperation is to adapt, host, and provide technical support for the learning platform. For this purpose, all data is stored on the servers of Databay AG in Germany. All data is processed in accordance with the GDPR to ensure the protection of the rights of data subjects.



4. Use of the Learning Platform


a) Type and scope of data processing


The registration data (cf. § 4 2.a.) are summarized on a profile page and can be edited by you as a user and supplemented with further voluntary information.


First and last name, email address, further information provided in the user profile, and the role as a participant can be viewed by admins.

For other users, course instructors, and course supervisors, the email address in the user profile is not visible.


Contributions and comments on learning activities (forums, chats, glossaries, wikis, blogs) that you as a user have posted are visible to other participants in the course.


When using the course-related messaging system, sent messages to other users can be viewed by course instructors and course supervisors. If this is not desired, messages to other users must be sent by email.


Usage data (time and duration of access to learning content and other course components) are logged in a logbook. Depending on the design of the individual offer, it is also logged whether you have completed assigned tasks, what contributions you have made in any forums offered, and how you have participated in workshops or tests. These usage logs are only accessible to admins.


b) Legal basis


The processing of the personal data described above for the purpose of using the platform is carried out in accordance with Art. 6 (1) lit. b GDPR (performance of a contract or to take steps prior to entering into a contract).


c) Data storage


The data in your user profile will be stored until the user profile is deleted. The data from participation in the course will be stored until the course is deleted. Results from tests, learning packages, and assignments, as well as data on course completion and overall evaluation, will be kept for the duration of legal retention periods.



5. Who has access to which data?


The learning platform offers courses for tea training. The courses are organized in course areas on the Tea Campus. By assigning course- and course-area-specific roles and permissions, users of the learning platform are given the opportunity to manage courses and course areas, design content, and grant appropriate access rights to other individuals if necessary. Courses, except for courses in the open offering, are closed. This means that these courses are only accessible to a group of people defined by the course area admin, course admin, or course tutor.


Course members in the roles of students or users have access to courses that they have been authorized to access by Global Admins and can participate in activities within the framework of the course supervisor's guidelines. Global Admins are persons responsible for the technical and organizational management of the learning platform and have access rights to the entire system. They can access all data on the learning platform, including changing and deleting user master data. Only a few employees assigned to system maintenance are granted these rights.

Technical admins have unrestricted access to the learning platform from a technical perspective. However, their duties only include access to log data.



6. Data transfer


Any use of your personal data is only for the purposes stated and to the extent necessary to achieve these purposes. Data is not disclosed to third parties unless otherwise stated in this privacy policy. If we disclose personal data to data processors, we will inform you of this in this privacy policy at the respective data processing operation, naming the specific recipient.


Transfers of personal data to state institutions and authorities are only made within the framework of mandatory national legal regulations or if the transfer is necessary for legal or criminal prosecution in the event of attacks on our network infrastructure. Data will not be transferred for other purposes.



7. Support and inquiries


In many cases, your admins are your first point of contact. You can contact them through the learning platform.


If you contact us directly, your email address will only be used for correspondence with you. Upon receipt of an email, it is assumed that a response via email is desired, unless you express a desire for a different form of communication. If necessary, your email will be forwarded to the responsible department (e.g., course supervisors, technical support, external service providers) for further processing.





The learning management system Ilias used on our learning platform uses cookies. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our learning platform. Cookies do not cause any damage to your device, do not contain viruses, Trojans, or other harmful software.


The cookie contains information that results from the specific device used. However, this does not mean that we gain immediate knowledge of your identity.


The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. For example, we use so-called session cookies to enable session control and to save form inputs or shopping carts during the session. Session cookies are deleted at the latest when you close your web browser.


Ilias uses both temporary cookies, which become invalid after the end of the session or when the browser is closed, and longer-term cookies. You can see which cookies were set by and delete them if necessary via your browser settings.


The data processed by cookies are necessary for the stated purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.


Most browsers accept cookies automatically. However, you can configure your browser to prevent cookies from being stored on your computer or to display a message whenever a new cookie is about to be stored. Please note that disabling cookies entirely may result in your inability to use all the features of our website.



9. Deletion of personal data


The personal data will be deleted from the system as soon as they are no longer needed for the purpose of collection.


All personal data will be stored until the user account is deleted. You can edit or delete the voluntary information in your user profile at any time. The data from participation in the course, the course-related inventory and movement data, will be stored until the course is deleted, but no longer than 2 years. Results from tests, learning packages and assignments as well as data on the completion of the course and the overall evaluation will be kept for a maximum of 10 years, in accordance with legal retention requirements.



10. Rights of data subjects


You have the right to:


Revoke your consent given to us once according to Art. 7 para. 3 GDPR at any time. This will result in us no longer processing the data that was based on this consent for the future.


Request information about your personal data processed by us according to Art. 15 GDPR. In particular, you can request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data, if it was not collected by us, as well as the existence of automated decision-making, including profiling, and meaningful information about its details if applicable.


Demand the immediate rectification of incorrect or incomplete personal data stored by us according to Art. 16 GDPR.


Request the deletion of your personal data stored by us according to Art. 17 GDPR, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.


Demand the restriction of processing of your personal data according to Art. 18 GDPR, as far as the accuracy of the data is contested by you, the processing is unlawful, but you oppose their erasure, and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to processing pursuant to Art. 21 GDPR.


Receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, or to request the transmission to another controller according to Art. 20 GDPR.


Lodge a complaint with a supervisory authority according to Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our association headquarters for this purpose.


Information about your right to object under Art. 21 GDPR


You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is based on Article 6(1)(e) GDPR (processing for the performance of a task carried out in the public interest) or Article 6(1)(f) GDPR (processing for purposes of legitimate interests); this also applies to profiling based on these provisions under Article 4(4) GDPR.


If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims.


If your objection is directed against processing for direct marketing purposes, we will immediately cease the processing. In this case, no specific situation needs to be specified. This also applies to profiling insofar as it is associated with such direct marketing.


If you wish to exercise your right to object, simply send an email to



11. Data security


All personally transmitted data is encrypted using the generally accepted and secure TLS (Transport Layer Security) standard. TLS is a proven and secure standard that is also used in online banking, for example. You can recognize a secure TLS connection by the added "s" in "https" in the address bar of your browser or by the lock icon in the lower part of your browser.


In addition, we use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.



12. Timeliness and modification of this privacy policy


This privacy policy is current as of May 2023.


Due to the further development of the learning platform or changes in legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed and printed by you at any time on the learning platform.