CA Akademie AG Data Privacy Policy

Under the brand name CA controller akademie, CA Akademie AG (CA) conducts basic and advanced training for professionals and managers in the subjects of controlling, accounting and finance, corporate management, information management and social competencies. In 1975, along with CA graduates, CA founder, Dipl.-Kfm. Dr. Dr. h.c. Albrecht Deyhle established the International Controller Association (ICV) as the first controller society. Since then, ICV and CA have maintained a joint address base. It is now operated exclusively by employees of the two cooperation partners in joint controllership in line with Article 26 of the EU GDPR. CA and ICV contractually agreed the cooperation, in particular with regard to the responsibilities and duties of the two contracting parties in line with Article 26 of the EU GDPR. No data whatsoever are forwarded to third parties for further use.


This privacy policy describes how, why and to what extent personal data are processed as part of the data processing procedure and CA’s online service and its related websites, functions and content. This privacy policy applies independently of the domains, systems, platforms and devices on which the online service is run.

Registration for CA events

If you register online, per phone or post for a CA event, we will collect and store the requested data, and if necessary for event preparation and execution, we will pass it on to the departments listed in detail below in order to fulfil the contract.

We require your first and last name, a postal address for billing, a telephone number and email address so we can communicate with you directly. The participants’ companies generally register them for our seminars and they are thus our contractual partners. We therefore require both a so-called booking contact and billing contact for communication with employers. Optional entries include the person’s position, department and date of birth. Communication with your employer is conducted in the manner specified when the event is booked. If you wish an alternative method, please clarify this with your employer.

We store both these compulsory and optional data on our own server at Wörthsee (Federal Republic of Germany) in order to fulfil our contractual services in line with Article 6, Paragraph 1, Letter b of the EU GDPR. We work with external service providers to maintain and ensure security. They are all based in the Federal Republic of Germany and are thus subject to the EU GDPR and German data protection law.

Staging of CA events

When you register for an event we use the following data you give us in order to organise the event:

  • The locations, generally hotels, receive a list of participants for the relevant seminar to arrange hotel services between the participants and hotel. The list includes the names and postal addresses of the seminar participants.
  • The trainers/speakers of the relevant seminar receive a list of participants with the first and last names of the seminar participants, their position, and the address of the registering organisation. This list also contains information about CA seminars that have already been attended. The trainers/speakers use this to prepare themselves for the group of participants.
  • An important part of our events is networking and the exchange of ideas among the event participants. For this reason, the seminar participants are given a list of all event participants at the venue, which contains the following data: first and last name, position, email address, company name and site. If you do not wish this, please inform us of such before the start of the event. In the case of private individuals, only the first and last name is specified.
  • For documentation and advertising purposes (e.g. in social media) we take photos and videos in some of our events. This will be announced in the respective event. If you do not wish to be photographed or recorded, please inform the person responsible for the event. Otherwise, we assume that by participating in the recordings you agree to the publication options mentioned above.
  • Documentation may be sent via email to participants after the event for post-processing.

After CA events

We retain the data we have collected for the respective event once it is over. In line with Article 17, Paragraph 3, Letter b of the EU GDPR, this includes data required by the bookkeeping department, which is subject to various statutory retention regulations, and information about which event a specific person has attended or cancelled. This is necessary on account of our structured training program system, and lets us ascertain when we can issue final certificates and whether someone has earned a specific qualification. This also enables us to issue confirmations of participation as proofs of personal qualification should the participants so wish, even long after an event has taken place.

The personal data we store are deleted if the aforementioned reasons no longer preclude this. This refers to erasure on expiry of statutory retention periods and the erasure of the accounting history after 40 years, in line with the regular customer further training cycle.

Information about our service portfolio

In addition, we use some of the data given to us (name, email address, postal address) to preserve our legitimate interests in line with Article 6, Paragraph 1, Letter f of the EU GDPR and/or Article 6, Paragraph 1, Letter a of the EU GDPR based on your consent beyond the event you have booked to let us inform you per post, email or telephone about our other services, training events, specialised content and publications and to advise you about suitable qualification possibilities.

In order to do so, we also use external service providers like mailing companies and newsletter distributors in Germany and Austria whom we have contractually obliged in compliance with the data protection provisions according to Article 28 of the EU GDPR.

You are entitled at any time to revoke the use of your data used for these purposes, by sending an email with your revocation to In this case we will then immediately stop sending further information and restrict the use of your data for these purposes to the types of acquisition you wish or block it completely.

Interest in CA without booking an event

Insofar as you have given us your postal and/or email address to let us notify you of our service portfolio (e.g. by subscribing to or requesting our newsletter, white papers, studies, participation in competitions or requesting information), we shall use these data to preserve our legitimate interests in line with Article 6, Paragraph 1, Letter f of the EU GDPR and/or based on your consent in line with Article 6, Paragraph 1, Letter a of the EU GDPR.

You are entitled at any time to revoke the use of your data used for these purposes, by sending an email with your revocation to In this case we will then immediately stop sending further information and restrict the use of your data for these purposes to the types of acquisition you wish or block it completely.

Furthermore, we use personal data that we have acquired from the public domain to preserve our legitimate interests in line with Article 6, Paragraph 1, Letter f of the EU GDPR.

You are entitled at any time to revoke the use of this data by sending an email with your revocation to In this event, we will immediately stop sending further information and completely block the use of these data.

Visiting our website

Our security measures include in particular encrypted data transmission between your browser and our server according to HTTPS protocol (SSL-encrypted, algorithm RSA-AES 256).


Google Analytics

We use Google Analytics, a web analysis service of Google Inc. (“Google”). Google uses cookies. The information about how visitors use the online offering collected by the cookie is usually sent to a Google server in the USA where it is stored. Google is certified under the Privacy Shield agreement and thus offers a guarantee that it complies with European data protection law (

Google will use this information on our behalf to evaluate the use of our online service by the user and to compile reports about activities within this service and to provide other services for us in connection with Internet use. Pseudonymised usage profiles of the users based on the processed data may be created in the process.

We only use Google Analytics with activated IP anonymisation. This means that Google truncates the IP address of users within the member states of the European Union or in other states party to the agreement on the European Economic Area. The full IP address is only sent to a Google server in the USA and truncated there in exceptional cases. The IP address transmitted by the user’s browser is not consolidated with other Google data.


Users can prevent cookies being stored via the user preferences in their browser software settings; users can also prevent data generated by the cookie on their use of the online service being transmitted to Google and processed by Google by downloading and installing the browser plugin available under the following link:

Alternatively, you can also deactivate Analytics via our deactivation function.
Deactivate Google Analytics now
A cookie is then set on your computer telling Google that you do not wish to be tracked by Analytics.  

Additional information

You can find additional information on Google’s use of data for advertising purposes, settings and revocation possibilities on Google websites: (“Data usage by Google when you visit our partners’ websites or use their apps”), (“Data usage for advertising purposes”), (“Managing information used by Google to show you advertising”) and (“You decide which advertising Google shows you”).


Google Tag Manager

The Google Tag Manager is incorporated in the CA website. Plugins are loaded, but no personal data are collected.


Google AdWords

The Google marketing services we use include the Google AdWords online advertising program. In case of Google AdWords, each AdWords customer receives a different “conversion cookie”. This means that cookies cannot be tracked via the websites of AdWords customers. The information collected with the help of cookies is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers receive information on the total number of users who clicked on their advertisement and were forwarded to a website with a conversion tracking tag. However, they do not receive any information that lets them identify users personally.


Access data and log files

Based on our legitimate interests within the meaning of Article 6, Paragraph 1, Letter f of the GDPR we collect data about every access to the server on which this service is located (so-called server log files). The access data include the name of the website accessed, file, date and time of access, data volume transmitted, access message, browser type and version, the user’s operating system, referrer URL (the antecedent website visited), IP address and the requesting provider.

Log files are stored for a maximum of 30 days for security reasons (e.g. to investigate any incidents of misuse or fraud) and then they are deleted. Data that must be stored for a longer period because they are required as proof are excepted from deletion until clarification of the respective incident is finalised.


Information about cookies

Cookies are information that our or third-party web servers send to the user’s browser and store there for subsequent call-up. Cookies may be small files or other forms of information storage downloaded to the computer or a mobile end device. Online services recognise subsequent visits and visitor paths to simplify your use of the websites and better tailor them to suit you.


We use the following cookies

Session cookies that are only stored on our online services for the period of the actual visit (e.g. in order to permit storage of your login status or the booking function and thus enable use of our online service in the first place). A randomly generated unique identification number or so-called session ID is stored in the session cookie. It also contains details of its origin and when it expires. These cookies cannot store any other data. Session cookies are deleted when you quit using our online service and log out or close your browser.

Persistent cookies that remain on devices even after the browser is closed. They are reactivated every time the website is accessed, thus permitting recognition in the event of repeated accessing.

Third-party supplier cookies stored by companies to analyse websites in order to supply us with details of how often the online service was accessed and how long for.

Cookies that are stored by websites on which media (like video clips and films) are offered. These cookies speed up content download and store information, such as recording that your device has accessed the content.


Cookies and setting options

Cookies enable the efficient personalised use of all our online service functions. Without cookies, some functions and services are not available.

Most browsers offer different options for protecting your privacy. Deactivating cookies means that new cookies cannot be stored. It does not prevent previously set cookies continuing to function on the device until all cookies are deleted in the browser settings. The browser help function or end device user manual explain how to manage your personal preferences in relation to cookie settings. In addition, company-specific settings may be subject to guidelines.


Third-party services and content

The following description provides an overview of third-party providers and their content, links to their privacy policies and additional information on data processing, and in some cases, also information on the aforementioned opt-outs:

Videos of the “YouTube” platform of third-party provider, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:, Opt-out:

Our online services use LinkedIn network functions. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. A link to LinkedIn servers is established every time one of our websites with LinkedIn functions is accessed. LinkedIn is also informed that you have visited our Internet websites with your IP address. If you click LinkedIn’s “Recommend” button and are logged into your account at LinkedIn, LinkedIn will be able to link your visit to our Internet website to your user account. Please note that as the website provider we have no knowledge of the content of the transmitted data or their use by LinkedIn. Privacy policy:, Opt-Out:

Our online services use Facebook network functions. Based on our legitimate interests (i.e. interest in analysing, optimising and the economic operation of our online service within the meaning of Article 6, Paragraph 1, Letter f of the GDPR), we use social plugins (‘plugins’) of the social network,, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’). Plugins may be interaction elements or content (e.g. videos, charts or text contributions) and are recognisable by one of the Facebook logos (a white “f” on a coloured background). The list of Facebook social plugins and what they look like can be viewed here:

Facebook is certified under the Privacy Shield agreement and thus offers a guarantee that it complies with European data protection law (

If you use a function of this online service that contains such a plugin, your device will set up a direct link to the Facebook servers. Facebook sends the plugin content directly to your device and incorporates in the online service. Usage profiles based on the processed data may be created in the process. We therefore have no influence on the scope of data collected by Facebook with the help of this plugin, and thus inform users to the best of our knowledge.

By incorporating the plugin, Facebook receives the information that a user has accessed the relevant website of the online service. If the user is logged into Facebook, Facebook can link the visit to the user’s Facebook account. If users interact with the plugins by clicking the Like button or leaving a comment, the respective information is sent by your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still a possibility that Facebook will find out their IP address and store it. According to Facebook, only anonymised IP addresses are stored in Germany.

Users can refer to the Facebook privacy policy for details of the purpose and scope of data acquisition, further processing and use by Facebook, and the rights and settings in this connection to protect user privacy at:

If a user has a Facebook account and does not want Facebook to collect data about them via this online service and link it with their account data on Facebook, they must first log out of Facebook and delete its cookies before using our online service. Other settings and objections to the use of data for advertising purposes are possible in the Facebook profile settings: or via the US website or the EU website Settings are performed across all platforms, i.e. they are adopted for all devices, such as desktop computers and mobile devices.

Functions of the Twitter service may be incorporated in our online service. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. If you use Twitter and the retweet function, the websites you access will be linked to your Twitter account and disclosed to other users. Data will also be transferred to Twitter. Please note that as the website provider we have no knowledge of the content of the transmitted data or their use by Twitter. The Twitter privacy policy is available at You can change your data privacy settings on Twitter in your account settings at

We use functions of the XING network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. A link to Xing services is established every time websites with Xing functions are accessed. As far as we know, no personal data are stored. In particular, no IP addresses are stored or usage behaviour evaluated. When you log into your XING account, you can click the XING button to link the content of our web pages with your XING profile. Data protection statement:

Features and content of the Instagram service (Instagram Inc., 1601 Willow Road, Menlo Park, Calif., 94025, USA) may be incorporated on our website. For this, e.g. content such as images, videos, text and buttons may be used to allow users to voice their favor regarding content to authors, or they may subscribe to these submissions. If the users are members of the platform Instagram, Instagram is able to assign the call of the mentioned contents and functions to the profiles of the users there.

Your other rights

Besides the above revocation and erasure rights, you also hold the right to access information on the data stored about you in line with Article 15 of the EU GDPR. In line with Article 16 of the EU GDPR you hold the right to correct inaccurate personal data stored about you. In line with Article 20 of the EU GDPR you hold the right to data portability. In all these cases please contact us via email at Furthermore, in line with Article 77 of the EU GDPR you are entitled to lodge a complaint with a supervisory authority.

Data protection officer, supervisory authority and responsibility

Please send your data protection queries via email to Our data protection officer according to Article 37 of the EU GDPR is Mr Conrad Günther. The responsible supervisory authority is the Bavarian Data Protection Authority, Promenade 27, 91522 Ansbach, Germany, Responsibility for data processing lies with the CA Akademie AG, represented by the Board of Directors, cf. our site notice.

Our main priority

We are pleased that you are interested in our services and wish you to use our website and impart your personal data to us with an easy mind. We take the protection of your personal data very seriously, and we also take it into account in the organisation of our business processes. In doing so, we deploy state-of-the-art organisational, technical and contractual security measures. In cases in which we rely on the support of external service providers, respective agreements on order processing in line with data protection law were concluded by us.

We process personal data in line with the data protection statutes of the Federal Republic of Germany and the General Data Protection Regulation of the European Union.

Wörthsee, April 2020