Informationen zur Datenverarbeitung gemäß Art. 13, 14 DSGVO
Stand: 4/18/2026
The following notices provide a simple overview of what happens to your personal data when you visit this website. Personal data is all data with which you can be personally identified.
Your privacy is important to us. We only process your data within the scope of legal regulations.
Responsible for data processing on this website:
[[FIRMENNAME / NAME]]
[[STRAẞE UND HAUSNUMMER]]
[[POSTLEITZAHL UND ORT]]
Phone: [[TELEFONNUMMER]]
E-Mail: [[EMAIL]]
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
[[NAME DES DATENSCHUTZBEAUFTRAGTEN (falls vorhanden)]]
[[ADRESSE]]
E-Mail: [[EMAIL]]
Note: A data protection officer is mandatory from 20 employees onwards (for permanent processing of personal data). If not required, remove this section.
Data processing on this website is carried out by the website operator. Their contact details can be found in the "Responsible Party" section of this privacy policy.
Your data is collected on the one hand by you providing it to us. This may be data that you enter into a contact form, for example.
Other data is collected automatically or with your consent when you visit the website by our IT systems. This is mainly technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.
Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.
Main purposes of data processing:
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data.
Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
This platform is provided as Software-as-a-Service (SaaS) for schools. Responsibility for personal data is divided as follows:
We are responsible for:
For this data, you can exercise your GDPR rights via the "My Data" page.
Your school is responsible for:
For this data, please contact your school administrator directly. We act as a processor according to Art. 28 GDPR.
Contact for School Data:
Please contact your school administrator directly for information, correction or deletion of school data. They are responsible for managing this data.
This website is hosted by:
[[NAME DES HOSTING-PROVIDERS, z.B. Vercel Inc., AWS, Hetzner]]
[[ADRESSE DES PROVIDERS]]
Data processing: The hosting provider processes the following data on our behalf: server log files (IP address, browser type, operating system, referrer URL, hostname, time of server request).
Legal basis: The use is based on our legitimate interest in a secure, fast and efficient provision of our online offer (Art. 6 para. 1 lit. f GDPR).
Data processing agreement: We have concluded a data processing agreement with the above-mentioned provider.
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. The legality of data processing carried out until the revocation remains unaffected by the revocation.
If data processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims (objection according to Art. 21 para. 1 GDPR).
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement.
Competent supervisory authority:
[[NAME DER ZUSTÄNDIGEN DATENSCHUTZBEHÖRDE]]
[[ADRESSE]]
Website: [[URL]]
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.
Within the scope of applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient, and the purpose of data processing and, if applicable, a right to correction or deletion of this data.
You can contact us at any time regarding this and other questions about personal data.
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
These data are not merged with other data sources.
Legal basis: The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website - for this purpose, server log files must be recorded.
To ensure security, compliance and traceability, we log certain actions in the system in so-called audit logs. This logging is automatic and includes the following information:
This logging serves the following purposes:
🔒 Data Protection Measures:
Legal basis: Logging is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in security and compliance) as well as Art. 32 GDPR (security of processing). Retention is in accordance with Art. 5 para. 1 lit. e GDPR (storage limitation) for a period of 2-7 years depending on the severity of the action.
Storage duration: Normal actions: 2 years, Important actions: 5 years, Critical actions: 7 years. After the expiration of the period, data is automatically deleted or anonymized.
Your Rights: You have the right to receive information about stored audit logs that concern you. Please contact us for this via the "My Data" page or by email.
If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions.
We do not pass on this data without your consent.
Legal basis: Processing is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.
If you contact us by email, phone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request.
Legal basis: The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.
You can create a user account on this website. When you create a user account, the following data is collected:
Registration is required to use the platform's functions (course selection, management, evaluation).
Legal basis: Processing is based on Art. 6 para. 1 lit. b GDPR for the fulfillment of a contract or for the implementation of pre-contractual measures.
Storage duration: Data is stored as long as the user account exists. After deletion of the account, data will be deleted unless legal retention periods apply.
We use NextAuth.js for authentication on our website. Provider is Vercel Inc., USA.
NextAuth.js enables login via various methods:
Legal basis: Processing is based on Art. 6 para. 1 lit. b GDPR for contract fulfillment.
When you log in via Google or GitHub, the following data is transmitted by these services:
Note: Please refer to the privacy policies of Google and GitHub for more information on data processing by these services.
Google: https://policies.google.com/privacy
GitHub: https://docs.github.com/...
We use the following service for sending emails:
[[NAME DES E-MAIL-PROVIDERS, z.B. Strato AG]]
[[ADRESSE DES PROVIDERS]]
We send the following emails via this service:
Legal basis: Processing is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment) and Art. 6 para. 1 lit. f GDPR (legitimate interest in functional communication).
Our website uses cookies. Cookies are small text files that are stored on your device and that your browser saves. Cookies do not harm your computer and do not contain viruses.
Technically necessary for authentication and use of the website. Deleted after session ends.
Security cookie to protect against cross-site request forgery attacks.
Legal basis: The use of technically necessary cookies is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free and optimized provision of their services.
You can set your browser to inform you about the setting of cookies and only allow cookies on a case-by-case basis. When cookies are deactivated, the functionality of this website may be limited.
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
You have the following rights regarding your personal data:
You can request information about your stored data.
You can request the correction of incorrect data.
You can request the deletion of your data ("right to be forgotten").
You can request restriction of processing.
You can receive your data in a structured format.
You can object to processing.
How to exercise your rights:
Contact us by email at [[EMAIL]] or use the contact details from the legal notice.
This privacy policy contains placeholders in [[SQUARE BRACKETS]] that you must replace with your actual data!
Checklist:
⚠️ An incomplete privacy policy can lead to warnings! In case of doubt, consult a lawyer.
This privacy policy was created taking into account the GDPR.
Last updated: April 18, 2026