Datenschutzerklärung

Introduction

Welcome to the German Compliance Institute ("we," "us," or "our"). We are committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner.

This Privacy Policy explains how we collect, use, process, and protect your personal data when you visit our website [Insert Website URL] and use our e-learning platform to access courses in compliance, IT, teaching, languages, and more. All data processing is carried out in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Name and Address of the Controller

The controller responsible for the processing of your personal data is:

German Compliance Institute

Email: [email protected]

What Personal Data We Collect

We collect data to provide a functioning website and to offer our educational services. The types of data we collect include:

  • Account Registration Data: When you create an account, we collect your first name, last name, email address, and account password.

  • Course & Profile Data: We track the courses you enroll in, your learning progress, quiz or assessment results, and data required to generate and issue your German Compliance Institute Certificate.

  • Payment and Billing Data: If you purchase courses, we collect billing details (e.g., billing address). Note: Payment transactions are processed by secure third-party payment providers (e.g., PayPal, Stripe). We do not store full credit card numbers on our servers.

  • Communication Data: If you contact us via email or a contact form, we collect your email address, name, and the content of your message.

  • Server Log Files (Automatically Collected Data): When you visit our website, our servers automatically record information sent by your browser, including:

    • IP address (anonymized where possible)

    • Date and time of access

    • Browser type and version

    • Operating system

    • Referrer URL (the site you visited before ours)

Purposes and Legal Basis for Processing

We only process your personal data when we have a legal basis to do so under Article 6 of the GDPR:

Purpose of Processing

Legal Basis (GDPR)

Account Creation & Course Delivery: To provide access to our e-learning platform, track your progress, and issue institute certificates.

Art. 6(1)(b) - Performance of a Contract: Processing is necessary to fulfill our service agreement with you.

Payment Processing: To process transactions for purchased courses.

Art. 6(1)(b) - Performance of a Contract.

Customer Support: To respond to your inquiries and support requests.

Art. 6(1)(b) - Performance of a Contract or Art. 6(1)(f) - Legitimate Interest.

Website Security & Optimization: To ensure the stability and security of our IT systems using server log files.

Art. 6(1)(f) - Legitimate Interest: Protecting our website against cyber threats.

Marketing & Newsletters: To send you updates about new courses (only if you opt-in).

Art. 6(1)(a) - Consent: You can withdraw this consent at any time.

Statutory Retention: Storing billing data for tax and accounting purposes.

Art. 6(1)(c) - Legal Obligation: Compliance with German commercial and tax laws.


Sharing of Personal Data

We do not sell your personal data. We only share your data with trusted third-party service providers who assist us in operating our institute. These may include:

  • Hosting Providers: To host our website and e-learning platform securely.

  • Payment Gateways: To process course purchases securely.

  • Email Providers: To send account notifications and newsletters.

We have entered into Data Processing Agreements (DPAs) with all third-party providers as required by Art. 28 GDPR to ensure they protect your data to the same strict standards that we do.

Cookies and Tracking Technologies

Our website uses "cookies" to make our platform user-friendly, efficient, and secure.

  • Essential Cookies: Required for the website and learning platform to function (e.g., keeping you logged in).

  • Analytical/Tracking Cookies: Used to analyze website traffic (e.g., Google Analytics). These are only placed on your device if you give explicit consent via our Cookie Banner.

Data Retention

We store your personal data only as long as necessary for the purposes for which it was collected:

  • Account Data: Kept as long as your account is active. If you delete your account, your profile data will be erased.

  • Certificate Data: Records of issued certificates may be kept longer to verify your attendance and completion if you request it in the future.

  • Financial Data: By German commercial and tax law (HGB and AO), invoices and financial transaction records must be retained for up to 10 years.

Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): You can request a copy of the personal data we hold about you.

  • Right to Rectification (Art. 16 GDPR): You can ask us to correct inaccurate or incomplete data.

  • Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR): You can request the deletion of your personal data, provided no legal retention periods conflict with this.

  • Right to Restriction of Processing (Art. 18 GDPR): You can ask us to limit how we process your data.

  • Right to Data Portability (Art. 20 GDPR): You can request your data in a structured, commonly used, and machine-readable format.

  • Right to Object (Art. 21 GDPR): You can object to the processing of your data based on legitimate interests.

  • Right to Withdraw Consent (Art. 7(3) GDPR): If processing is based on your consent (e.g., newsletters), you can withdraw it at any time.

To exercise any of these rights, please contact us at [email protected]

Right to Lodge a Complaint: If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement.

Data Security

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or manipulation. Our website uses TLS/SSL encryption (indicated by "https://" in your browser) to ensure that data transmitted between your browser and our server remains private and secure.

Changes to This Privacy Policy

We may update this Privacy Policy occasionally to reflect changes in our services or legal requirements. The updated version will be published on this page with a new "Effective Date."