(As of: February 6, 2026)
We are pleased that you are visiting our websites and are interested in our services. The protection of your personal data is important to us. Below, we inform you in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR) about which personal data we process when you use our websites, for what purposes, on what legal basis, and what rights you have. This privacy policy applies to our online offerings, particularly under the domains www.edutrainment.com and www.edutrainment-company.com, as well as their subpages.
1. Controller and Contact
The controller within the meaning of the GDPR is:
edutrainment company GmbH
Winsstraße 12
10405 Berlin
Germany
Phone: +49 (0)30 3641 777 0
Email: info@edutrainment.com
Data Protection Contact:
info@edutrainment.com
Data Protection Officer:
Maria Matthäus
2. General Information on Legal Bases, Recipients, and Third-Country Transfers
2.1 Legal Bases
We process personal data only when legally permissible. Legal bases include in particular:
– Art. 6(1)(b) GDPR (contract/pre-contractual measures),
– Art. 6(1)(c) GDPR (legal obligation),
– Art. 6(1)(f) GDPR (legitimate interest),
– Art. 6(1)(a) GDPR (consent).
Where we use cookies or similar technologies or store/access information on your device, we additionally comply with the requirements of the Telecommunications-Digital Services-Data Protection Act (TDDDG), particularly Section 25 TDDDG.
2.2 Recipients / Categories of Recipients
Recipients of your data are—where necessary—internal departments (e.g., responsible employees) as well as service providers (processors) we engage, particularly for hosting, maintenance/IT, communication, form/appointment and newsletter services, CRM systems, and, where applicable, security/spam protection.
We conclude contracts with processors in accordance with Art. 28 GDPR.
2.3 Third-Country Transfers (outside EU/EEA)
For certain services, processing may also take place outside the EU/EEA (particularly in the USA) or cannot be excluded. In such cases, we ensure that appropriate safeguards exist in accordance with Art. 44 et seq. GDPR (e.g., adequacy decision—where applicable—or EU Standard Contractual Clauses and supplementary measures).
3. Data Security
We use appropriate technical and organizational measures to protect your data (Art. 32 GDPR). Our websites are generally encrypted via TLS/SSL. Please note that data transmission over the internet may nevertheless have security vulnerabilities.
4. Data Processing When Accessing the Website (Server Log Files/Hosting)
When you access our websites, information is automatically collected and stored in server log files by the hosting/server provider, which your browser transmits. This typically includes:
– IP address (possibly shortened),
– date and time of access,
– page/file accessed,
– amount of data transferred,
– referrer URL,
– browser type/version,
– operating system,
– requesting provider.
Processing is carried out to provide the website technically, to ensure stability and security (e.g., attack detection), and for error analysis. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure and functional operation).
Storage duration: Log files are generally stored only as long as necessary for the stated purposes and are then deleted or anonymized. This typically occurs within 30 days; longer storage may be necessary in individual cases to investigate security incidents.
Hosting/Provider:
ari.local UG
Emsstraße 6
14612 Falkensee
The legal basis for the integration of hosting is Art. 6(1)(f) GDPR (secure operation) as well as Art. 28 GDPR (data processing agreement), provided the provider acts as a processor.
5. Cookies, Consent Management, and Consents
Our websites use cookies and comparable technologies (e.g., local storage, pixels/tags) to provide basic functions, save settings, and—where you consent—enable reach measurement/statistics and marketing.
a) Technically Necessary Cookies/Technologies
Technically necessary cookies/technologies are required for the operation of the website (e.g., page navigation, security functions, storage of your cookie settings). The legal basis for storing/accessing on your device is Section 25(2) TDDDG (where necessary), and for subsequent processing of personal data Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(b) GDPR, if they are necessary to fulfill a function you have requested.
b) Optional Cookies/Technologies (Preferences, Statistics, Marketing)
We use optional cookies/technologies only if you provide consent. The legal basis for storing/accessing is Section 25(1) TDDDG, and for further processing Art. 6(1)(a) GDPR.
c) Consent Management Platform (Consent Tool)
To obtain, manage, and document your consents, we use a consent management tool (“Complianz”).
In particular, your consent status, timestamp, possibly a pseudonymous identifier, and technical information (e.g., version of the consent text) are stored to document and implement your decision. The legal basis is Art. 6(1)(c) GDPR (fulfillment of legal obligations for demonstrability/compliance) and Art. 6(1)(f) GDPR (legitimate interest in proof and control).
You can change or withdraw your consent at any time with effect for the future by clicking on the “Manage consent” link (in the cookie banner).
You can view which cookies/tools are active in detail (including provider, purpose, and storage duration) at any time in the consent tool under “Manage services.”
6. Web Analytics / Reach Measurement (Google Analytics)
If you have consented, we use Google Analytics to analyze the use of our website and to improve our online offering. Cookies and comparable technologies may be used to collect information about your use of the website (e.g., pages visited, interactions, technical information, possibly shortened IP address, approximate location data based on IP, device/browser information).
Provider: Google Inc. (in the EU typically Google Ireland Limited).
Purposes: Reach measurement, analysis, optimization, statistical evaluation.
Legal basis: Your consent (Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR).
Withdrawal: You can withdraw your consent at any time via “Manage consent.”
Third-country transfer: Processing in third countries (particularly the USA) cannot be excluded; it takes place only under the conditions of Art. 44 et seq. GDPR.
Storage duration: 14 months
7. Web Fonts (Google Fonts)
We use fonts for uniform display of the website.
a) External Loading via Google
If fonts are loaded via Google servers, your IP address and technical connection data may be transmitted to Google.
Legal basis: Your consent (Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR), if loaded externally.
8. Embedded Content / Videos (YouTube)
If you have consented or if a video is loaded only after your interaction (e.g., two-click solution), videos may be embedded on our website via YouTube. When loading the video, a connection to Google servers may be established. Personal data may be processed (e.g., IP address, device/browser information, possibly cookies/identifiers, usage data).
Provider: YouTube/Google (in the EU typically Google Ireland Limited; processing may also occur through Google LLC, USA).
Purposes: Display of video content, user-friendly provision of information.
Legal basis: Your consent (Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR), provided the video is not purely technically necessary.
Withdrawal: at any time via “Manage consent.”
Third-country transfer: Processing in third countries (particularly the USA) cannot be excluded; it takes place only under the conditions of Art. 44 et seq. GDPR.
9. Contact (Email, Phone, Contact Form)
When you contact us by email, phone, or via a contact form, we process the data you provide (e.g., name, email address, phone number, message content) to respond to your inquiry and, where applicable, to carry out measures for contract initiation/fulfillment.
The legal basis is Art. 6(1)(b) GDPR (initiation/fulfillment of a contract) or Art. 6(1)(f) GDPR (legitimate interest in efficient communication), depending on the content of your inquiry.
Obligation to provide: Providing the data marked as mandatory fields is necessary to process your inquiry. Without this information, we may not be able to respond to your inquiry or may not be able to respond fully. All other information is voluntary.
Storage duration: We generally delete inquiries once they have been fully processed, unless legal retention obligations exist or further storage is necessary for the assertion, exercise, or defense of legal claims.
10. Spam and Abuse Protection (Google reCAPTCHA)
To protect our forms from abusive automated entries (spam/bots), Google reCAPTCHA may be used. The provider is Google (in the EU typically Google Ireland Limited; depending on processing, data may also be transmitted to Google LLC, USA).
In particular, the following may be processed: IP address, device/browser information, referrer URL, and interaction data (e.g., mouse movements/dwell time) to assess the risk of abusive use.
Purposes: Protection of the website and forms, IT security, abuse prevention.
Legal bases / Integration:
– reCAPTCHA is loaded only after your consent.
Legal basis: Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR.
Withdrawal: where consent is used, at any time via “Manage consent.”
Third-country transfer: Processing in third countries (particularly the USA) cannot be excluded; it takes place only under the conditions of Art. 44 et seq. GDPR.
11. Appointment Booking (Calendly)
For scheduling appointments, we offer links/integrations of the Calendly service. The provider is Calendly, LLC (USA). When you book an appointment via Calendly, the data you enter (e.g., name, email address, appointment time, possibly notes/company information) is processed to organize and conduct the appointment.
The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures/contract fulfillment) or Art. 6(1)(f) GDPR (legitimate interest in efficient appointment organization).
Obligation to provide: The data marked as required for appointment booking is necessary to schedule and coordinate an appointment. Without this information, appointment booking may not be possible. You may omit voluntary information.
Third-country transfer: Calendly may process data in the USA. Appropriate safeguards may exist for the transfer (e.g., Standard Contractual Clauses and/or an adequacy mechanism, where applicable).
If you do not wish your data to be processed via Calendly, you can alternatively schedule an appointment by phone or email.
12. Event and Appointment Registrations (Typeform)
For registrations for webtalks/events, we use links to forms from Typeform (form.typeform.com). The provider is Typeform (Typeform S.L., Spain). Depending on the form, we process the data you enter (e.g., name, email address, company information, answers to form questions) to process your registration, conduct the event, and, where applicable, for organizational communication (e.g., confirmation/reminder emails).
The legal basis is Art. 6(1)(b) GDPR (conduct/initiation) and—where you provide optional information or give consent—Art. 6(1)(a) GDPR.
Obligation to provide: Mandatory information is required to process your registration and conduct the event. Without this information, registration may not be possible.
Typeform may use subprocessors, whereby processing outside the EU/EEA cannot be excluded. In such cases, transfers take place only in compliance with the requirements of Art. 44 et seq. GDPR (e.g., Standard Contractual Clauses).
13. Newsletter (“Lernbooster”/Email Information) and Mailchimp
When you subscribe to our newsletter, we process your email address and possibly voluntary information (e.g., first name) to send you regular information about appointments, content, and offers. Registration generally takes place via a double opt-in procedure. For documentation purposes, we store the time of registration and confirmation as well as technical log data (e.g., IP address/log data), to the extent necessary for demonstrability.
The legal basis for sending the newsletter is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time with effect for the future, e.g., via the unsubscribe link in each newsletter email.
Obligation to provide: Providing your email address is necessary to send you the newsletter. Without an email address, newsletter subscription is not possible. All other information is voluntary.
For sending and managing the newsletter, we use a newsletter service provider (Mailchimp). Mailchimp is operated by Rocket Science Group LLC d/b/a Mailchimp (Intuit group of companies, USA). Your data may be processed in the USA. Appropriate safeguards may exist for data transfers (e.g., Standard Contractual Clauses and/or an adequacy mechanism, where applicable).
Newsletter tracking:
When we send newsletters, technically-based evaluations may be carried out to improve the newsletter (e.g., open rates, clicks on links).
14. CRM System / Contact Management (Pipedrive)
For structured processing of inquiries and for maintaining customer and prospect contacts, we may use a CRM system. The provider is Pipedrive (Pipedrive OÜ, Estonia; depending on the configuration, other group companies, e.g., Pipedrive Inc., USA, may be involved).
When we document your contact inquiry or business communication in the CRM, contact data, communication content, and metadata may be processed in particular.
The legal basis is Art. 6(1)(b) GDPR (initiation/fulfillment) and/or Art. 6(1)(f) GDPR (legitimate interest in efficient organization). Where we contact you for marketing purposes, this is done only within the framework of legal requirements; we obtain necessary consents separately.
Obligation to provide: There is generally no legal obligation to store your data in the CRM. However, storage may be necessary for processing your inquiry and business communication. If you do not wish your inquiry to be processed in a CRM, please inform us; we offer alternative communication channels and will consider your request within the scope of legal possibilities.
Transfer to third countries cannot be excluded when using certain Pipedrive functions/subprocessors. In such cases, this takes place only under appropriate safeguards (e.g., Standard Contractual Clauses and/or an adequacy mechanism, where applicable).
15. Applications
When you apply to us (e.g., by email), we process your application data (e.g., contact details, CV, certificates, correspondence) exclusively to conduct the application process.
The legal basis is Art. 6(1)(b) GDPR (initiation of an employment relationship) in conjunction with Section 26 BDSG (where applicable) and—if you give us consent—Art. 6(1)(a) GDPR.
Obligation to provide: Providing the information necessary for the application process is required to review your application and conduct the process. Without this information, your application may not be considered.
Storage duration: We generally delete application data no later than 6 months after completion of the application process, unless consent for longer retention exists and no legal retention obligations or legal defense interests prevent deletion.
16. General Storage Duration
Unless a specific storage duration is stated in this privacy policy, we store personal data only as long as necessary for the respective purposes. Thereafter, the data is deleted or anonymized, unless legal retention obligations (e.g., commercial and tax retention periods) or legitimate interests (e.g., legal defense) require further storage.
17. Your Rights as a Data Subject
Under the GDPR, you have in particular the following rights:
– Right to access (Art. 15 GDPR),
– Rectification (Art. 16 GDPR),
– Erasure (Art. 17 GDPR),
– Restriction of processing (Art. 18 GDPR),
– Data portability (Art. 20 GDPR),
– Objection to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR).
Objection to direct marketing:
If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
Withdrawal of consent:
If processing is based on your consent, you can withdraw it at any time with effect for the future (Art. 7(3) GDPR), e.g., via “Manage consent” or the respective unsubscribe/withdrawal options.
Right to lodge a complaint:
You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), particularly with the authority responsible for Berlin:
Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59–61, 10555 Berlin
Website: https://www.datenschutz-berlin.de/
18. Automated Decisions/Profiling
Automated decision-making in individual cases, including profiling within the meaning of Art. 22 GDPR, does not take place unless we inform you separately in individual cases.
19. Changes to This Privacy Policy
We may update this privacy policy if the legal situation, our data processing, or the services used change. You will find the current version on our website.
Version as of: February 6, 2026.
