Privacy Policy

1. Introduction & Controller Identity

gotrehCtverdograd Learning GmbH is the data controller for the personal data described in this Privacy Policy. That means we decide why and how your personal data is processed when you use the Website or communicate with us.

Data Controller: gotrehCtverdograd Learning GmbH
Registered Address: Siemensdamm 50, 13629 Berlin, Germany
Email: [email protected]
Phone: +49 30 3640 1508

If you have questions about privacy on this Website, contact us using the details above. We do not appoint a Data Protection Officer for this project because we do not process special-category data at scale, and the Website is designed as an educational and informational platform with optional cookie consent for analytics and marketing.

2. Personal Data We Collect

The personal data we collect depends on how you use the Website. Some data is provided directly by you (for example, via a contact form), while other data is collected automatically (for example, via server logs or cookies).

• Identity and contact data: name (if provided), email address, and phone number (if provided).
• Form content: the message text you enter (for example, your learning topic, environment context such as “warehouse” or “office”, and any other details you choose to share).
• Technical data: IP address, browser type and version, device type, operating system, language settings, and approximate location inferred from IP (city/region-level).
• Usage data: pages viewed, time spent on pages, referrer URL, and click paths. This is collected only when you consent to Analytics Cookies.
• Cookies and identifiers: cookie identifiers and consent choices stored in your browser (see Section 4). Some cookies are essential for basic site functionality and session continuity.
• Conversion events: signals that a user action occurred (for example, a form submission redirect). These events are used for operational measurement and, if you consent, may also be used for advertising attribution.

We do not intentionally collect special-category data (such as health information, religious beliefs, political opinions), financial account details, or government identification numbers through this Website. Please do not include that type of information in a message.

3. Why We Process Personal Data & Legal Basis

Under the GDPR and UK GDPR, we must have a legal basis to process personal data. The legal basis depends on the purpose of the processing.

Contact and workshop requests

When you send us a message, we process the data to respond, provide learning information, and discuss workshop options.
Legal basis: Article 6(1)(b) (steps prior to entering into a contract) and Article 6(1)(a) (consent, where applicable).

Analytics and content improvement

If you consent to Analytics Cookies, we process usage data to understand which topics are read most, how people navigate between modules, and where content can be improved (for example, clarifying terminology such as CRI, CCT, UGR, or IP rating).
Legal basis: Article 6(1)(a) (consent).

Marketing and advertising measurement

If you consent to Marketing Cookies, we may process data that helps measure advertising performance and understand which educational messages lead to meaningful engagement (for example, a request for workshop details). This is used for remarketing and conversion attribution.
Legal basis: Article 6(1)(a) (consent).

Security, abuse prevention, and reliability

We process technical logs and security signals to protect the Website, prevent fraud, and ensure stable operation.
Legal basis: Article 6(1)(f) (legitimate interest). Our legitimate interest is to keep the Website secure and available.

Legal obligations

In limited cases, we may process personal data to comply with legal obligations (for example, responding to lawful requests).
Legal basis: Article 6(1)(c) (legal obligation).

Automated decision-making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects within the meaning of Article 22 GDPR.

4. Cookies & Tracking

Cookies are small text files stored on your device. Some are set by our Website (first-party cookies) and some may be set by service providers (third-party cookies). We also use similar technologies such as pixel tags and server-side event collection. Your choices are managed through our cookie banner and preferences modal.

Essential Cookies (always active)

Essential cookies are required for the site to function. They include the cookie that remembers your cookie consent selection and a basic site session cookie used for continuity and security checks.
Examples: _site_session, cookie_consent.
Retention: session to 12 months, depending on the cookie.

Analytics Cookies (consent required)

If enabled, Analytics Cookies help us understand how the Website is used so we can improve clarity, structure, and the sequencing of beginner modules. We use Google Analytics 4 (GA4) with IP anonymization where applicable.
Examples: _ga (2 years), _ga_XXXXXXXXXX (2 years).
Data retention: 14 months for analytics data in reporting settings.

Marketing Cookies (consent required)

If enabled, Marketing Cookies support advertising measurement, remarketing, and conversion attribution. They help understand whether an ad led to a meaningful action on the Website (for example, contacting us about a workshop).
Examples: _gcl_au (Google Ads, 90 days), _fbp (Meta, 90 days), _fbc (Meta, 90 days when a click ID is present).

Pixels and server-side measurement

In addition to cookies, advertising and analytics can use pixel tags (small scripts that send event signals) and server-side event forwarding. If enabled through your consent, these tools may process cookie identifiers, basic device information, and conversion events. Where server-side sharing is used, identifiers may be hashed before transfer to reduce direct identifiability.

For a detailed overview, see our Cookie Policy.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Article 6(1)(a)). Your consent is recorded in the cookie_consent browser cookie (stored for 12 months unless you clear cookies sooner).

You can withdraw or change your consent at any time by using “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing before withdrawal.

6. Sharing With Advertising & Service Partners

We use a small number of service providers to operate and improve the Website. Where analytics and marketing are enabled, some data may be shared with advertising partners. We do not sell personal data.

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie identifiers, usage data, conversion events. Privacy policy: https://policies.google.com/privacy
• Meta Platforms, Inc. (Meta Pixel, Custom Audiences, lookalike audiences, Conversion API): page views, conversions, audience membership signals, hashed identifiers where applicable. Privacy policy: https://www.facebook.com/privacy/policy
• Cloudflare (CDN and security): IP-based threat detection and performance optimization. Privacy policy: https://www.cloudflare.com/privacypolicy/

These providers act as processors or independent controllers depending on the service and configuration. We aim to configure services to minimize data where possible and to use consent controls for optional processing. We do not permit these providers to use site data for their own independent commercial purposes beyond providing services to us, subject to their platform terms and privacy commitments.

7. International Transfers

Some providers may process data outside the EEA/UK, including in the United States. Where applicable, transfers rely on the EU–US Data Privacy Framework (including the UK Extension and Swiss–US DPF where relevant). If a transfer is not covered by the DPF, we use Standard Contractual Clauses (EU 2021/914) and/or the UK International Data Transfer Agreement (IDTA) as fallback safeguards.

Transfer safeguards do not eliminate all risk. We also apply practical measures, such as limiting fields sent in events and using hashing for certain identifiers where supported.

8. Data Retention

We keep personal data only as long as necessary for the purpose it was collected, then delete or anonymize it unless a longer period is required by law.

• Contact submissions: up to 2 years from the last interaction, unless a longer period is needed to handle ongoing requests.
• Email correspondence: for the duration of the relationship plus 1 year, unless retention is required to document agreements or handle disputes.
• Server logs: typically up to 90 days, unless extended for security investigations.
• Analytics data: 14 months in analytics reporting retention settings (where enabled by consent).
• Marketing cookies: retained based on cookie lifetime (for example, 90 days for some identifiers) where enabled by consent.
• Cookie consent record: up to 3 years for audit purposes (stored as your consent cookie and related server-side records where applicable).
• Legal/tax records: where applicable, retained as required by law (often 6–10 years for invoices and related documentation).

9. Your Rights (GDPR & UK GDPR)

If you are in the EEA or UK, you have rights regarding your personal data, subject to legal limitations:

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)
• Right to withdraw consent at any time (Article 7(3))
• Right to lodge a complaint with a supervisory authority (Article 77)

To exercise your rights, email [email protected]. We aim to respond within 30 days. For complex requests, this can be extended by up to 60 additional days, as permitted by law.

Supervisory authority references (depending on your location):

• EU guidance: https://edpb.europa.eu
• United Kingdom (ICO): https://ico.org.uk
• Germany (BfDI): https://www.bfdi.bund.de
• France (CNIL): https://www.cnil.fr
• Poland (UODO): https://uodo.gov.pl
• Spain (AEPD): https://www.aepd.es

10. Children

This Website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that a child under 16 has provided personal data without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This Website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own DNT handling and opt-out mechanisms.

12. Account & Data Deletion Requests

The Website does not provide user accounts. If you would like us to delete personal data from a contact submission, email us with the subject line “Data Deletion Request” and include enough detail for us to identify your message (for example, the email address used and approximate date). We may request additional information to verify your identity before deleting data.

We aim to complete verified deletion requests within 30 days, unless we must retain certain records to meet legal obligations or to establish, exercise, or defend legal claims.

13. Business Transfers

If we undergo a merger, acquisition, financing, restructuring, insolvency event, or sale of some or all assets, personal data may be transferred as part of that transaction. If such a transfer materially changes how personal data is used, we will provide notice on the Website.

14. California (CCPA / CPRA)

This section applies to California residents to the extent the CCPA/CPRA applies to our processing. In the last 12 months, we may have collected the following categories of personal information:

• Identifiers: name (if provided), email address, IP address, cookie IDs.
• Internet or network activity: browsing interactions on the Website (if analytics/marketing consent is enabled).
• Inferences: interests or preferences inferred from content engagement (if marketing consent is enabled).

We do not sell personal information as defined by the CCPA. We may share personal information for cross-context behavioral advertising when Marketing Cookies are enabled. California residents may opt out of sharing for targeted advertising by using our cookie preferences panel (accessible via “Manage cookie preferences” in the footer).

California rights include: the right to know, the right to delete, the right to correct, the right to opt out of sale/sharing, and the right to non-discrimination. You can submit a request by emailing [email protected] with the subject “California Privacy Request”. We will verify your request as required by law. Authorized agents may submit requests with proof of authorization.

15. Virginia (VCDPA)

Virginia residents may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. To submit a request, email [email protected] with the subject “Virginia Privacy Request”.

We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects. If we decline a request, you can appeal by emailing us with the subject “Appeal of Refusal — Privacy Request”. We will respond to appeals within 60 days. If the appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in how the Website operates, the cookies used, or legal requirements. If changes are material, we will announce them via a notice on the Website at least 14 days before they take effect. The “Last Updated” date at the top shows when the policy was most recently revised.