Zum Hauptinhalt springen

Privacy Policy

1. Data Controller (Art. 13 (1)(a) GDPR)

ZertifikatDeutsch
[Address]
Email: [email protected]

2. Purpose of Data Processing (Art. 13 (1)(c) GDPR)

We process your personal data for the following purposes:

  • User account: Registration and login (email, username, password hash)
  • Exam administration: Storage of exam results and answers
  • Payment processing: Processing of purchases via Stripe (Stripe Inc.)
  • Access control: Management of unlocked premium exams

3. Legal Basis (Art. 6 GDPR)

  • Art. 6 (1)(a): Consent – By registering you agree to data processing
  • Art. 6 (1)(b): Performance of contract – To provide our services and process purchases
  • Art. 6 (1)(f): Legitimate interest – To improve our offering and prevent fraud

4. Recipients of Data (Art. 13 (1)(e) GDPR)

Your data is shared with the following third parties:

  • Stripe Inc. (Processor under Art. 28 GDPR) – Payment processing. Stripe processes payment data (credit card, SEPA) directly. We do not have access to your full payment data. Stripe is subject to EU standard contractual clauses.
    Stripe Privacy Policy

Stripe has no access to your exam results or answers.

5. Stored Data

Data categoryRetention period
User accountUntil deletion by the user
Exam resultsUntil account deletion
Purchase data10 years (statutory retention period)
GDPR consentUntil withdrawal + 3 years (proof obligation)

6. Your Rights (Art. 15–22 GDPR)

You have the following rights regarding your personal data:

  • Right of access (Art. 15): You can request information about your stored data
  • Right to rectification (Art. 16): You can request correction of incorrect data
  • Right to erasure (Art. 17): You can request deletion of your data. You can do this yourself under "My Account".
  • Data portability (Art. 20): You can export your data in a machine-readable format. You can do this yourself under "My Account".
  • Withdrawal of consent (Art. 7 (3)): You can withdraw your consent at any time. This will deactivate your account.
  • Right to complain (Art. 77): You have the right to lodge a complaint with a supervisory authority

To exercise your rights, please use the functions under "My Account" or contact us by email.

7. Cookies

This website uses the following cookies:

a) Technically necessary cookies:

  • Session token (JWT): For login and session management. Deleted when the browser closes. No consent required (§ 25 (2) TTDSG).
  • gdpr_consent: Stores your cookie consent. Duration: 1 year. No consent required.

b) Analytics cookies (only with your consent):

  • analytics_sid: Anonymous session identifier for analyzing website usage. Contains a randomly generated UUID. No IP addresses are stored. Duration: 30 minutes. Only set if you agreed in the cookie banner.

Purpose of analytics: We anonymously record which pages are visited and how long users stay on individual pages. This is solely used to improve our practice exercises and detect technical errors. No data is shared with third parties.

Legal basis: Art. 6 (1)(a) GDPR (consent) for analytics cookies, Art. 6 (1)(f) GDPR (legitimate interest) for technically necessary cookies.

You can withdraw your consent at any time:

8. Security

We use technical and organizational measures to protect your data:

  • Passwords are hashed with bcrypt (12 rounds)
  • Authentication via JWT tokens
  • HTTPS encryption
  • Rate limiting against brute-force attacks
  • Payment data is processed exclusively by Stripe (PCI DSS compliant)

Last updated: April 2026

Wir verwenden Cookies, um die Nutzererfahrung zu verbessern und unsere Website-Zugriffe zu analysieren. Sie können zustimmen oder ablehnen.