Legal

Privacy Policy

Information pursuant to Art. 13 and 14 GDPR about the processing of your data on studienkolleg.org.

Updated: Jan 25, 2026
Imprint Privacy

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Henry van de Vorming
c/o AutorenServices.de
Birkenallee 24
36037 Fulda
Germany

Email: [email protected]

2. Overview of Data Processing

Studienkolleg.org is a purely informational website. We only process personal data to the extent necessary for providing the website and its functions. The following types of data may be affected:

  • Usage data – pages visited, access times, referrer URLs
  • Meta/communication data – IP addresses (anonymised), device and browser information
  • Contact data – email address, if you contact us

There is no registration, no login, and no sale of products or services through this website. No data is transferred to third countries outside the EU/EEA unless explicitly stated below.

3. Legal Bases

We process personal data on the basis of the following legal grounds under the GDPR:

  • Art. 6(1)(a) GDPR – Consent of the data subject
  • Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual measures
  • Art. 6(1)(f) GDPR – Legitimate interests (e.g. security and optimisation of the website)

Where cookies or comparable technologies are used, their permissibility is additionally governed by § 25 TDDDG (German Telecommunications Digital Services Data Protection Act, formerly TTDSG).

4. Security Measures

We implement technical and organisational measures in accordance with Art. 32 GDPR to ensure a level of protection appropriate to the risk. These include in particular:

  • Encrypted data transmission via HTTPS/TLS
  • Regular review of security measures
  • Access control and minimisation of processed data

5. Hosting

This website is hosted by Netlify, Inc. (44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA). When you visit our website, connection data (e.g. IP address, time of access) is automatically collected by Netlify and stored in server log files.

Netlify is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection. For more information, please see the Netlify Privacy Policy.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the reliable provision of the website).

6. Access Data & Server Log Files

Each time you access our website, the following data is automatically collected and temporarily stored in server log files:

  • IP address of the requesting device
  • Date and time of access
  • Requested URL and HTTP status code
  • Amount of data transferred
  • Referrer URL (previously visited page)
  • Browser type and version, operating system

This data is used exclusively to ensure smooth operation and to improve our services, and is deleted after no more than 30 days. No identification of individual persons takes place.

Legal basis: Art. 6(1)(f) GDPR.

7. Cookies & Storage Technologies

This website does not use tracking cookies. We only employ technically necessary storage technologies:

  • Local Storage – To save user preferences (e.g. dark mode setting, language preference)
  • Service Worker Cache – For offline functionality and faster page loading

These technologies are strictly necessary for the functionality of the website and are not used for tracking. Consent is not required for these pursuant to § 25(2)(2) TDDDG.

Legal basis: § 25(2)(2) TDDDG in conjunction with Art. 6(1)(f) GDPR.

8. Web Analytics Tools

To analyse website usage and improve our services, we use the following privacy-friendly analytics tools:

a) Plausible Analytics

We use Plausible Analytics (Plausible Insights OÜ, Tallinn, Estonia). Plausible is a privacy-friendly analytics tool that uses no cookies and collects no personal data. No IP addresses are stored or shared with third parties. All data is processed on servers within the EU.

Plausible only collects aggregated, anonymous usage statistics (page views, referrers, device type, country). It is not possible to identify individual users.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in analysing website usage). Consent is not required as no personal data is processed.

More information: plausible.io/data-policy

b) Umami Analytics

We use Umami (Umami Software, Inc.). Umami is a privacy-friendly, open-source analytics tool that does not set cookies and does not store personal data. IP addresses are not stored. All data is collected in a fully anonymised manner.

Only aggregated statistics are collected (page views, time on site, referrers, device type). It is not possible to identify individual persons.

Legal basis: Art. 6(1)(f) GDPR. Consent is not required.

More information: umami.is/privacy

c) PostHog

We use PostHog (PostHog, Inc.) for product analytics. PostHog helps us understand how the website is used and improve the user experience. The following data may be collected:

  • Anonymised usage data (page views, click paths, time on site)
  • Device information (browser type, screen size, operating system)
  • Approximate location (country level, based on anonymised IP)

We have configured PostHog so that IP addresses are not stored in full. No tracking cookies are set. Data is processed on servers within the EU (Frankfurt).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the analysis and optimisation of the website).

More information: posthog.com/privacy

9. Contact

If you contact us by email, the data you provide (email address, possibly your name, message content) will be stored by us in order to respond to your enquiry. We delete the data collected in this context once storage is no longer necessary, or restrict processing where statutory retention obligations apply.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

10. Rights of Data Subjects

As a data subject, you have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR) – You may request information about the data we process about you.
  • Right to rectification (Art. 16 GDPR) – You may request the correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR) – You may request the deletion of your data, provided no statutory retention obligations apply.
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR) – You may object at any time to the processing of your data based on Art. 6(1)(f) GDPR.
  • Right to withdraw consent (Art. 7(3) GDPR) – Any consent given may be withdrawn at any time with effect for the future.

To exercise your rights, please contact: [email protected]

Right to lodge a complaint with a supervisory authority

If you believe that the processing of your personal data infringes the GDPR, you have the right under Art. 77 GDPR to lodge a complaint with a data protection supervisory authority. You may contact the supervisory authority of your place of residence, your workplace, or the place of the alleged infringement.

11. Changes to This Privacy Policy

We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to reflect changes to our services. The new privacy policy will apply to any subsequent visit.