Privacy Policy

Anjum Rauf
Viscardistr. 9, 82256 Fürstenfeldbruck, Germany
Email: info@de101.info

Protecting your personal data is important to me. This privacy policy explains how and for what purpose personal data is processed when you visit this website and when you use my language courses.

The domain de101.info is registered with IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany. DNS is also managed by IONOS. When the domain is accessed, technical connection data (e.g. IP address) may be processed there. Further information: ionos.de/terms-gtc/terms-privacy.

This website is primarily hosted and delivered via Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When the site is accessed, technically necessary server log files may be processed (e.g. IP address, date and time, requested URL, HTTP status, referrer, browser type and operating system). Transfers to the USA take place on the basis of the EU-US Data Privacy Framework and, in addition, the EU Standard Contractual Clauses. A data processing agreement under Art. 28 GDPR is in place with the provider. Vercel's privacy policy: vercel.com/legal/privacy-policy.

As a backup, the site can also be reached via the Lovable platform (Lovable AB, Stockholm, Sweden), where comparable technical log data may be processed. The legal basis for hosting is Art. 6(1)(f) GDPR (legitimate interest in reliably providing the website). Lovable's privacy policy: lovable.dev/privacy.

Form submissions (contact requests, enrolment applications, course interest registrations), the related stored records, the administrative login used to manage these submissions, and the server-side functions that send transactional emails are operated via Supabase, provided by Supabase Inc. A data processing agreement under Art. 28 GDPR is in place with the provider. When you submit a form, Supabase processes the data you enter together with technical metadata such as timestamp and, depending on the request, IP address. Technical frontend and server errors may also be logged in Supabase for security, troubleshooting and service reliability; these logs are limited to operational details such as error message, page path and user agent where applicable. The administrative interface is protected by email/password authentication; only authorised administrators have access. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures / performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in operating, securing and improving the service). Supabase's privacy policy: supabase.com/privacy.

Notification emails to me as well as confirmation emails to you (for example after submitting the contact form, an enrolment application or a course interest registration) are sent via Resend, provided by Resend, Inc., USA. For this purpose, Resend processes the recipient address, the sender address, the subject line, the email content and technical delivery metadata. Transfers to the USA take place on the basis of the EU-US Data Privacy Framework and, in addition, the EU Standard Contractual Clauses. A data processing agreement under Art. 28 GDPR is in place with the provider. Legal basis: Art. 6(1)(b) GDPR (performance of a contract / pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in reliable email delivery). Resend's privacy policy: resend.com/legal/privacy-policy.

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the lock icon in your browser's address bar and the "https://" prefix.

This website offers three forms:

• Contact form: name, email address and your message.
• Enrolment application: name, email address, phone number (optional), the desired course, current language level (optional), preferred start date (optional) and motivation/notes.
• Course interest registration: email address, the course you are interested in, and optionally your name, preferred start and a short message.

The data you provide is processed in order to handle and respond to your enquiry or application. Storage takes place in the backend described in section 5; the corresponding notification and confirmation emails are sent via the provider described in section 6.

To protect these forms from automated abuse, I use Cloudflare Turnstile, provided by Cloudflare, Inc., USA. Turnstile checks whether a form submission is likely to come from a human user and may process technical data such as IP address, browser and device information, interaction data and the page on which the widget is used. Legal basis is Art. 6(1)(f) GDPR (legitimate interest in securing the forms and preventing spam). Cloudflare's privacy policy: cloudflare.com/privacypolicy.

My mailbox info@de101.info is operated via Zoho Mail (Zoho Corporation B.V., Hoofddorp, Netherlands) in an EU data centre. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures or performance of a contract) and, for general enquiries, Art. 6(1)(f) GDPR (legitimate interest in answering your enquiry). Your data will be deleted as soon as it is no longer required for this purpose and no statutory retention obligations apply.

Lessons take place, depending on the arrangement, via video conferencing services such as Zoom (Zoom Video Communications, Inc., USA), Google Meet (Google Ireland Ltd., Ireland) or Microsoft Teams (Microsoft Ireland Operations Ltd., Ireland). When using these services, personal data (e.g. name, email address, IP address, and possibly audio and video during the session) is processed by the respective provider. Recordings are only made with your explicit consent. The legal basis is Art. 6(1)(b) GDPR (performance of a contract). For providers based in or processing data in the USA, transfers take place on the basis of the EU-US Data Privacy Framework and the EU Standard Contractual Clauses.

If you sign up for my newsletter, I use the email address you provide to send you regular information about courses, learning tips and offers. Sign-up uses a double opt-in procedure. The legal basis is your consent under Art. 6(1)(a) GDPR. You can unsubscribe at any time using the unsubscribe link in any email or by sending me a message. Delivery uses the same transactional email infrastructure as described in section 6.

This website uses locally hosted fonts that are delivered directly from the website's server. No connection to external font providers (such as Google Fonts) is intentionally established.

On this website I use Google Tag Manager provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Tag Manager itself is used solely to manage and load other tags (currently Google Analytics 4 and Microsoft Clarity).

Google Analytics 4 uses cookies and similar technologies to analyse how the website is used (e.g. page views, approximate location, device and browser data, interaction events). According to Google, IP addresses are truncated before storage.

A transfer of personal data to Google LLC in the USA cannot be excluded. Such transfers take place on the basis of the EU-US Data Privacy Framework and, in addition, the EU Standard Contractual Clauses.

I additionally use Microsoft Clarity, a behaviour analytics service provided by Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (parent company: Microsoft Corporation, USA). Clarity uses cookies and similar technologies to create pseudonymised session recordings (mouse movement, clicks, scrolls), heatmaps and page performance metrics so that I can understand how the site is used and improve it. According to Microsoft, sensitive input fields are masked by default and keystrokes in input fields are not used for analytics purposes. A transfer of personal data to Microsoft Corporation in the USA cannot be excluded; such transfers take place on the basis of the EU-US Data Privacy Framework and the EU Standard Contractual Clauses.

The legal basis for using Google Tag Manager, Google Analytics and Microsoft Clarity is your consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG. These services are only loaded after your active consent via the consent banner. You can withdraw your consent at any time with effect for the future via the "Cookie settings" link in the footer.

For more information please see the Google Privacy Policy and the Microsoft Privacy Statement.

To manage your consent for optional services I use the open-source consent tool Klaro. Klaro is delivered from this website's own infrastructure. Klaro stores your selection in a local cookie named "klaro" with a lifetime of up to 180 days. The legal basis for using Klaro is Art. 6(1)(f) GDPR and § 25(2) No. 2 TDDDG (storage access strictly necessary to implement your selection).

You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR) and to object to processing (Art. 21 GDPR). You can withdraw any consent you have given at any time with effect for the future (Art. 7(3) GDPR). To exercise your rights, an informal message to the contact details above is sufficient.

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for me is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

I reserve the right to amend this privacy policy so that it always complies with current legal requirements or to reflect changes to my services. The current version applies on each subsequent visit.