Privacy Policy for our Membership Platform

Preamble

Data protection is important to us and your trust is our highest priority. We therefore always treat your personal data confidentially and naturally comply with all relevant statutory data protection regulations. We therefore only process your personal data if this is permitted by law or if you have given us your consent to do so.

In this Privacy Policy you will be informed about:

  • What information about visitors to our Membership Platform shall be collected and evaluated.
  • Whether and how this information shall be processed, passed on and otherwise processed by us.

This declaration applies to all information that shall be provided when using our Membership Platform via any of these websites or by the user:

It does not apply to other websites or offers.

1. Controller

Easy Languages GmbH
Represented by Carina Schmid
Torstr. 85
Einheit 80
10119 Berlin
Germany

Email: info@easy-languages.org

2. Data Protection Officer

Dr. Jochen Notholt
Lindwurmstr. 10
80337 München

Email: dsb@comp-lex.de

3. SSL or TLS encryption

These pages use SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data that you transfer to us cannot be read by third parties.

4. Data processing when accessing our Membership Platform

When you access our Membership Platform, unless you register or otherwise transfer information to us, we only collect the personal data that your browser transfers to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you. The legal basis for this processing is Article 6 para. 1 sentence 1 lit. f GDPR:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (in concrete terms)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

Hosting

Our Membership Platform will be hosted by Seedlang, Inc., 2093 Philadelphia Pike, #9846, Claymont, DE 19703, USA.

It is possible that personal data may be transferred to the USA, a third country. Seedlang has been certified in accordance with the Data Privacy Framework. In July 2023, the EU Commission adopted an adequacy decision on this framework. The adequacy decision is therefore the legal basis for the transfer in accordance with Art. 45 GDPR. Find out more about the Data Privacy Framework (DPF) program and certification at https://www.dataprivacyframework.gov/.

We have concluded an order processing contract with Seedlang in accordance with Article 28 GDPR.

Google Fonts

We also use fonts from Google Fonts on our website. Google Web Fonts are installed locally. There is no connection or data transfer to Google servers.

5. Cookies

Some of the Membership Platform pages use cookies. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They shall be deleted automatically at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services in accordance with Article 6 para. 1 lit. f GDPR.

6. Plugins

YouTube-Videos

Content from YouTube is integrated into our Membership Platform. The provider of the YouTube video platform is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. The parent company is: Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

YouTube is an Internet video portal that enables video publishers to upload video clips for other users free of charge, including commenting on the videos.

Each time one of the individual pages of our website on which YouTube plug-ins are integrated is accessed, the YouTube plug-in shall be downloaded by the visitor's Internet browser.

YouTube and Google receive information about the subpages visited on our website.

We have deactivated the connection to YouTube. A connection shall only be established with the express consent of the user in accordance with Article 6 para. 1 lit. a GDPR.

If the Data Subject is logged in to YouTube at the same time, YouTube can assign this information to the Data Subject's respective account on the YouTube social media platform. If the Data Subject presses a button integrated on our website, e.g. if you activate the "Like" button, YouTube also links this to the user account and stores this data.

If the Data Subject does not want this information to be transferred to YouTube, they must ensure that they log out of their YouTube account before accessing our website.

More about data processing by YouTube here: https://www.google.com/intl/en/policies/privacy/; https://www.youtube.com/yt/about/en/

7. Data processing when using the Membership Platform

When you use our Membership Platform, we process additional personal data. A detailed description of the respective data and an explanation of how we process it is provided below.

The personal data shall be collected on the basis of the existing contract for the service in accordance with Article 6 para. 1 lit. b) GDPR. Full use of the service is not possible without the collection of the above-mentioned registration data.

The other personal data shall be collected and processed on the basis of our legitimate interest in accordance with Article 6 para. 1 lit. f GDPR or on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can object to the collection of this data at any time without this resulting in any disadvantages for you.

If you decide to use the application, you must create an account.

7.1. Registration

You can register for our Membership Platform. When you register, we store the following data:

  • Surname, first name
  • E-Mail-Adress

The personal data required here is mandatory information without which we cannot provide you with the Membership Platform. The legal basis for this is Article 6 para. 1 sentence 1 lit. b GDPR in connection with the free-of-charge user contract between you and HC.

7.2. Creating a profile

You can enter various information in your profile when using the Membership Platform.

You can optionally add a profile picture to your profile, as well as the time zone and/or your native language. This is generally not required to use the platform. As the collection of data is voluntary, reference shall be made to Article 6 para. 1 sentence 1 lit. a GDPR. You can remove your picture from your profile at any time.

8. Notifications

We send notifications to users of the Membership Platform. For example, to share news or draw attention to new content.

We use the service Bird (formerly Sparkpost) of the provider MessageBird USA Inc, 4701 SangamoreRoad, Suite 100N-139, Bethesda MD 20816, USA for this purpose.

Your email address shall be processed for this purpose. Personal data shall be transferred to the USA and processed there. MessageBird USA Inc. has certified itself according to the EU-US Data Privacy Framework. The data transfer is based on the EU Commission's adequacy decision of 2023.

These notifications shall only be sent to you with your consent; the legal basis is Article 6 (1) lit. a GDPR. The legal basis for the collection of data such as timestamp, push token and device ID is Art. 6 (1) lit b GDPR.

More information about data processing by MessageBird here: https://bird.com/de/legal/privacy#5-international-transfer-of-personal-data

9. Comment functions

In certain areas, users have the option of leaving comments. These comments are linked to the account name and are also visible to other users. The comments shall be moderated by us. Use of the comment functions is voluntary. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR, so that we can offer this function to users who use it.

10. Analysis and tracking tools

Amplitude

We collect usage data to improve our services:

  • Number of registrations
  • Number of times the individual worksheets were accessed and edited

Our hoster Seedlang uses the analysis and tracking tool Amplitude from the service provider Amplitude; Headquarters: Amplitude Inc., 201 3rd Street, Suite 200, San Francisco, CA 94103 USA.

The data will be transferred to the USA and processed there. Cloudflare has certified itself in accordance with the EU-US Data Privacy Framework. The data transfer therefore takes place on the basis of the EU Commission's adequacy decision, Article 49 GDPR.

The processing of personal data is only carried out by our consent management tool on the basis of consent in accordance with Article 6 para. 1 lit. a GDPR.

This data shall be evaluated anonymously in statistics. We ourselves only receive the anonymized data from Seedlang and have no access to the underlying personal data.

More about data processing by Amplitude: https://amplitude.com/privacy

11. Data transfer to advertising providers

We do not pass on any personal data of our users to third parties for advertising purposes.

12. Data transfer to other users of our Membership Platform via Discord

Our users have the opportunity to register with Discord in order to discuss or exchange information with other users of the Membership Platform. Discord is an online service for instant messaging, chat, voice conferencing and video conferencing. The provider is Discord Inc, 444 de Haro Street, Suite 200, San Francisco, CA 94107, USA

Discord acts as its own Controller when users register. For further information on data processing by Discord, see here: https://discord.com/privacy

13. CDN - Cloudflare

We use the content delivery network of Cloudflare Inc. (101 Townsend St., San Francisco, CA 94107, USA) to make the services on our websites faster and more secure. Cloudflare processes personal data such as the IP address, All data that Cloudflare collects shall be cleansed of personal data or anonymized in the logs,

The processing of data by Cloudflare, or the use of Cloudflare on our pages, is based on your express consent, Article 6 para. 1 lit. a GDPR. Furthermore, we have a legitimate interest in optimizing our services on these pages, Art. 6 para. 1 lit f GDPR.

The data will be transferred to the USA and processed there. Cloudflare has certified itself in accordance with the EU-US Data Privacy Framework. The data transfer therefore takes place on the basis of the EU Commission's adequacy decision, Article 49 GDPR.

More about the processing by Cloudflare here: https://www.cloudflare.com/de-de/trust-hub/privacy-and-data-protection/

14. Crash analysis by Sentry

We use the Sentry service from the provider Funktional Software Inc; 132 Hawthorne Street, San Francisco, CA 94107 USA, to monitor and rectify crashes in order to ensure the technical stability of the website.

For this service, Sentry processes the IP address, device and browser information, among other things. The processing is carried out on our assignment. We have concluded a data processing agreement with Sentry.io. The legal basis for the processing is our legitimate interest in a technically stable website, Article 6 para. 1 lit. f GDPR.

Data processing takes place in the USA. Sentry.io is certified in accordance with the EU-US Data Privacy Framework. The data transfer to the USA is therefore based on the adequacy decision of the EU Commission, Article 49 GDPR.

More about data processing by Sentry.io here: https://sentry.io/privacy/?tid=331714484078#data-retention

15. Processing of your data for contract processing

If you are or shall become our customer, we process data from you that may have a personal reference as part of the processing of your assignment. The processed data includes master data (e.g. names and addresses), contact data (e.g. e-mail addresses and telephone numbers), contract data (e.g. services used, contract content, contractual communication, names of contact persons and information on the products ordered and delivered via the platform) and payment data (e.g. your bank details, payment history).

This data shall be required by us to fulfill the contract. If this includes personal data, the processing is carried out on the basis of Article 6 para. 1 lit. b GDPR.

In principle, the data is deleted as soon as it is no longer required to achieve the stated purpose; Article 17 para. 1 lit. a GDPR. All data processed for contractual purposes is required for dealing with any warranty and comparable duties for at least the duration of the respective warranty obligation. The necessity of retaining the data shall be reviewed every three years.

16. Payment processing for the use of the Membership Platform

You have the discretion to choose between different payment methods. We use various service providers for payment processing.

The legal basis for the transfer of your data is your consent Article 6 (1) lit. a GDPR and the processing for contract processing Article 6 (1) lit. b GDPR.

Stripe Payment

Our payment service provider, Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland ("Stripe"), is responsible for the execution and thus the collection, processing and storage of electronic payment transaction data. Via Stripe it is possible to offer various payment methods, such as credit card payments or direct debit.

For each payment transaction, Stripe receives data for processing the electronic payment transaction, such as the information you provided during the ordering process, along with information about your order (name, address, account number, bank code, credit card number, invoice amount, currency and transaction number). The processing of your data by Stripe is necessary for payment processing and thus for contract processing. The legal basis for this is Article 6 para. 1 sentence 1 lit. b GDPR. This data shall be deleted after expiry of the statutory retention obligations. Stripe processes your personal data on our behalf and in accordance with our instructions as a so-called processor pursuant to Article 28 GDPR.

The service provider Stripe used by us in this context, which processes personal data for us on our behalf and within the scope of our instructions as a so-called Processor in accordance with Article 28 GDPR, transfers data to affiliated companies in the USA. Stripe Inc has certified itself in accordance with the EU-US Data Privacy Framework. https://stripe.com/at/legal/data-privacy-framework. The data transfer takes place on the basis of the EU Commission's adequacy decision on this framework in accordance with Article 49 GDPR.

More about data processing by Stripe here: https://stripe.com/at/privacy#8-lokalspezifische-bestimmungen

17. Processors

In order to fulfill our contractual duties, we rely on the services of carefully selected third parties who process the data on our assignment. In each case, these are Processors with whom we have concluded an agreement in accordance with Article 28 GDPR. In addition, we naturally ensure in advance that our Processors comply with all data protection regulations so that your data is always secure.

18. Data transfer to third countries

We only process your personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) if it is necessary for the fulfillment of our (pre)contractual duties (pursuant to Article 6 para. 1 lit. b GDPR), on the basis of your consent (pursuant to Article 6 para. 1 lit. a GDPR), on the basis of a legal obligation (pursuant to Article 6 para. 1 lit. c GDPR) or on the basis of our legitimate interests (pursuant to Article 6 para. 1 lit. f GDPR). The same applies to processing by third parties on our assignment, the disclosure of your personal data to third parties and their transfer to third parties.

Subject to legal or contractual authorizations, we process or have the data processed in a third country only if the special requirements of Article 44 et seq. GDPR are met. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

19. Deletion of personal data

In addition to the deletion of your data by the system as described above, your data may be deleted if you actively delete your account.

Furthermore, your account may be deactivated and subsequently deleted if you have not used it for a longer period of time and, based on our experience, we cannot expect you to use it again.

20. Automated decision-making including profiling

The data we collect here shall be used to generate a personalized and customized offer for you. However, this is not automated decision-making in accordance with Article 22 GDPR, as this does not have any legal effect on you. Nevertheless, we would like to inform you about this as transparently as possible.

21. Data subject rights for users of the Membership Platform and visitors to the websites

You have the right:

  • to request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
  • in accordance with Article 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored by us;
  • to request the deletion of your personal data stored by us in accordance with Article 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • to demand the restriction of the processing of your personal data in accordance with Article 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Article 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer to another Controller;
  • to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

22. Rights of revocation and objection

22.1. Revocation of consents granted

If we process your personal data on the basis of a consent given by you in accordance with Article 6 para. 1 lit. a GDPR, you have the right to revoke any consent you may have given us in accordance with Art. 7 para. 3 GDPR with effect for the future.

If you wish to make use of your right of withdrawal, you can inform us by e-mail to privacy@easy-languages.org. Alternatively, you can also use the contact details provided in section 2 above.

22.2. Objection to processing on the basis of legitimate interest

If we process your personal data on the basis of our legitimate interests in accordance with Article 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which shall be implemented by us without specifying a particular situation.

If you wish to exercise your right to object, you can inform us by sending an email to privacy@easy-languages.org. Alternatively, you can also use the contact details provided in section 2 above.

23. Safety measures

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security measures include in particular the encrypted transmission of data between your browser and our server.

24. Changes to this Privacy Policy

We reserve the right to amend our Privacy Policy if this should be necessary due to new technologies or changes to our data processing processes or in order to adapt it to changes in the legal situation applicable to us. However, this only applies to this Privacy Policy. If we process your personal data on the basis of your consent or if parts of the Privacy Policy contain provisions of the contractual relationship with you, any changes will only be made with your consent.

You can view the current version of our Privacy Policy at https://www.easy-languages.org/membership/privacy.

Change History