SuitePad Academy

Data protection information according to Art. 13 and 14 GDPR

We are pleased you are visiting our website. We want to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used.

This data protection declaration applies to the Internet offering of Suitepad GmbH, which can be accessed under the domain suitepad.thinkific.com and the various subdomains ("our website").

Who is responsible, and how do I contact you?

Responsible

for processing personal data within the meaning of the EU General Data Protection Regulation (GDPR)

Suitepad GmbH

Friedrichstrasse 224

10119Berlin

+49 30 319850000

[email protected]

Data Protection Officer

Data Solution LUD GmbH

[email protected]

What is it about?

This privacy policy complies with the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address, or user behavior when visiting a website. Information for which we cannot (or can only with disproportionate effort) establish a link to your person, e.g., through anonymization, is not personal data. Processing personal data (e.g., collection, retrieval, use, storage, or transmission) always requires a legal basis and a defined purpose.

Stored personal data are deleted as soon as the purpose of the processing has been achieved, and there are no legitimate grounds for further data retention. We will inform you in the individual processing operations about the specific storage periods or criteria for storage. Irrespective of this, we store your personal data in individual cases for the assertion, exercise, or defense of legal claims and if there are statutory retention obligations.

Who gets my data?

We only disclose your personal data that we process on our website to third parties if this is necessary to fulfill the purposes and is covered by the legal basis in the individual case (e.g., consent or safeguarding legitimate interests). In addition, we disclose personal data to third parties in particular circumstances if this serves the assertion, exercise, or defense of legal claims. For example, possible recipients may be law enforcement agencies, lawyers, auditors, courts, etc.

As we use service providers to operate our website, which processes personal data on our behalf within the scope of commissioned processing according to Art. 28 GDPR, they may be recipients of your personal data. You can find more information on the use of processors and web services in the overview of the individual processing operations.

Protection of minors

This service is mainly aimed at adults. We do not currently market any specific areas for children. Accordingly, we do not knowingly collect age-identifying or personal information from children under 16. However, we caution all visitors to our website under 16 not to disclose or provide personally identifiable information through our service. If we discover that a child under 16 has provided us with personal information, we will delete the child's personal information from our files to the extent technically possible.

What rights do I have?

• Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:

• Information according to Art. 15 GDPR about the data stored about you in the form of meaningful information about the details of the processing as well as a copy of your data;

• Correction according to Art. 16 GDPR of inaccurate or incomplete data stored by us;

• Deletion according to Art. 17 GDPR of the data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or the assertion, exercise or defense of legal claims;

• Restriction of processing according to Art. 18 GDPR, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data, and you object to their deletion because you need them for the assertion, exercise or defense of legal claims or you have objected to the processing according to Art. 21 GDPR.

• Data portability according to Art. 20 GDPR, insofar as you have provided us with personal data within the scope of consent according to Art. 6 (1) a GDPR or based on a contract according to Art. 6 (1) b GDPR and we have processed these with the help of automated procedures. You will receive your data in a structured, standard, and machine-readable format, or we will transfer the data directly to another responsible party insofar as this is technically feasible.

• Objection according to Art. 21 GDPR against processing your personal data, insofar as this is carried out based on Art. 6 Para. 1 lit. e, f GDPR and reasons for this arise from your particular situation, or the objection is directed against direct advertising. The right to object does not exist if overriding compelling legitimate grounds for the processing can be demonstrated, or the processing is carried out for the assertion, exercise, or defense of legal claims. Where the right to object does not exist for individual processing operations, this is indicated there.

• Revocation, according to Art. 7 (3) GDPR of your consent with effect for the future.

• Complain to a supervisory authority, according to Art. 77 of the GDPR if you believe processing your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work, or our company headquarters.

Security

We use technical and organizational security measures in accordance with Art. 32 GDPR to protect the data we have under our control against accidental or intentional manipulation, loss, destruction, or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments. Access to this data is only possible for a few authorized persons and persons with a special obligation to protect data involved in the technical, administrative, or editorial management of data.

For security reasons and to protect the transmission of confidential content you send to us as the site operator, our website uses SSL or TLS encryption. As a result, third parties cannot read the data you transmit via this website. You can recognize an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.

Change and update

We reserve the right to change, update or amend this privacy notice anytime. Any revised information on data processing will only apply to personal data collected or modified after the effective date.

Do we use cookies?

Cookies are small text files sent by us to the browser of your end device when you visit our website and are stored there. As an alternative to cookies, information can also be stored in your browser's local storage. Some functions of our website cannot be offered without cookies or local storage (technically necessary cookies). Other cookies, however, enable us to conduct various analyses to recognize the browser you use when you revisit our website and transmit multiple information (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you by tracking your use of our website and determining your preferred settings (e.g., country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.

We provide information about the services we use cookies in the individual processing operations.

How is my data processed in detail?

In the following, we inform you about the individual processing operations, the scope, and purpose of the data processing, the legal basis, the obligation to provide your data, and the respective storage period. An automated decision in individual cases, including profiling, does not occur.

Provision of the website

Nature and scope of the processing

When you call and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

• The IP address of the requesting computer

• Date and time of access

• Name and URL of the file accessed

• The website from which the access was made (referrer URL)

• Browser used and, if applicable, the operating system of your computer and the name of your access provider.

We do not host our website but by the service provider Thinkific Labs Inc. ("Thinkific"), Canada, which processes the data mentioned above on our behalf in accordance with Art. 28 of the GDPR.

Purpose and legal basis

The processing is carried out to protect our legitimate interest in displaying our website and guaranteeing security and stability based on Art. 6 (f) of the GDPR. Data collection and storage in log files are necessary for the website's operation. There is no right to object to the processing due to the exception under Art. 21 (1) GDPR. As further storage of log files is required by law, the processing is carried out based on Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data. However, calling our website is technically only possible by providing the data.

Storage period

The data mentioned above is stored for the duration of the website display and technical reasons for a maximum of 7 days.

User account registration

Nature and scope of the processing

When you register for the Academy on our website or the relevant courses, we collect the personal data you provide, such as your name and email address, as part of the registration process.

Purpose and legal basis

We process your data to provide you with a user account for the performance of a contract with you according to Art. 6 (1) lit. b GDPR. There is a contractual obligation to provide your data, as this information is required to identify you and fulfill the contract on our part. However, there is no legal obligation to provide the data. With the provision of this information, the registration of a user account and the conclusion of a contract is possible.

Furthermore, processing additional voluntarily provided information to provide further (comfort) functions is based on your consent, according to Art. 6 para. 1 lit. a GDPR. By deleting the voluntary information in the user account, you can declare your revocation at any time with effect for the future, according to Art. 7 (3) GDPR.

We use the CRM system of HubSpot Inc., 25 First Street, 2nd Floor, MA 02141 Cambridge, USA, to process your data for the implementation of contractual services as well as support services and, if appropriate, marketing activities. Corresponding agreements on order processing have been concluded with the service provider. HubSpot has committed itself to handling your transmitted data by data protection regulations. In addition, the service provider implements organizational and technical security measures to protect your data. The provider is a US company. You can find more information in Hubspot's Privacy Policy.

Storage period

We store your personal data as part of the provision of the user account for the duration of the contractual relationship. After the end of the contract/deletion of the user account, your data will only be stored further if legal retention obligations (e.g., tax and commercial law) exist.

The additional information you provide based on your consent will only be stored until you revoke your consent by deleting the data, but at the longest, until the end of the contract on which the user account is based.

CDNJS

Nature and scope of the processing

We use CDNJS to deliver the content on our website correctly. CDNJS is a service of Cloudflare, Inc., which acts as a content delivery network (CDN) on our website.

A CDN helps to provide content for our online offer, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Cloudflare, Inc., whereby your IP address and possibly browser data, such as your user agent, are transmitted. This data is processed solely for the purposes stated above and to maintain the security and functionality of CDNJS.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e., interest in a secure and efficient provision and the optimization of our online offer, according to Art. 6 para. One lit. f. DSGVO.

Storage period

The substantial storage period of the processed data cannot be influenced by us but is determined by Cloudflare, Inc. Further information can be found in the data protection declaration for CDNJS: https://www.cloudflare.com/privacypolicy/.

Google Ads

Nature and scope of the processing

We have integrated Google Ads on our website. Google Ads is a service Google Ireland Limited provides to display targeted advertising to users. Google Ads uses cookies and other browser technologies to analyze user behavior and recognize users.

Google Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of the advertising. Furthermore, Google Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identifiers, such as your user agent, are transmitted to the provider.

If registered with a Google Ireland Limited service, Google Ads can associate the visit with your account. Even if you are not registered with Google Ireland Limited or have not logged in, the provider may discover and store your IP address and other identification features.

In this case, your data will be passed on to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose and legal basis

The use of Google Ads is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Storage period

The concrete storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Ads: https://policies.google.com/privacy.

Google Analytics

Nature and scope of the processing

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of views of our online offer, visited subpages, and the length of stay of visitors.

Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users.

This information is used, among other things, to compile reports on website activity.

Purpose and legal basis

The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Storage period

The specific storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

Google CDN

Nature and scope of the processing

We use Google CDN to deliver the content of our website correctly. Google CDN is a service of Google Ireland Limited, which acts as a content delivery network (CDN) on our website.

A CDN helps deliver content from our website, particularly files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you connect to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data, such as your user agent, are transmitted. This data is processed exclusively for the above mentioned purposes to maintain the security and functionality of Google CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e., interest in a secure and efficient provision and optimization of our online offer, according to Art. 6 para. 1 lit. f. GDPR.

Storage period

The concrete storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google CDN: https://policies.google.com/privacy.

Google DoubleClick

Nature and scope of the processing

We have integrated components of DoubleClick by Google on our website. DoubleClick is a brand of Google, under which mainly unique online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transfers data to the DoubleClick server with each impression, click, or other activity.

Each data transfer triggers a cookie request to the data subject's browser. If the browser accepts this request, DoubleClick sets a cookie in your browser.

DoubleClick uses a cookie ID, which is required to process the technical procedure. For example, the cookie ID must advertise a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser to avoid the same placements. Furthermore, the cookie ID enables DoubleClick to record conversions. Conversions are recorded, for example, if a DoubleClick ad was previously displayed to a user and the user subsequently purchases on the advertiser's website using the same internet browser.

A DoubleClick cookie does not contain personal data but may include additional campaign identifiers. A campaign identifier serves to identify the campaigns with which you have already been in contact on other websites. As part of this service, Google obtains knowledge of data that Google also uses to generate commission statements. Besides, Google can track that you have clicked on certain links on our website. In this case, your data will be passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable data protection provisions of DoubleClick by Google can be found at https://policies.google.com/privacy.

Purpose and legal basis

We process your data with the help of the Double-Click cookie to optimize and display advertising based on your consent, according to Art. 6 para. 1 lit. A of the GDPR and Section 25 para. 1 of the TTDSG. You consent by setting the use of cookies (cookie banner / Consent Manager), with which you can also declare your revocation at any time with effect for the future by Art. 7 para. 3 GDPR. The cookie is used, among other things, to place and display user-relevant advertising, create reports on advertising campaigns, or improve them.

Furthermore, the cookie is used to avoid multiple displays of the same advertisement. Each time you call up one of the individual pages of our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the settlement of commissions. There is no legal or contractual obligation to provide your data. If you do not consent, visiting our website without restriction will be possible, but not all functions may be fully available.

Storage period

The concrete storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google DoubleClick: https://policies.google.com/privacy.

Google Fonts

Nature and scope of the processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offer. To obtain these fonts, you establish a connection to servers of Google, Ireland, whereby your IP address is transmitted.

Using Google Fonts is based on our legitimate interests, i.e., interest in a uniform provision and the optimization of our online offer.

Google reCAPTCHA

Nature and scope of the processing

We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service of Google Ireland Limited. It enables us to distinguish whether a contact request originates from a natural person or is automated using a program. When you access this content, you connect to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data, such as your user agent, are transmitted. Furthermore, Google reCAPTCHA records the user's browsing time and mouse movements to distinguish automated requests from human ones. This data is processed exclusively for the above mentioned purposes and to maintain the security and functionality of Google reCAPTCHA.

Purpose and legal basis

Google reCAPTCHA is based on your consent according to Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Storage period

The specific storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the data protection declaration for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.