Data protection

1. Data Protection at a Glance

​

General Information

​

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data refers to all data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

​

Data Collection on This Website

​

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. Their contact details can be found in the section “Notice Regarding the Responsible Party” in this privacy policy.

 

How do we collect your data?

On one hand, your data is collected by you providing it to us. This can include data you enter in a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This mainly includes technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

 

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data is also processed for contract offers, orders, or other service requests.

​

What rights do you have regarding your data?

You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of processing your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time with questions about data protection.

​

2. Hosting

​

We host the content of our website with the following providers:

​

Strato

Provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (“Strato”). When you visit our website, Strato collects various log files including your IP address.

Further information can be found in Strato's privacy policy: https://www.strato.de/datenschutz/.

The use of Strato is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website possible. If consent has been requested, processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by the TDDDG. Consent can be revoked at any time.

​

Data Processing Agreement
We have entered into a Data Processing Agreement (DPA) for the use of the above service. This is a legally required contract ensuring that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

 

WIX

Provider is Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (“WIX”).

WIX is a tool for creating and hosting websites. When you visit our website, WIX analyzes user behavior, visitor sources, the region of website visitors, and visitor numbers. WIX stores cookies in your browser that are necessary for website functionality and security (essential cookies).

The data collected via WIX may be stored on various servers worldwide, including in the USA.
Details can be found in WIX’s privacy policy: https://de.wix.com/about/privacy.

Data transfers to the USA and other third countries are based on EU Standard Contractual Clauses or equivalent guarantees per Art. 46 GDPR. Details are available here: https://de.wix.com/about/privacy-dpa-users.

The use of WIX is based on Art. 6(1)(f) GDPR. If consent has been obtained, processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.
The company is certified under the “EU-US Data Privacy Framework” (DPF), a framework ensuring compliance with European data protection standards for processing in the USA. Further information: https://www.dataprivacyframework.gov/participant/5626.

​

Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) for the use of the above service. This ensures personal data is processed only under our instructions and in compliance with the GDPR.

​

3. General Notes and Mandatory Information

​

Data Protection

The operators of this site take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.

When you use this website, various personal data is collected. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this happens.

We point out that data transmission on the internet (e.g., communication by e-mail) can have security gaps. A complete protection of data from access by third parties is not possible.

​

Notice Regarding the Responsible Party

The responsible party for data processing on this website is:
Pioneer Education GmbH
Alt-Lichtenrade 41 F
12305 Berlin, Germany

Commercial Register: HRB 239767 B
Register Court: Amtsgericht Berlin Charlottenburg
Managing Director: Lars van der Leeuw-Holtvoeth
Phone: 030 5561 8600
Email: info@pioneereducation.de

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, e-mail addresses, etc.).

 

Storage Duration

Unless a more specific storage duration has been stated within this privacy policy, your personal data will remain with us until the purpose for the data processing ceases to apply. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will occur after these reasons no longer apply.

General Legal Basis for Data Processing on This Website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data under Art. 9(1) GDPR are processed. If you have expressly consented to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to your device (e.g., via device fingerprinting), processing is also based on § 25(1) TDDDG. Consent can be withdrawn at any time. If your data is required for contract performance or pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Data may also be processed based on our legitimate interest under Art. 6(1)(f) GDPR or legal obligation under Art. 6(1)(c) GDPR. Further legal bases are explained in subsequent sections.

​

Recipients of Personal Data

As part of our business operations, we work with various external parties, and this may involve the transfer of personal data to them. Such transfers occur only where necessary for contract performance, legal obligation (e.g., tax authorities), legitimate interest under Art. 6(1)(f) GDPR, or another legal basis permits the transfer. In cases involving processors, we only share data based on a valid data processing agreement.

​

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may revoke any consent at any time. The lawfulness of processing prior to revocation remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THOSE PROVISIONS. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING FOR SUCH MARKETING, INCLUDING PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

​

Complaint Rights with the Supervisory Authority

In the event of a violation of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement. This right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

​

Right to Data Portability

You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract in a commonly used, machine-readable format, or to have it transferred to another controller. Where technically feasible, you also have the right to have the data transferred directly to another controller.

​

Right to Access, Rectification, and Erasure

Within the scope of applicable legal provisions, you have the right at any time to free access to your stored personal data, its origin and recipients, and the purpose of data processing. You also have the right to request the correction or deletion of this data. You can contact us at any time with questions about personal data.

​

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction applies in the following cases:

• If you contest the accuracy of your personal data stored by us, we usually need time to verify this. During the verification period, you have the right to request the restriction of processing.

• If the processing of your data is unlawful, you may request restriction instead of deletion.

• If we no longer need your personal data, but you need it for the establishment, exercise, or defense of legal claims, you may request restriction instead of deletion.

• If you have objected to processing pursuant to Art. 21(1) GDPR, a balancing of interests must take place. Until it is determined whose interests prevail, you have the right to restrict processing.
  If processing has been restricted, such data may only be processed – apart from its storage – with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content (e.g., orders or inquiries). You can recognize an encrypted connection by the browser address changing from "http://" to "https://" and the lock icon in your browser line.
When SSL or TLS encryption is active, the data you transmit to us cannot be read by third parties.

Encrypted Payment Transactions on This Website
If, after concluding a contract requiring payment, you are obligated to transmit your payment data to us, this data is required for payment processing.

Payment transactions via common payment methods (Visa/MasterCard, direct debit) are made exclusively via encrypted SSL or TLS connections. You can recognize an encrypted connection by the browser address line changing to "https://" and the lock icon.

With encrypted communication, your payment data cannot be read by third parties.

​

4. Data Collection on This Website

​

Cookies

Our website uses so-called "cookies." Cookies are small data packets that do no harm to your device. They may be stored temporarily (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored until you delete them or they are automatically removed by your browser.

Cookies can originate from us (first-party cookies) or from third-party companies (third-party cookies), allowing certain services from third parties (e.g., payment processing) to be integrated.
Cookies serve various functions. Some are technically essential, ensuring that website functions (e.g., shopping cart, video display) work correctly. Others are used for user behavior analysis or marketing.
Cookies essential for electronic communications, for features you want (e.g., shopping cart), or for site optimization (e.g., audience measurement) are stored under Art. 6(1)(f) GDPR unless another legal basis is stated. If consent has been requested, processing is based solely on consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent can be revoked at any time.

You can set your browser to notify you about cookie use, allow cookies only in certain cases, exclude cookies in general, or automatically delete cookies when closing the browser. Disabling cookies may limit the website’s functionality.

Which cookies and services are used can be found in this privacy policy.

​

Contact via Email, Phone, or Fax

If you contact us via email, telephone, or fax, your request and associated personal data (name, request) will be stored and processed for the purpose of handling your inquiry. We do not share this data without your consent.

Processing is based on Art. 6(1)(b) GDPR if your request is related to a contract or pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively processing inquiries (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR), if requested. Consent can be revoked at any time.

Your data from inquiries remains with us until deletion is requested, consent is withdrawn, or the purpose ceases to apply. Statutory retention requirements remain unaffected.

​

Registration with Google

Instead of registering directly, you can register using Google. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

To register with Google, you only need your Google username and password. Google will verify your identity and confirm it to our website.

Depending on your Google privacy settings, we may use certain information from your Google account to complete your profile. You control which data is shared via your settings:

​

https://myaccount.google.com/security and https://myaccount.google.com/permissions.
Data processing for Google registration is based on our legitimate interest in offering a simple registration process (Art. 6(1)(f) GDPR). The use is voluntary, and users control access, so no overriding rights are affected.

The company is certified under the "EU-US Data Privacy Framework." More information: https://www.dataprivacyframework.gov/participant/5780.

​

5. eCommerce and Payment Providers

​

Processing Customer and Contract Data

We collect, process, and use personal customer and contract data for establishing, structuring, and changing contractual relationships. Usage data is processed only as necessary for providing or billing the service. The legal basis is Art. 6(1)(b) GDPR.

Collected customer data is deleted after contract completion or termination of the business relationship, unless statutory retention periods apply.

​

Data Transfer for Online Shops, Merchants, and Shipping

When you order goods, we pass your personal data to the delivery company and the payment provider as necessary for fulfillment. Only essential data is transferred.

Legal basis: Art. 6(1)(b) GDPR. If you consent under Art. 6(1)(a) GDPR, we may share your email with the delivery provider to inform you of the shipment status. Consent can be withdrawn at any time.

​

Data Transfer for Services and Digital Content

We share personal data with third parties only if required for contract fulfillment (e.g., to your bank).
No further data sharing occurs unless expressly consented. No data is shared for advertising purposes without your consent.
Legal basis: Art. 6(1)(b) GDPR.

​

Payment Services

We integrate payment services from third-party companies. When you make a purchase, your payment data (e.g., name, amount, bank or card details) is processed by the payment provider. Their respective contractual and privacy policies apply.

Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR (secure and smooth payment). Where required, Art. 6(1)(a) GDPR applies. Consent can be withdrawn at any time.

We use the following payment providers:

• PayPal: PayPal (Europe) S.à.r.l. et Cie, S.C.A., Luxembourg. Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

• Apple Pay: Apple Inc., USA. Privacy policy: https://www.apple.com/legal/privacy/de-ww/.

• Google Pay: Google Ireland Limited. Privacy policy: https://policies.google.com/privacy.

• Stripe: Stripe Payments Europe, Ltd., Ireland. Privacy policy: https://stripe.com/de/privacy.

• Mastercard: Mastercard Europe SA, Belgium. Privacy: https://www.mastercard.de/de-de/datenschutz.html.

• VISA: Visa Europe Services Inc., UK. Privacy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

6. Audio and Video Conferencing

​

Data Processing

We use online conferencing tools to communicate with clients. The tools collect data you provide (e.g., email, phone), meeting duration, timestamps, participants, and metadata.

They also collect technical data (IP, MAC address, device ID/type, OS, client version, camera, mic, etc.).
Content shared via the tool (recordings, chats, files, whiteboards, etc.) is stored on the tool provider’s servers.

We have limited control over the providers’ data processing. Refer to their privacy policies.

​

Purpose and Legal Basis

These tools serve communication with clients and contractual parties (Art. 6(1)(b) GDPR), or to simplify and speed up communication (Art. 6(1)(f) GDPR). If consent is requested, it is based on Art. 6(1)(a) GDPR and can be revoked at any time.

​

Storage Duration

Data collected via conferencing tools is deleted once no longer needed or upon request. Stored cookies remain until deleted. Legal retention periods remain unaffected.

We do not control data retention by the tool providers; please consult their policies.

​

Tools Used: Zoom
Provider: Zoom Communications Inc., USA. Privacy: https://explore.zoom.us/de/privacy/.
EU data transfers rely on EU Standard Contractual Clauses.
Certified under the “EU-US Data Privacy Framework”: https://www.dataprivacyframework.gov/participant/5728.

​

Data Processing Agreement

We have a DPA in place with Zoom to ensure GDPR-compliant data processing based on our instructions.