Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

German Education Factory GmbH (GEDUFA)
Reisholzer Werftstr. 35, 40589 Düsseldorf
Email: info@gedufa.de
Phone: +49 211 50948734

2. Data We Collect

We collect personal data when you:

• visit our website (technical access data)
• fill in a contact or registration form
• book a consultation appointment via our booking system
• upload documents via the application form
• contact us by email or telephone

Depending on how you get in touch, the data collected may include: name, email address, phone number, country of origin, language level, desired course/training pathway and uploaded documents (e.g. certificates, ID copies).

3. Legal Bases for Processing

We process your personal data on the following legal bases pursuant to Art. 6 GDPR:

• Art. 6(1)(a) GDPR – Consent (e.g. cookie consent)
• Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual measures (e.g. course registration)
• Art. 6(1)(c) GDPR – Compliance with a legal obligation
• Art. 6(1)(f) GDPR – Legitimate interests (e.g. website operation, IT security)

4. Contact and Registration Forms

When you use our forms, the data you enter is processed to handle your enquiry or registration. Data is transmitted via a secure HTTPS connection and stored in our management system. Data is only shared with third parties where required to fulfil the contract or as required by law.

Forms are processed via our internal form handler. Submissions are forwarded via webhook to our internal CRM system.

5. Appointment Booking via Meetergo

For booking consultation appointments we use the service Meetergo (provider: Meetergo GmbH). When making a booking, the following data is transmitted to Meetergo: name, email address, phone number and the chosen appointment time.

Meetergo processes this data on servers within the EU. For more information see Meetergo's privacy policy: www.meetergo.com/datenschutz.

6. File Uploads and Document Processing

Via our application forms you can upload documents (e.g. certificates, ID copies, official notices). These files are transmitted in encrypted form (HTTPS/TLS) and stored on our web server. Access is restricted to authorised staff. Uploaded documents are deleted after completion of the recognition or application process, and no later than upon expiry of the statutory retention periods.

7. Cookies

Our website uses cookies – small text files stored in your browser. We distinguish between:

• Necessary cookies: Technically required for the operation of the website (e.g. session cookie, cookie consent). No consent required.
• Functional cookies: Store your preferences (e.g. language setting). Only after consent.
• Analytics cookies: Only set if you have expressly consented.

You can adjust or withdraw your cookie settings at any time under Cookie Settings.

8. Integrated Third-Party Services

Google Fonts

We load fonts from Google Fonts (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). When the page loads, your IP address is transmitted to Google servers. Legal basis: Art. 6(1)(f) GDPR. Further information: Google Privacy Policy.

Font Awesome (jsDelivr CDN)

Icons are provided via the jsDelivr CDN (ProspectOne Sp. z o.o., Poland). Your IP address is transmitted to CDN servers. Legal basis: Art. 6(1)(f) GDPR.

Tailwind CSS & Alpine.js (CDN)

Styling and interaction libraries are loaded via external CDNs. Your IP address may be transmitted to the CDN operators in the process.

Cloudflare Turnstile

To protect our forms from spam, we may use Cloudflare Turnstile (Cloudflare Inc., USA). Cloudflare processes technical data to verify that users are human. More information: Cloudflare Privacy Policy.

9. Retention Periods

Your personal data is only stored for as long as necessary for the respective processing purpose or as required by statutory retention obligations. Specifically:

• Contact enquiries: 2 years after completion of the matter
• Booking data: Duration of the business relationship, then 3 years
• Application documents: 6 months after completion of the process if no contract is concluded
• Statutory retention obligations: up to 10 years (e.g. tax-relevant documents)

10. Your Rights as a Data Subject

Under the GDPR you have the following rights:

• Access (Art. 15 GDPR): You may request information about the data stored about you.
• Rectification (Art. 16 GDPR): You have the right to have inaccurate data corrected.
• Erasure (Art. 17 GDPR): You may request deletion of your data, provided no statutory retention obligations apply.
• Restriction (Art. 18 GDPR): You may request restriction of processing.
• Data portability (Art. 20 GDPR): You may receive your data in a machine-readable format.
• Objection (Art. 21 GDPR): You may object to the processing of your data.
• Withdrawal (Art. 7(3) GDPR): You may withdraw consent given at any time with effect for the future.

To exercise your rights, please contact: info@gedufa.de

You also have the right to lodge a complaint with the competent data protection supervisory authority. The authority responsible for NRW is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
www.ldi.nrw.de

11. Data Security

We implement technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss or alteration as well as against unauthorised disclosure or access. Transmission between your browser and our server is exclusively via an encrypted SSL/TLS connection (indicated by "https://" in the address bar).

12. Changes to this Privacy Policy

We reserve the right to update this privacy policy to reflect changes in the legal situation or changes to our services. The current version is always available on this page. The date of the last update is shown at the top of this page.