Privacy Policy

1.1 Data Controller

1.2 Data We Collect

We collect and process the following categories of personal data:

• Contact Information: full name, email address, phone number, nationality
• Identification documents, if voluntarily submitted (e.g., passport copy for qualification checks)
• Professional Background: CV, educational certificates, diplomas, language test results
• Communication Content: emails, session notes, consultation transcripts
• Technical Information: IP address, browser type, time zone, and device information when using our website
• Payment Data: only minimal payment confirmation data via our third-party payment processor (Stripe)

1.3 Purpose and Legal Basis

Your data is collected and processed for the following purposes:

• To deliver the Labor Market Assessment service as contracted
• To evaluate your qualifications and chances for employment in the D-A-CH region
• To contact you regarding your booking, session, and follow-up recommendations
• For quality assurance and service improvement
• To comply with applicable legal obligations (e.g. invoicing)

Legal basis under the GDPR:

• Art. 6(1)(a) -- Your explicit consent for certain processing activities
• Art. 6(1)(b) -- Processing necessary for the performance of our contract with you
• Art. 6(1)(c) -- Compliance with legal obligations (e.g., tax laws)
• Art. 6(1)(f) -- Legitimate interests, such as fraud prevention and business analysis

1.4 Data Retention

We retain personal data only for as long as necessary to fulfill the stated purposes or as required by applicable law. Specifically:

• Consultation-related data is stored for 2 years unless deletion is requested earlier.
• Financial data (e.g., invoices) is retained for 10 years in accordance with German tax law.

You can request early deletion of your data unless retention is legally required.

1.5 Data Sharing

Your data may be shared with the following third parties, always under strict confidentiality:

• Internal staff and freelance consultants supporting service delivery
• Potential employers or institutions, only after obtaining your explicit, written consent
• External IT providers (e.g., Zoom, email servers) under data processing agreements
• Legal authorities in cases of lawful requests or compliance requirements

We do not sell or rent your data to third parties under any circumstances.

1.6 Data Security

We implement appropriate technical and organizational security measures to protect your personal data from unauthorized access, accidental loss, or unlawful disclosure. Measures include:

• Encrypted communication channels (SSL/TLS)
• Role-based access to internal systems
• Secure storage of digital and physical documents
• Regular audits and compliance checks

1.7 Your Rights Under GDPR

You have the following rights under the General Data Protection Regulation (GDPR):

• Right of access (Art. 15): You can request a copy of the data we hold about you
• Right to rectification (Art. 16): You can ask us to correct inaccurate data
• Right to erasure (Art. 17): You can request deletion of your personal data
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object to processing (Art. 21)
• Right to withdraw consent at any time (Art. 7 para. 3)
• Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, please contact us in writing or via email.

1.8 International Transfers

If we transfer your personal data to service providers outside the European Economic Area (EEA), we ensure an adequate level of data protection through:

• EU Standard Contractual Clauses (SCCs)
• Transfer to countries with an adequate level of protection approved by the EU Commission

1.9 Updates to This Privacy Policy

We may update this privacy policy to reflect changes in our legal obligations or business practices. Updates will be published on our website, and material changes will be communicated to you via email where applicable.