Privacy Policy
1. General Information
The following information provides a clear overview of how your personal data is processed when you visit the website of the Cucua sole proprietorship. Personal data includes all information that can be used to identify you. Detailed information on data protection can be found in the privacy policy below.
2. Controller
Data processing on this website is carried out by the website operator. The operator's contact details can be found in the 'Controller Notice' section of this privacy policy. Additional data may be collected either automatically or with your consent when you visit the website. This mainly includes technical information such as the internet browser used, the operating system, or the time the page was accessed. This data is collected automatically once you access the website.
3. Data Security
SSL or TLS encryption
For security reasons and to protect the transmission of sensitive information, such as orders or inquiries that you send to us as the site operator, we use SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from 'http://' to 'https://' and a lock icon appears. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If, after concluding a paid contract, you are required to provide us with your payment data (e.g. account number for direct debit), this data is required for payment processing. Payment transactions via common means of payment (Visa/MasterCard, direct debit) are exclusively carried out via an encrypted SSL or TLS connection. An encrypted connection can be recognized by the change in the browser's address line from 'http://' to 'https://' and the lock icon. With activated encryption, the payment data you transmit to us cannot be read by third parties.
4. Data Collection
The following data is processed by us:
| Data Type | Purpose | Retention / Legal Basis |
|---|---|---|
| User Accounts (Name, Email, Password, Phone Number) | Creation and authentication of users | Stored as long as the account is active or until deletion is requested; optionally deleted after 3 years of inactivity |
| Payment Data (IBAN, Transaction Details) | Billing and accounting | 10 years – in accordance with §147 AO (German Fiscal Code) |
| IP Addresses and Cookies | Security, analytics, service optimization | 12 months – data is automatically deleted thereafter |
| Student Test Results | Tracking learning progress | 5 years – sufficient for educational analysis and reporting |
| Activity Logs | Security, troubleshooting, service improvement | 12 months – appropriate for technical analysis and error tracking |
| Business Correspondence | Contractual and business communication | 6 years – in accordance with §257 HGB (German Commercial Code) |
| Financial Records / Invoices | Legal and tax documentation | 10 years – in accordance with §147 AO |
| User Deletion Requests | Proof of GDPR compliance (Article 17) | 3 years – recommended for legal documentation |
5. Storage Duration of Data
Unless a specific storage duration is stated in this privacy policy, your personal data will be stored by us until the purpose for the data processing no longer applies. If you submit a legitimate deletion request or withdraw your consent to data processing, your data will be deleted unless we are legally required to retain it (e.g. due to tax or commercial law retention obligations). In such cases, deletion will occur once these obligations no longer apply.
| Data Type | Purpose of Storage | Retention Period / Legal Basis |
|---|---|---|
| User Accounts (Name, Email, Password, Phone Number) | Creation and authentication of user accounts | Stored as long as the account is active, or until deletion is requested; optional deletion after 3 years of inactivity |
| Payment Data (IBAN, Transaction Details) | Billing and accounting | 10 years – in accordance with §147 AO (German Fiscal Code) |
| IP Addresses and Cookies | Security, analytics, service optimization | 12 months – automatic deletion recommended after this period |
| Student Test Results | Tracking learning progress | 5 years – sufficient for educational analysis and reports |
| Activity Logs | Security, troubleshooting, service improvement | 12 months – suitable for technical analysis and error tracking |
| Business Correspondence | Contractual and business communication | 6 years – in accordance with §257 HGB (German Commercial Code) |
| Financial Records / Invoices | Legal and tax documentation | 10 years – in accordance with §147 AO |
| User Deletion Requests | Proof of GDPR compliance (Article 17) | 3 years – recommended for compliance documentation |
6. Use of Data
The collection and processing of data serves the following purposes:
- Provision and optimization of the software
- Fixing technical problems and errors
- Communication with you regarding support or updates
- Compliance with legal requirements
7. Single Sign-On
In addition to logging in with email and password, we offer the option to log in using Single Sign-On. With this method, you can log in using an account from a third-party provider that supports Single Sign-On, without having to create a separate account with us. This requires registration with the selected Single Sign-On provider. We currently offer Single Sign-On via iServ, a service of iServ GmbH. When using this method, you are redirected to an online form of the provider where you enter your login details. Authentication is handled directly by the provider. We then create a user account for you and link it with an authentication token received from the provider. Additional data received depends on the chosen provider, your privacy settings, and the authorizations you grant. We do not access or store your password. Usually, we store only the authentication token and your username.
To unlink the accounts, you can revoke access via the provider's settings. To delete your data, cancel your account with us. Legal basis: your consent (Art. 6(1)(a) GDPR); if not obtained, processing is based on contract fulfillment (Art. 6(1)(b) GDPR) or legitimate interest (Art. 6(1)(f) GDPR) in providing a quick, user-friendly, and secure login method.
8. Your Rights as a Customer
Withdrawal of Consent
Many data processing operations are only possible with your explicit consent. You have the right to withdraw any given consent at any time. The withdrawal does not affect the legality of the data processing carried out before the withdrawal.
Right to Object
If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. This also applies to profiling based on these provisions. If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defense of legal claims (objection under Art. 21(1) GDPR).
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing (objection under Art. 21(2) GDPR).
Right to Lodge a Complaint
In case of violations of the GDPR, affected individuals have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work or place of the alleged violation. This right exists without prejudice to other administrative or judicial remedies.
Right to Data Portability
You have the right to receive the data that we process based on your consent or in fulfillment of a contract in a structured, commonly used and machine-readable format. You also have the right to have this data transmitted to another controller, if technically feasible.
Right to Access, Rectification, and Erasure
In accordance with applicable legal provisions, you have the right at any time to receive information free of charge about your stored personal data, its origin, recipients, and the purpose of data processing. You may also have the right to rectification or deletion of this data. You can contact us at any time regarding this.
Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data. This right exists in the following cases:
- You dispute the accuracy of your personal data stored by us. We usually need time to verify this. During the verification period, you have the right to request the restriction of the processing of your data.
- If the processing of your personal data was/is unlawful, you may request the restriction of data use instead of deletion.
- If we no longer need your personal data but you require it for the establishment, exercise or defense of legal claims, you may request that your data is not deleted but restricted in processing.
- If you have objected pursuant to Art. 21(1) GDPR, a balance must be made between your interests and ours. As long as it is not clear whose interests prevail, you have the right to request the restriction of the processing of your data.
If processing is restricted, such data – apart from storage – may only be processed with your consent or for the assertion, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
9. Contact Form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provided, will be stored for the purpose of processing the request and in case of follow-up questions. We do not share this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR, if your request is related to the execution of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively processing the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested.
The data entered by you in the contact form will remain with us until you request us to delete it, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
10. Inquiry by Email, Mail or Telephone
If you contact us by email, phone or mail, your inquiry including all personal data (name, request) resulting from it will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR, if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively processing inquiries (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if obtained.
The data you send to us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for storage no longer applies. Mandatory legal provisions – especially legal retention periods – remain unaffected.
12. Use of Cookies
Our website uses 'cookies'. Cookies are small text files that are stored on your device and do not cause any damage. Cookies may be stored temporarily during your session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted when you leave the website. Persistent cookies remain stored until you delete them yourself or your browser deletes them automatically.
Third-party cookies may also be used on your device when you visit our site. These enable us or you to use certain third-party services (e.g., payment processing).
Cookies serve various purposes. Many cookies are technically necessary as certain website functions would not work without them (e.g., shopping cart or video display). Other cookies are used to analyze user behavior or to display personalized advertising.
Necessary cookies and those used to optimize the website (e.g., for measuring reach) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. Our legitimate interest lies in the technically flawless and optimized provision of our services. If consent has been requested for cookie storage, processing is based exclusively on that consent (Art. 6(1)(a) GDPR), which can be withdrawn at any time.
You can configure your browser to inform you about the setting of cookies, allow them only in individual cases, exclude the acceptance of cookies for specific cases or in general, and enable automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
If we use third-party cookies or cookies for analytical purposes, we will inform you separately within this privacy policy and, if necessary, request your consent.
13. Automated Decision-Making
We generally do not use automated decision-making processes within the meaning of Art. 22 GDPR. Should such processes be used in specific cases, we will inform you separately, provided that there is a legal obligation to do so.
14. Contact
If you have any questions about data protection, you can contact us at any time at: info@cucua.co