Executive summary / tl;dr

We’re committed to protecting your data, and since we’re proudly 🇪🇺 EU-based, also committed to taking the GDPR seriously.

We are curious about the regions and cities where our casual visitors come from, but not curious about who exactly they are, or how their neighborhood looks like. Our website and all the data that we collect and obtain reside on an IT infrastructure that is physically located in 🇩🇪 Germany. All of our web traffic analytics and newsletter management is handled directly and locally on our servers, not by third parties, like foreign companies.

When you subscribe to our newsletters, and later unsubscribe, we delete your data at most two weeks later. When you do business with us or become our customer, we keep related data on record only for as long and only to the extent mandated by tax and other laws. When you obtain a certificate after one of our events, we’ll store the related data for 5 years, so we can verify whether a disputed certificate was issued by us or not.

The only data that we are keeping until you request we delete it are your voluntary interactions with us (emails, survey answers, testimonials) – by default, we cherish this type of feedback like a souvenir.

We never sell your data to, or share it with, advertisers and marketeers.

Until the respective cases are settled, we do of course not delete evidence that we need to provide based on legal obligations, and to investigate, prevent, and stop crime, threats and harm. We also do not delete evidence of somebody trying to sabotage our business or infrastructure.

We fully respect your rights as stated in the GDPR. If you have any suggestions, questions, or requests, please feel free to contact our data controller (see below).

The following text describes all of this in more detail. To navigate quickly in this document, try the table of contents at the top.

What data do we collect?

Visits to our website

Using our website is possible without specifying personal identification information.

When you visit our website, we automatically collect certain information while you use or navigate the site. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as

  • Your IP address, anonymized by removing the last byte (e.g., 198.51.100.0 instead of 198.51.100.54).
  • Browser and device characteristics.
  • Operating system.
  • Language preferences.
  • Referring URLs.
  • Device name.
  • Pseudo-anonymized location (generated from the anonymized IP-address).
  • Country, region, city (low resolution based on IP-address).
  • Files that were clicked and downloaded.
  • Link clicks to an outside domain.
  • Information about how and when you use our site and other technical information.

This information is primarily needed to maintain the security and operation of our sites, and to analyze traffic and help us to improve your user experience.

Server log files

We collect the data your browser sends our server in what is known as server log files. Server log files are stored separately from all other data mentioned elsewhere in this text.

The following data is stored:

  • Browser types and versions used.
  • The operating system used by the accessing system.
  • The website from which an accessing system accesses our website (referrer).
  • The sub-pages accessed via an accessing system on our website.
  • The date and time the website is accessed.
  • An internet protocol address (IP address).

No conclusions are drawn about you when using this general data and information. Instead, this information is needed to

  • Properly deliver our website content.
  • Ensure the continued functioning of our information technology systems and our website’s technology.
  • Provide the information necessary for law enforcement authorities, in accordance with the law.
  • Serve as evidence for legal action we are taking, e.g. in cases of cyber attacks, fraud, etc.

This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.

Your voluntary interactions with us

When you voluntarily interact with us (e.g., subscribe to our newsletters, participate in our surveys, give us feedback [via email; contact forms on our website; etc.]), we collect the following data:

  • Your personal identification information (name, email address).
  • Specific topics of interest you are expressly stating.
  • Your answers to survey questions.
  • The content of any emails and messages that you have sent us.
  • When you open a newsletter edition for the first time, and which of the contained links you are following.

Event registration

When you register with us or with a third-party website for an event organized by us (e.g., a workshop or a training), we will collect or obtain the following data, per participant:

  • Personal identification information (name and email address).
  • If physical deliveries are necessary, a postal address. 
  • Type of the ticket purchased.
  • The express confirmation that the participant meets the prerequisites for the respective events, if any are stated during the registration process.
  • For in-person events, any dietary preference or other specific needs that are expressly stated and are requested to be met at the venue.

We will also collect or obtain, per registration:

  • Payment confirmations, including the amount paid, and the means of payment.
    Please note: We never collect payment details from you, such as e.g. credit card numbers. Such details are exclusively processed by the third-party platforms that we use for selling our products and services. You should review their respective privacy policies and contact them directly to respond to your questions.
  • Invoicing information, such as an invoicing address and, if applicable, VAT identification numbers and any order details specified by you.

Certificates

For every participant of our events obtaining a certificate, we will additionally keep on record

  • the event that they have participated in, and the type of certificate that was obtained, including a unique identifier of the certificate.

How do we collect your data?

You directly provide us with most of the data we collect. We collect data and process data when you:

  • Register for our events, or place an order for any of our products or services, directly or via third parties.
  • Voluntarily complete a customer survey or provide feedback.
  • Use or view our website.
  • Pay for our services, events or products.
  • Send us email, or use the contact form on our website.
  • Open our newsletter editions and follow the links contained inside.

How will we use your data?

We collect your data so that we can:

  • Provide you with the news you have subscribed to.
  • Provide more content for which there is a higher demand, and reduce the amount of content for which there is a lesser demand.
  • Process your registrations, orders, and refunds.
  • Send administrative information to you, for business purposes, legal reasons and/or possibly contractual, including information about changes to our terms, conditions, and policies.
  • Verify that certificates attributed to us have actually been issued by us.
  • With your express consent only, to publish testimonials.
  • To respond to legal requests and prevent harm. If we receive a legal request, we may need to inspect the data we hold to determine how to respond.
  • Improve our offers and our workflow, according to your feedback and your responses to our surveys.
  • Maintain the security and operation of our sites, and analyze traffic and help us to improve your user experience.

How do we store your data?

We securely store your data on our servers located in Germany, only. We are also hosting our website on servers that are physically located in Germany, only.

For how long do we store your data?

German tax law obliges us to keep records of some specific data. Therefore, for reasons of financial auditability (Art. 17 Para. 3 lit. b GDPR), we will delete the following data at most one month after the end of the legally mandated safekeeping period of 10 (ten) years:

  • Quotes and invoices
  • Any emails and other communication related to a participation in, or purchase of, our events, products and services.

Server log files are kept for 14 days, unless further storage of them is legally required (until the respective cases are settled) for providing evidence to law enforcement activities, or required as evidence for legal action we are taking.

With respect to any of the collected data that is not affected by the former:

  • Data that you had provided when subscribing to our newsletters, and data obtained from your interaction with our newsletter editions, will be erased at most two weeks after you have unsubscribed.
  • Data that we have collected or obtained after you had registered for our events will be erased at most two weeks after the event has ended.
  • Should we issue certificates in the course of an event, we will keep on record, per certificate, the personal identification information (name, email address and potentially address) of the receiver, the course that they have participated in, and the type of the certificate for a period of 5 (five) years, after which the data will be erased.
  • Data provided by you during your voluntary interactions with us will be deleted upon your express request only.

Will your information be shared with anyone?

We only share and disclose your information in the following situations:

  • Compliance with laws. We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.
  • Vital interests and legal rights. We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
  • Vendors and third-party service providers. We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, email delivery, hosting services, and debt collectors. You can find detailed information below, under Commissioned service providers, tools and plugins used. You can find detailed information below, under Commissioned service providers, tools and plugins used.
    We do not share, sell, rent or trade any of your information with third parties for their promotional purposes.
  • Business transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, financing, or acquisition of all or a portion of our business to another company.
  • With your prior and express consent. With your prior, express and specific consent, we may disclose your personal information also for other purposes (e.g., to enable you to claim a discount from third parties) .

What are your data protection rights?

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access. You have the right to request us for copies of your personal data.

The right to rectification. You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.

The right to erasure. You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing. You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing. You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability. You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you.

Commissioned service providers, tools and plugins used

Matomo

This site uses the open-source Matomo plugin to to analyze web traffic and help us to improve your user experience. The plugin collects the data listed above, under Visits to our website. All data is collected directly by our webservers in Germany, without indirections.

MailPoet

This site uses the MailPoet plugin to send newsletters and maintain newsletter subscriptions. The plugin maintains all data locally on our servers. To send newsletters and receive replies, we use our own mail accounts hosted on servers in Germany.

mailbox.org

This site uses mailbox.org as its email provider for sending and receiving all of its emails (including newsletter publication via the MailPoet plugin) under our domain name hostingbrains.com.

No cookies

This website does not use cookies.

No Google Web Fonts

We do not use Google Web Fonts, but cache all fonts locally instead, so we can serve them from our own servers.

Privacy policies of other websites

Our website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read its privacy policy.

Changes to our privacy policy

We keep our privacy policy under regular review and place any updates on this web page. This privacy policy was last updated on June 12th 2020.

How to contact us

If you have suggestions on how to improve our data protection policy, or any questions about our privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact our Data Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection:

Rolf F. Katzenberger
Leupoldstraße 7
90763 Fürth
GERMANY
eMail: gdpr@hostingbrains.com

What should I do if I think that my personal data protection rights haven’t been respected?

If you think that contacting our Data Controller did not resolve the issue, you can find detailed information on your options provided by the European Commission at https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en.