Swipe2Learn
en de

Privacy

As of: April 2026

Disclaimer: This English translation is provided for convenience only. In the event of any discrepancy or conflict between the English and German versions, the German version shall prevail and be legally binding.

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to simply as “data") that we process, for what purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and particularly on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online service").

The terms used are not gender-specific.

Table of Contents

Controller

Daniel Lang
Nelkenweg 1
89312 Günzburg, Germany

Email address: [email protected]
Phone: +49 8221 2598910
Legal Notice: swipe2learn.app/en/legal-notice

Overview of Processing Operations

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.

Types of data processed:

  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication and procedural data.
  • Log data.

Categories of data subjects:

  • Users.
  • Communication partners.
  • Prospective users.

Purposes of processing:

  • Communication.
  • Security measures.
  • Reach measurement.
  • Feedback.
  • Profiles with user-related information.
  • Provision of our online service and user-friendliness.
  • Information technology infrastructure.
  • Public relations.
  • Direct marketing (e.g., by email or postal mail).
  • Managing and responding to inquiries.

Relevant legal bases under the GDPR: The following is an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or domicile may apply. If, furthermore, more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1) sent. 1 lit. a) GDPR) – The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR) – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests, fundamental rights, and fundamental freedoms of the data subject which require the protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Security Measures

In accordance with the legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihoods and severity of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, safeguarding the availability of, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the erasure of data, and responses to data threats. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and through privacy-friendly default settings.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect users' data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the further developed and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and in encrypted form.

Transmission of Personal Data

In the course of our processing of personal data, it may occur that such data is transmitted to other entities, companies, legally independent organizational units, or persons, or that it is disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks, or providers of services and content that are embedded in a website. In such cases, we comply with the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers

Data processing in third countries: If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or the disclosure or transmission of data to other persons, entities, or companies (which can be recognized by the postal address of the respective provider or if the privacy policy expressly refers to data transfer to third countries), this always takes place in compliance with the legal requirements.

For data transfers to the USA, we rely primarily on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission of July 10, 2023. In addition, we have concluded Standard Contractual Clauses with the respective providers that comply with the requirements of the EU Commission and establish contractual obligations for the protection of your data.

This two-fold safeguard ensures comprehensive protection of your data: The DPF forms the primary layer of protection, while the Standard Contractual Clauses serve as additional security. Should changes occur within the framework of the DPF, the Standard Contractual Clauses take effect as a reliable fallback option. In this way, we ensure that your data remains adequately protected at all times, even in the event of any political or legal changes.

For the individual service providers, we inform you whether they are certified under the DPF and whether Standard Contractual Clauses exist. Further information on the DPF and a list of certified companies can be found on the website of the US Department of Commerce at dataprivacyframework.gov (in English).

For data transfers to other third countries, corresponding safeguards apply, in particular Standard Contractual Clauses, explicit consents, or legally required transmissions. Information on third country transfers and applicable adequacy decisions can be found in the information provided by the EU Commission: commission.europa.eu.

General Information on Data Storage and Erasure

We erase personal data that we process in accordance with the legal provisions as soon as the underlying consents are withdrawn or no further legal bases for processing exist. This concerns cases in which the original purpose of processing ceases to apply or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or data whose storage is necessary for legal prosecution or for the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices contain additional information on the retention and erasure of data that applies specifically to certain processing operations.

Where there are multiple specifications regarding the retention period or erasure deadlines for a piece of data, the longest deadline shall always be authoritative. Data that is no longer retained for the originally intended purpose but due to legal requirements or other reasons is processed by us exclusively for the reasons that justify its retention.

Retention and erasure of data: We currently do not process any data subject to the statutory retention periods under commercial or tax law. However, as soon as corresponding commercial or tax-relevant transactions occur (e.g., in the context of a future commercial activity), the following general deadlines under German law apply for retention and archiving:

  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as work instructions and other organizational documents required for their understanding (Sec. 147(1) no. 1 in conjunction with (3) AO, Sec. 14b(1) UStG, Sec. 257(1) no. 1 in conjunction with (4) HGB).
  • 8 years – Accounting documents, such as invoices and cost receipts (Sec. 147(1) no. 4 and 4a in conjunction with (3) sentence 1 AO, as well as Sec. 257(1) no. 4 in conjunction with (4) HGB).
  • 6 years – Other business documents: received commercial or business correspondence, copies of sent commercial or business correspondence, other documents insofar as they are of importance for taxation, e.g., hourly wage slips, operational accounting sheets, calculation documents, price markings, but also payroll accounting documents, insofar as they are not already accounting documents, and cash register slips (Sec. 147(1) no. 2, 3, 5 in conjunction with (3) AO, Sec. 257(1) no. 2 and 3 in conjunction with (4) HGB).
  • 3 years – Data required to take into account potential warranty and damages claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and customary industry practices, is stored for the duration of the regular statutory limitation period of three years (Secs. 195, 199 BGB).

Commencement of periods at the end of the year: If a period does not expressly begin on a specific date and is at least one year long, it automatically starts at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the point in time at which the termination or other conclusion of the legal relationship takes effect.

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6(1) lit. e or f GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consents given at any time.
  • Right of access: You have the right to request confirmation as to whether the data concerned is being processed and to obtain information about such data as well as further information and a copy of the data in accordance with the legal requirements.
  • Right to rectification: You have the right, in accordance with the legal requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with the legal requirements, to request that data concerning you be erased without delay, or alternatively, in accordance with the legal requirements, to request a restriction of the processing of the data.
  • Right to data portability: You have the right to receive data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format, in accordance with the legal requirements, or to request its transmission to another controller.
  • Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the provisions of the GDPR.

Provision of the Online Service and Web Hosting

We process users' data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

  • Types of data processed: Usage data (e.g., page views and dwell time, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved); log data (e.g., log files concerning logins or the retrieval of data or access times); content data (e.g., textual or pictorial messages and contributions as well as information relating to them, such as details of authorship or time of creation).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing and legitimate interests: Provision of our online service and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures.
  • Retention and erasure: Erasure in accordance with the information in the section “General Information on Data Storage and Erasure".
  • Legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR).

Further information on processing operations, procedures, and services:

  • Provision of online service on rented storage space: For the provision of our online service, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also called “web hoster"); legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR).
  • Collection of access data and log files: Access to our online service is logged in the form of so-called “server log files". The server log files may include the address and name of the accessed web pages and files, the date and time of access, transferred data volumes, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. The server log files may be used, on the one hand, for security purposes, e.g., to avoid server overload (particularly in the case of abusive attacks, so-called DDoS attacks), and on the other hand, to ensure server utilization and stability; legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR). Erasure of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes is excluded from erasure until the respective incident has been definitively resolved.
  • Email sending and hosting: The web hosting services we use also include the sending, receiving, and storage or routing of emails. For these purposes, the addresses of the recipients and senders, as well as further information concerning the email sending (e.g., the providers involved), and the contents of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes. Please note that emails are generally not sent in encrypted form on the Internet. As a rule, emails are encrypted in transit, but (unless so-called end-to-end encryption is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of emails between the sender and receipt on our server; legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR).
  • Content Delivery Network: We use a “Content Delivery Network" (CDN). A CDN is a service by means of which content of an online service, in particular large media files such as graphics or program scripts, can be delivered more quickly and securely with the help of regionally distributed servers connected via the Internet; legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR).
  • Cloudflare (Hosting, CDN, DNS, Email Routing): We use the services of Cloudflare, Inc. as a provider for the hosting of our online service (Cloudflare Pages), as a Content Delivery Network (CDN), as a DNS provider, and for the routing of emails directed to our domain (Cloudflare Email Routing). In this context, Cloudflare processes IP addresses, times of access, information on the browser and operating system, as well as content and metadata of emails that come in or go out via our domain. To protect against abusive access (bot and DDoS defense), Cloudflare uses technically necessary cookies (in particular __cf_bm with a lifetime of approximately 30 minutes, as well as possibly cf_clearance). These cookies are required for the secure and stable operation of the online service and do not serve profiling or reach measurement. No further cookies are set by Cloudflare on our online service; service provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR). Website: cloudflare.com; privacy policy: cloudflare.com/privacypolicy; data processing agreement: cloudflare.com/cloudflare-customer-dpa. Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses.

Contact by Email

When contacting us (e.g., by email to the address provided in the legal notice), the information provided by the inquiring persons is processed to the extent necessary to answer the inquiry and any follow-up questions.

  • Types of data processed: Contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or pictorial messages and contributions as well as information relating to them, such as details of authorship or time of creation); meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; inquiries and contact; feedback.
  • Retention and erasure: Emails are deleted as soon as the purpose of their processing ceases to apply and no statutory retention obligations oppose this. Inquiries that do not require further processing are generally deleted after two years at the latest.
  • Legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR).

Further information on processing operations, procedures, and services:

  • Cloudflare Email Routing: The routing and forwarding of emails to our domain swipe2learn.app is carried out via the Cloudflare Email Routing service. Further information about the provider Cloudflare can be found in the section “Provision of the Online Service and Web Hosting".
  • Google / Gmail (email reception and sending): After forwarding by Cloudflare Email Routing, emails sent to [email protected] are delivered to a mailbox we use at Gmail (Google) and stored there. Responses on our part are also sent via Gmail. In this context, Google processes sender and recipient addresses, metadata (e.g., time, transport information), and the contents of the emails. Retention and erasure are carried out in accordance with our specifications corresponding to the deadline specified above. End-to-end encryption is not established; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR). Website: google.com; privacy policy: policies.google.com/privacy. Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses.

Waitlist and Newsletter

On our website, we offer interested persons the opportunity to sign up for a waiting list (waitlist) in order to receive a notification as soon as our application Swipe2Learn becomes available, and subsequently to receive regular emails with news about Swipe2Learn. From a legal perspective, this constitutes a newsletter within the meaning of the statutory provisions, regardless of the fact that we refer to the service externally as a “waitlist". Registration is carried out via a sign-up form provided on our website by our service provider Brevo (Sendinblue SAS).

The following notes inform you about the contents of our newsletter as well as the registration, dispatch, and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you declare your agreement with its receipt and the procedures described.

Contents of the newsletter: We send newsletters, emails, and other electronic notifications with information about Swipe2Learn. The contents include in particular: the notification of the launch of the application, information on new features and versions, notes on new or expanded learning content, educational information relating to cryptocurrencies and blockchain, as well as selected offers and promotions in connection with Swipe2Learn.

Dispatch frequency: The dispatch frequency is generally no more than two emails per month.

Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. After registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can sign up using someone else's email address. The newsletter registrations are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation times as well as the IP addresses used in each case. Likewise, changes to your data stored with the dispatch service provider are logged.

Performance measurement of the newsletters (tracking): Our newsletters contain a so-called “tracking pixel" (also known as a “web beacon") that is retrieved from the servers of the dispatch service provider Brevo when the newsletter is opened. As part of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected. This information is used for the technical improvement of our newsletters based on the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined with the aid of the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until they are deleted. The analyses serve to enable us to recognize the reading habits of our users and to adapt our content to them, or to send different content corresponding to the interests of our users. A separate withdrawal of consent to the performance measurement is unfortunately not possible; in that case, the entire newsletter subscription must be canceled.

Erasure and restriction of processing: We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove a previously given consent. The processing of this data is restricted to the purpose of a possible defense against claims. An individual request for erasure is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a block list (so-called “blocklist").

Unsubscription and withdrawal of consent: You can cancel the receipt of our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to cancel the newsletter can be found at the end of each newsletter (one-click unsubscribe). Alternatively, you can notify us of your unsubscribe request at any time by email to [email protected].

Note on the integration of the sign-up form (two-click solution): The sign-up form is technically provided as an inline frame (iframe) from the servers of our service provider Brevo (domain: sibforms.com). In order to avoid the transmission of personal data (in particular your IP address) to Brevo already when accessing our website, the form is not loaded automatically, but only after you have actively clicked on a button by which you consent to the loading of the form. Only from this point in time is a connection established to the servers of Brevo and your IP address as well as technical information about your browser and end device transmitted to Brevo so that the form can be displayed. You can withdraw your consent to the loading of the form at any time by reloading the page. The form is delivered via Cloudflare's content delivery network; in this context, a strictly necessary session cookie may be stored on your end device for anti-abuse and bot-protection purposes. This cookie does not process any further personal data and is deleted when the browser is closed.

  • Types of data processed: Contact data (email address); meta, communication and procedural data (e.g., IP addresses of the registration and confirmation, times of the registration and confirmation, opt-in status, IP addresses and times when newsletters are opened and clicked); usage data (e.g., interaction with the sign-up form, dispatch status, opening and click behavior).
  • Data subjects: Communication partners; prospective users.
  • Purposes of processing: Direct marketing (by email); communication; managing and responding to inquiries; proof of consent; reach measurement (performance measurement of the newsletters).
  • Retention and erasure: Storage of the email address until consent is withdrawn (unsubscription). After unsubscription, storage for up to three years as proof of the consent previously given. Log data on the registration and confirmation are likewise stored for up to three years after unsubscription. Performance measurement data is stored in the recipients' profiles at Brevo until unsubscription and subsequently deleted. Otherwise, erasure in accordance with the information in the section “General Information on Data Storage and Erasure".
  • Legal bases: Consent (Art. 6(1) sent. 1 lit. a) GDPR) – for the registration for the newsletter, the dispatch of the newsletters, the processing associated with the registration including the double opt-in procedure, the performance measurement (open and click tracking), as well as the loading of the Brevo sign-up form after active actuation of the consent button; Section 25(1) TDDDG – for the storage and retrieval of information on the users' end devices within the scope of the performance measurement of the newsletters (tracking pixel); Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR) – for the proof and documentation of consents and unsubscriptions.

Further information on processing operations, procedures, and services:

  • Brevo (newsletter dispatch and sign-up form): For the management of our waitlist, the dispatch of our newsletter, the provision of the sign-up form, as well as the performance measurement (open and click tracking), we use the Brevo service of Sendinblue SAS. On our behalf, Brevo processes the email addresses of the subscribers, IP addresses and timestamps of the registration and confirmation, the double opt-in status, as well as technical delivery, opening, and click data of the dispatched newsletters. The processing takes place on the basis of a data processing agreement pursuant to Art. 28 GDPR. The servers of Brevo are located within the European Union. However, Brevo may make use of technical sub-processors for support and infrastructure operation, who may also be based in third countries (including the USA); corresponding data transfers are safeguarded on the basis of Standard Contractual Clauses and supplementary protective measures; service provider: Sendinblue SAS, 106 Boulevard Haussmann, 75008 Paris, France; legal bases: Consent (Art. 6(1) sent. 1 lit. a) GDPR), Section 25(1) TDDDG, Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR). Website: brevo.com; privacy policy: brevo.com/legal/privacypolicy; data processing agreement: brevo.com/legal/termsofuse/dpa. Basis for third country transfers: Standard Contractual Clauses.

Use of Cookies

The term “cookies" refers to functions that store information on users' end devices and read out information from them. Cookies can also be used for various concerns, such as for the purposes of functionality, security, and convenience of online services, as well as for creating analyses of visitor flows. We use cookies in accordance with the statutory regulations. For this purpose, we obtain the users' prior consent if required. If consent is not necessary, we rely on our legitimate interests. This applies if the storage and retrieval of information is essential in order to be able to provide expressly requested content and functions. This includes, for example, the storage of settings and ensuring the functionality and security of our online service. Consent can be withdrawn at any time. We provide clear information on the scope of consent and which cookies are used.

Information on data protection legal bases: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage period: With regard to the storage period, the following types of cookies are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their end device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the end device has been closed. In this way, for example, the login status can be saved and preferred content can be displayed directly when the user revisits a website. Likewise, user data collected with the help of cookies can be used for reach measurement. If we do not provide users with explicit information on the type and storage period of cookies (e.g., in the context of obtaining consent), they should assume that these are permanent and that the storage period can be up to two years.

General information on withdrawal and objection (opt-out): Users can withdraw the consents they have given at any time and also object to processing in accordance with the legal requirements, including by means of their browser's privacy settings.

  • Types of data processed: Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR).

Cookies used on our online service: On swipe2learn.app, only technically necessary cookies are currently used:

  • Cookies of our infrastructure service provider Cloudflare to protect against abusive access (see section “Provision of the Online Service and Web Hosting").
  • A first-party functional cookie named lang that stores the display language (German or English) you have actively selected via the language switcher. On your next visit to the start page, this cookie is used to automatically open your preferred language version. Lifetime: 12 months; first-party cookie set only on swipe2learn.app, no transfer to third parties. You can delete the cookie at any time via your browser settings.

These cookies do not require consent (Section 25 (2) No. 2 TTDSG / Article 5 (3) ePrivacy Directive).

When the domain root (swipe2learn.app/) is accessed, the Accept-Language header transmitted by the browser is additionally evaluated in order to redirect you once to the German or English language version. This information is not stored; legal basis: legitimate interests (Article 6 (1) sentence 1 lit. f GDPR) — delivery of the online service in the user's preferred language.

Web Analytics, Monitoring and Optimization

Web analytics (also referred to as “reach measurement") serves the evaluation of visitor flows to our online service and can include behavior, interests, or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online service or its functions or contents are used most frequently, or invite reuse. Likewise, we are able to understand which areas require optimization.

In addition to web analytics, we may also use testing procedures, for example to test and optimize different versions of our online service or its components.

Unless otherwise specified below, for these purposes profiles, i.e., data aggregated for a usage process, can be created and information stored in a browser or end device and then read out. The information collected includes, in particular, visited websites and the elements used there, as well as technical information, such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data vis-à-vis us or vis-à-vis the providers of the services we use, the processing of location data is also possible.

In addition, users' IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear-text user data (such as email addresses or names) is stored within the scope of web analytics, A/B testing, and optimization, but rather pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

Information on legal bases: If we ask users for their consent to the use of third-party providers, consent constitutes the legal basis for the data processing. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and dwell time, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing and legitimate interests: Reach measurement (e.g., access statistics, recognition of returning visitors).
  • Retention and erasure: Erasure in accordance with the information in the section “General Information on Data Storage and Erasure".
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR).

Further information on processing operations, procedures, and services:

  • Cloudflare Web Analytics: For reach measurement of our online service, we use Cloudflare Web Analytics. The service collects aggregated statistics on page views, dwell time, end devices and browsers used, as well as countries of origin and referrers (referring pages). Cloudflare Web Analytics works without the use of cookies or similar recognition technologies on the user's end device and without the creation of individual user profiles. For measurement, IP addresses are only processed briefly on the server side and then discarded; no storage of IP addresses occurs in the analytics data. Cross-device tracking does not take place; service provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR). Website: cloudflare.com/web-analytics; privacy policy: cloudflare.com/privacypolicy. Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses.

Presences on Social Networks (Social Media)

We maintain online presences within social networks and, in this context, process user data in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the territory of the European Union in this process. This may result in risks for users because, for example, the enforcement of user rights could be made more difficult.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and the resulting interests of users. The latter may in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For this purpose, cookies are generally stored on users' computers, in which the usage behavior and interests of the users are stored. In addition, data can also be stored in the usage profiles independently of the devices used by the users (particularly if they are members of the respective platforms and are logged in there).

Joint controllership for the operation of our social media presences: For the operation of our presences in social networks and the associated evaluation of aggregated usage statistics (e.g., “Insights", “Analytics"), we are jointly responsible with the respective platform operator under data protection law within the meaning of Art. 26 GDPR. This follows in particular from the case law of the Court of Justice of the European Union on Facebook fan pages (CJEU, judgment of June 5, 2018, C-210/16), which, according to the prevailing view, is transferable to comparable platforms (including Instagram). For TikTok, YouTube, and X, comparable joint controllership may also come into consideration, insofar as statistics or analysis functions are made available to us. The respective platform operators provide agreements pursuant to Art. 26 GDPR for this purpose, to which we link below in the case of the individual services. We would like to point out that data subject rights can, in practice, be most effectively asserted vis-à-vis the platform operator, as only the latter has direct access to user data.

For a detailed description of the respective processing operations and objection options (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we would like to point out that these can be most effectively asserted with the providers. Only the latter each have access to the user data and can directly take appropriate measures and provide information. Should you nevertheless need assistance, you can turn to us.

  • Types of data processed: Contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or pictorial messages and contributions as well as information relating to them, such as details of authorship or time of creation); usage data (e.g., page views and dwell time, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing and legitimate interests: Communication; feedback (e.g., collecting feedback via online form); public relations.
  • Retention and erasure: Erasure in accordance with the information in the section “General Information on Data Storage and Erasure".
  • Legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR).

Further information on processing operations, procedures, and services:

  • Instagram: Social network, enables the sharing of photos and videos, commenting on and favoriting posts, messaging, subscribing to profiles and pages; service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR). Website: instagram.com; privacy policy: privacycenter.instagram.com/policy. Basis for third country transfers: Data Privacy Framework (DPF). Joint controllership pursuant to Art. 26 GDPR: For the processing within the scope of Page Insights, joint controllership exists with Meta. The corresponding agreement (“Controller Addendum for Page Insights") is available at: facebook.com/legal/terms/page_controller_addendum.
  • TikTok: Social network and video platform, enables the sharing and viewing of short videos, commenting on and favoriting posts, messaging, as well as subscribing to profiles; service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (for users in the EEA, the United Kingdom, and Switzerland); parent company: ByteDance Ltd., Cayman Islands; legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR). Website: tiktok.com; privacy policy: tiktok.com/legal/page/eea/privacy-policy/de. Basis for third country transfers: Standard Contractual Clauses. TikTok may also transmit data to group companies outside the EEA, including to the People's Republic of China and to the USA. There is no adequacy decision of the EU Commission for the People's Republic of China; TikTok bases these transfers on Standard Contractual Clauses and additional protective measures. Note on joint controllership: Insofar as TikTok provides us with aggregated statistics within the scope of our account, joint controllership pursuant to Art. 26 GDPR may exist in this respect. Information on this is provided by TikTok in its privacy policy.
  • X: Social network; service provider: X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR). Website: x.com; privacy policy: x.com/de/privacy. Note on joint controllership: Insofar as X provides us with aggregated statistics within the scope of our account, joint controllership pursuant to Art. 26 GDPR may exist in this respect.
  • YouTube: Social network and video platform; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal bases: Legitimate interests (Art. 6(1) sent. 1 lit. f) GDPR). Privacy policy: policies.google.com/privacy. Basis for third country transfers: Data Privacy Framework (DPF). Objection option (opt-out): myadcenter.google.com/personalizationoff. Note on joint controllership: Insofar as YouTube provides us with aggregated statistics within the scope of our channel (YouTube Analytics), joint controllership pursuant to Art. 26 GDPR may exist in this respect.

Amendment and Update

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

Where we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time and please check the information before making contact.

Competent Supervisory Authority

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Germany

Phone: +49 (0) 981 180093-0
Email: [email protected]
Website: lda.bayern.de

Definitions of Terms

This section provides you with an overview of the terms used in this privacy policy. Where the terms are legally defined, their legal definitions apply. The following explanations, on the other hand, are primarily intended to aid understanding.

  • Content data: Content data comprises information generated in the course of the creation, processing, and publication of content of all kinds. This category of data can include texts, images, videos, audio files, and other multimedia content that is published on various platforms and media. Content data is not limited to the actual content itself but also includes metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates.
  • Contact data: Contact data is essential information that enables communication with persons or organizations. It includes, among other things, telephone numbers, postal addresses, and email addresses, as well as means of communication such as social media handles and instant messaging identifiers.
  • Meta, communication and procedural data: Meta, communication and procedural data are categories that contain information about the manner in which data is processed, transmitted, and managed. Metadata, also known as data about data, includes information that describes the context, origin, and structure of other data. It may include information on the file size, the creation date, the author of a document, and change histories. Communication data captures the exchange of information between users via various channels, such as email traffic, call logs, messages in social networks, and chat histories, including the persons involved, timestamps, and transmission paths. Procedural data describes the processes and workflows within systems or organizations, including workflow documentation, logs of transactions and activities, as well as audit logs, which are used for tracking and verifying processes.
  • Usage data: Usage data refers to information that captures how users interact with digital products, services, or platforms. This data encompasses a wide range of information showing how users use applications, which functions they prefer, how long they stay on certain pages, and by which paths they navigate through an application. Usage data can also include the frequency of use, timestamps of activities, IP addresses, device information, and location data. It is particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. In addition, usage data plays a decisive role in identifying trends, preferences, and possible problem areas within digital offerings.
  • Personal data: “Personal data" is any information relating to an identified or identifiable natural person (hereinafter “data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more special factors which are an expression of the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.
  • Profiles with user-related information: The processing of “profiles with user-related information", or “profiles" for short, comprises any type of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person (depending on the type of profiling, this may include various information concerning demographics, behavior, and interests, such as interaction with websites and their content, etc.), to analyze, evaluate, or to predict them (e.g., interests in certain content or products, click behavior on a website, or location). Cookies and web beacons are frequently used for profiling purposes.
  • Log data: Log data is information about events or activities that have been logged in a system or network. This data typically contains information such as timestamps, IP addresses, user actions, error messages, and other details about the use or operation of a system. Log data is often used for the analysis of system problems, for security monitoring, or for creating performance reports.
  • Reach measurement: Reach measurement (also referred to as web analytics) serves the evaluation of visitor flows to an online service and can include the behavior or interests of visitors in certain information, such as the content of websites. With the help of reach analysis, operators of online services can, for example, recognize at what time users visit their websites and which content they are interested in. This enables them, for example, to better adapt the content of the websites to the needs of their visitors. Pseudonymous cookies and web beacons are frequently used for reach analysis purposes in order to recognize returning visitors and thus obtain more accurate analyses of the use of an online service.
  • Controller: “Controller" refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: “Processing" is any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data, be it the collection, evaluation, storage, transmission, or erasure.

Basic text created with the free Datenschutz-Generator.de by Dr. Thomas Schwenke, individually supplemented, and translated into English.