Privacy Policy
1 Preamble
Data protection is important to us and your trust is our top priority. That is why we always treat your personal data confidentially and naturally comply with all relevant statutory data protection regulations. We only process your personal data if this is permitted by law or if you have given us your consent to do so. You can find out more in this privacy policy:
- The way in which we handle personal data on the Internet and what information about visitors to our website we collect and analyze.
- Whether and how this information is used, passed on or otherwise processed.
This privacy policy applies to your visit to our website https://www.easy-spanish.org. It does not apply to any of our other Easy Languages services.
2 Controller
This privacy policy applies to data processing by us as the controller in accordance with Art. 4 (7) of the General Data Protection Regulation (GDPR). Our contact details are:
Easy Languages GmbH
Represented by Carina Schmid
Torstr. 85
Einheit 80
10119 Berlin
Germany
Email: info@easy-languages.org
Website: https://www.easy-languages.org
3 Data Protection Officer
Dr. Jochen Notholt
Lindwurmstraße 10
80337 München
Email: dsb@comp-lex.de
4 Definitions of Terms
Insofar as this privacy policy does not contain or imply a different definition, reference is made to the definitions in Art. 4 GDPR with regard to the terms used.
5 SSL Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, these pages use an SSL encryption. You can recognize an encrypted connection by the browser address line changing from “http://” to “https://” and a lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
6 Accessing our website
We use the services of Squarespace Ireland Ltd, Le Pole House, Ship Street Great, Dublin 8, Ireland for web hosting for our website and have concluded a data processing contract with Squarespace in accordance with Art. 28 GDPR. Further information can be found in Squarespace's privacy policy at https://de.squarespace.com/privacy/.
The legal basis is our legitimate interest in operating and maintaining the operational security of these websites in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Squarespace collects personal data when you visit this website. This includes:
- Information about your browser, network and device
- Websites that you visited before visiting this website
- Web pages that you visit on this website
- Your IP address
Squarespace needs the data to operate this website and to protect and improve its platform and services. Squarespace analyzes the data in a depersonalized form. We cannot draw any direct conclusions about your identity from the processing of the data in the log file. This data is temporarily stored in the log file and deleted after 7 days. The legal basis for this processing is Art. 6 (1) p. 1 lit. f GDPR.
The anonymized data of the server log files are stored separately from all personal data provided by a data subject.
Google FontsWe also use fonts from Google Fonts on our website. We have installed Google Web Fonts locally. This means that there is no connection or data transfer to Google servers.
7 Contact Possibilities
When you contact us (by telephone, contact form, email or via social media), we need your personal data (name, contact details such as telephone number or email address) in order to process your inquiry or request. Your personal data is processed on the basis of Art. 6 (1) lit. b GDPR. This personal data may be stored in a CRM system ("Customer Relationship Management System") or comparable systems for organizing inquiries. This enables us to efficiently organize incoming contacts. This processing of your personal data takes place on the basis of Art. 6 (1) lit. f GDPR.
We delete the data if it is no longer required or - in the case of statutory retention obligations - we restrict the processing. We review the necessity every six months.
8 Jotform
We use the provider Jotform, 4 Embarcadero Center, Suite 780, San Francisco CA 94111 for our online forms. Jotform receives the personal data that you enter when using the form and, if necessary, other data when submitting it. We have chosen servers in the EU for data storage. Your data will be processed based on your consent in accordance with Art. 6 Para. 1 lit a GDPR and in order to process your request, Art. 6 Para. 1 lit b GDPR.
Data may still be transferred to the USA. Jotform has integrated the standard contractual clauses, so the data transfer takes place in accordance with Article 42 Paragraphs 2 and 3 GDPR. The SCC are based on the EU Commission's implementing decision: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
We have concluded an order processing agreement with Jotform. More about data processing by Jotform here: https://www.jotform.com/privacy/
9 Cookies
Cookies are small files or other types of information storage that are transferred from our web server or the web server of third parties to your web browser and stored there for later retrieval. This identifies the browser used and can be recognized by the web server. The storage and retrieval of information by cookies on end devices is generally only permitted with your prior consent. However, an exception applies if the storage and retrieval is necessary for the functionality of the website. This includes, for example, maintaining system security. Consent is not required for the cookies required to operate the website/online store. There is also no right of revocation with regard to this data processing.
We also use cookies to offer special functions and content as well as for analysis and marketing purposes and to ensure customer-friendly and effective use of our website. These may also include cookies from third-party providers (so-called third-party cookies). We only use such technically unnecessary cookies with your consent in accordance with Art. 6 (1) (a) GDPR.
Right of revocation and objection:Information on the purposes, providers, technologies used, stored data and the storage duration of individual cookies can be found in the cookie settings. In order to avoid the storage of cookies, you can also set your Internet browser so that no more cookies can be stored on your computer in the future or cookies that have already been stored are deleted. Here you can access the administration for the most common browsers:
- Google Chrome: https://support.google.com/chrome/answer/95647?tid=311853917
- Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac
- Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?tid=311853917
- Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
However, disabling all cookies may mean that some functions on our website can no longer be performed. If you would like to delete individual cookies set in your browser or would like to know which service providers and suppliers have set cookies in your browser, you can have this displayed in so-called "preference managers" and manage the storage. Such a manager is e.g. https://www.youronlinechoices.com
For our consent management, we use the cookie-consent tool provided by consentmanager.de, which is operated by consentmanager GmbH, Eppendorfer Weg 183, 20253 Hamburg, Germany
This tool helps us manage user consent for cookies, ensuring compliance with GDPR by recording and storing user preferences. It also provides users with detailed information about the cookies used on our website and allows them to easily change their consent settings at any time.
10 Social Media Plugins
YouTubeOn this website, the controller has integrated components of YouTube. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Parent Company is: Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
YouTube is an Internet video portal that enables video publishers to upload video clips for other users free of charge, including commenting on the videos. Each time one of the individual pages of our website is accessed on which YouTube plug-ins have been integrated, the representation of the YouTube plug-in is downloaded by the visitor's Internet browser. YouTube and Google receive information about the subpages of our website that are visited.
If the user is logged in to YouTube at the same time, YouTube can link this information to the person's account on the social media platform at YouTube. If the data subject clicks on an integrated button on our website, e.g. the "Like" button, YouTube also links this to the user account and stores this data.
The link to YouTube is deactivated for us. Only with the express consent of the user in accordance with Art. 6 Paragraph 1 lit a GDPR a connection is established.
If the transmission of information to YouTube is not desired, the data subject must ensure that they are logged out of their YouTube account before visiting our website.
For further information about collecting data and privacy on YouTube, please see: https://www.google.com/intl/en/policies/privacy/
https://www.youtube.com/yt/about/en/
11 Newsletter
On our website you have the option of registering for our free newsletter. When you register, we save your email address and optionally your name. We use the so-called double opt-in procedure to activate the newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive newsletters. We also store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
The newsletter is sent on the basis of the consent of the recipient, Art 6 (1) 1 lit a GDPR, or, if consent is not required, on the basis of our legitimate interests in direct marketing, Art 6 (1) 1 lit f GDPR, if and insofar as this is permitted by law, e.g. in the case of advertising to existing customers.
We use the provider MailerLite to send our newsletter. The parent company is MailerLite Inc., 548 Market St, PMB 98174, San Francisco, CA 94104-5401, United States. The use of the mailing service provider, the performance of statistical surveys and analyses as well as the recording of the registration process are based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. The personal data collected as part of the respective newsletter service will not be passed on to third parties.
We process your data in this context for as long as you are our user or you object to this data processing.
Revocation of the newsletterYou can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by e-mail privacy@easy-languages.org or by sending a message to the contact details given in the imprint.
12 Email-Marketing
We use the provider MailerLite, 71 Lower Baggot Street, Dublin 2, D02 P539 for our email marketing. The parent company is MailerLite Inc., 548 Market St, PMB 98174, San Francisco, CA 94104-5401, United States. MailerLite is a service with which we can organize and analyze the sending of newsletters (click rate and conversion rate, etc.). The data you enter when registering for the newsletter will be stored and processed on MailerLite's servers.
The processing takes place based on your consent in accordance with Art. 6 Para. 1 lit a GDPR. You can revoke your consent at any time by unsubscribing from the newsletter. Every newsletter contains an “unsubscribe” link. The servers are located in the EU for EU users. Data may still be transferred to the USA. MailerLite has integrated the standard contractual clauses, so the data transfer takes place in accordance with Article 42 Paragraphs 2 and 3 GDPR. The SCC are based on the EU Commission's implementing decision: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
We have concluded an order processing agreement with MailerLite. More about data processing by MailerLite here: https://www.mailerlite.com/legal/privacy-policy
13 Forms & Applications
AirtableTo manage the data from our forms, we use the cloud collaboration service Airtable from the provider Airtable, 799 Market Street, 8th Floor, San Fransisco, CA 94103. We store personal data: name, email address, telephone number and any other information requested in the form. The data is transmitted encrypted and stored encrypted at Airtable.
Your data will be processed based on your consent in accordance with Art. 6 Para. 1 lit a GDPR and in order to process your request, Art. 6 Para. 1 lit b GDPR. Data may still be transferred to the USA. Airtable has integrated the standard contractual clauses, so the data transfer takes place in accordance with Article 42 Paragraphs 2 and 3 GDPR. The SCC are based on the EU Commission's implementing decision: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
We have concluded an order processing agreement with Airtable. More about data processing by Airtable here: https://www.airtable.com/company/privacy/de
14 Payment Providers
StripeWe offer the option of processing the payment transaction via the payment service provider Stripe, 510 Townsend St., San Francisco, CA 94103. In this context, we pass on the following data to Stripe to the extent necessary for the fulfillment of the contract (Art. 6 para. 1 lit b. GDPR):
- Name of the cardholder
- E-mail address
- Customer number
- Order number
- Bank details
- Credit card details
- Credit card expiry date
- Credit card verification number (CVC)
- Date and time of the transaction
- Transaction amount
- Name of the provider
- Location
We cannot process a payment via Stripe without the transmission of your personal data. The processing via Stripe is based on our legitimate interest in offering an efficient and secure payment method in accordance with Art. 6 para. 1 lit. f GDPR. Stripe assumes a dual role as controller and processor for data processing activities. As the controller, Stripe uses your transmitted data to fulfill regulatory obligations. This corresponds to Stripe's legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR and serves the execution of the contract pursuant to Art. 6 para. 1 lit. b GDPR. We have no influence on this process. Stripe acts as a processor in order to complete transactions within the payment networks. As part of the order processing relationship, Stripe acts exclusively in accordance with our instructions and has been contractually obliged to comply with data protection regulations in accordance with Art. 28 GDPR.
Data is transferred and processed in the USA. Stripe is certified in accordance with the US-EU Data Privacy Framework; https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. Stripe has also included the Standard Contractual Clauses (SCC) of the EU Commission; https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
Further information on objection and removal options vis-à-vis Stripe can be found at: https://stripe.com/privacy-center/legal
Your data will be stored by us until payment processing is completed. This also includes the period required for the processing of refunds, receivables management and fraud prevention.
PayPalWe use the service provider PayPal to process payments. When paying via PayPal, the collection, processing and storage of electronic payment transaction data is carried out by our partner PayPal (PayPal (Europe) S.à r. l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449, Luxembourg).
If you wish to pay via PayPal, you must be registered with PayPal or register first and legitimize yourself with your access data. The payment transaction is carried out automatically by PayPal immediately after confirmation of the payment instruction. You will receive further instructions during the order process.
For each payment transaction PayPal receives data for the processing of electronic payment transactions, such as gender, first name, last name, company, address, zip code, city, country, customer number, e-mail, or type of payment. PayPal collects this data directly from you and it is processed by PayPal as part of the payment processing. The transfer of your data to PayPal takes place in each case in accordance with Art. 6 (1) lit. b DSGVO. For further data protection information, please refer to the privacy policy of PayPal https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments or if there are legal obligations to retain data.
15 Data Transmission via Dropbox
We also use the provider Dropbox, from Dropbox Inc, One Park Place, Florr 5, Upper Hatch Street, Dublin 2, for data transmission. The parent company is Dropbox Inc in the USA. Data that you transmit to us via Dropbox may be processed in the USA. Dropbox is certified in accordance with the US-EU Data Privacy Framework; https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. Dropbox Inc. has also included the Standard Contractual Clauses (SCC) of the EU Commission; https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
16 Podcast Services
We provide audio content. We use the services of various providers who host the podcasts and analyze the use of the podcast episodes. The use is based on our legitimate interests, i.e. interest in the secure and efficient provision, analysis and optimization of our podcast offer in accordance with Art. 6 para. 1 lit. f. GDPR. When the podcast episodes are accessed, IP addresses and device information are transmitted and processed in order to enable podcast downloads/playbacks and usage data such as access and access duration are collected and processed in order to determine statistical data such as access figures.
Libsyn HostingWe use Libsyn, headquartered in Pittsburgh, 5001 Baum Blvd #770, United States, for podcast hosting. Data is transferred to the USA. When the podcasts are accessed, Libsyn receives the IP address and information about the user's device so that the podcasts can be downloaded and/or played. However, Libsyn anonymizes the data before storing it, unless it is required to deliver the podcasts. We do not receive any personal data from Libsyn in the statistics.
Data is transferred to the USA. A connection to Libsyn is only established when you actively access the podcast episodes by clicking on them. Information on data processing by the provider: https://libsyn.com/tos-policies/privacy-policy/
schnee von morgen webTV GmbHWe use the service schnee von morgen from the provider schnee von morgen webTV GmbH, Kiefholzstraße 1 Aufgang K1, 12435 Berlin. The provider receives the IP address when the podcast episode is accessed and then places a corresponding advertisement depending on the country and date. We have concluded an order processing contract with schnee von morgen webTV in accordance with Art. 28 GDPR.
The use of the provider is based on our legitimate interest in being able to offer the podcast free of charge, Art. 6 para. 1 lit. f GDPR. Information on data processing by the provider: https://www.schneevonmorgen.com/privacypolicy.html
Chartable Analyse and TrackingWe use the service of the provider Chartable for podcast reach analysis; Chartable Holding, Inc, 535 5th Ave, Fl 16, New York, NY 10017, USA. The provider compiles download statistics for us. We receive information about which podcasts are particularly popular so that we can adapt and improve our offerings. Among other things, the provider processes the IP address, device information, browser information and access to episodes on our behalf.
Data is transferred to and processed in the USA. The processing takes place on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR. Further information on data processing by Chartable can be found in Chartable's privacy policy: https://chartable.com/privacy
SpeakPipeWe allow you to send us voice messages for use in our podcast episodes. To offer you this option, we use the service provider SpeakPipe, PO Box 10323, Portland, Maine, 04104, United States. SpeakPipe provides us with the entire technical infrastructure. Your voice message is transmitted directly to SpeakPipe. We have access to a dashboard where we can retrieve and manage all voice messages. We can also download the voice messages from there. When you send us a voice message, all the information you provide us within your voice message, including your voice, is processed. If you provide us with additional data, such as your name or e-mail address, we will also use and process this personal data.
Data is transferred to and processed in the USA. The connection to SpeakPipe is only established when you actively click the button on the respective page. The processing is based on your express consent in accordance with Art. 6 para. 1 lit. a GDPR.
17 Data Processors
Insofar as we work with processors, these are processors with whom we have concluded an agreement in accordance with Art. 28 GDPR. In addition, we naturally ensure in advance that our processors comply with all data protection regulations so that your data is always secure.
18 Data Transfer to Third Parties
We only process your personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) if it is necessary for the fulfillment of our (pre)contractual obligations (pursuant to Art. 6 (1) lit. b GDPR), on the basis of your consent (pursuant to Art. 6 (1) lit. a GDPR), on the basis of a legal obligation (pursuant to Art. 6 (1) lit. c GDPR) or on the basis of our legitimate interests (pursuant to Art. 6 (1) lit. f GDPR). The same applies to processing by third parties on our behalf, the disclosure of your personal data to third parties and their transfer to third parties.
Subject to legal or contractual authorizations, we process or have the data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing takes place on the basis of an adequacy decision or officially recognized special contractual obligations (EU standard contractual clauses https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
An adequate level of data protection exists, for example, with companies that are certified in accordance with the EU-US Data Privacy Framework or with companies that conclude the EU standard contractual clauses.
19 Deletion of Personal Data
The data processed by us is deleted in accordance with Art. 17 GDPR or its processing is restricted in accordance with Art. 18 GDPR. Unless otherwise stipulated in this privacy policy, the data processed by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. We review the necessity every six months. If the data is not deleted because it is required for other, legally permissible purposes, its processing will be restricted. This means that the data is blocked and not used. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements in Germany, commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc. are stored for six years in accordance with Section 257 (1) HGB and books, records, management reports, accounting vouchers, commercial and business letters and documents relevant for taxation, etc. are stored for ten years in accordance with Section 147 (1) AO.
20 Data Subjects Rights
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
- in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
- to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;
- to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
21 Rights of Revocation and Objection
Revocation of consents grantedIf we process your personal data on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR, you have the right to revoke any consent you have given us in accordance with Art. 7 (3) GDPR with effect for the future. If you wish to exercise your right of withdrawal, you can inform us by sending an email to privacy@easy-languages.org. Alternatively, you can also use the contact details provided in section 2 above.
Objection to processing on the basis of legitimate interestIf we process your personal data on the basis of our legitimate interests in accordance with Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. If you wish to make use of your right of revocation or objection, you can inform us by email to privacy@easy-languages.org. Alternatively, you can also use the contact details provided in section 2 above.
22 Security Measures
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
23 Changes to the Data Protection Provisions
We reserve the right to amend our privacy policy if this should be necessary due to new technologies or changes to our data processing processes or to adapt it to changes in the legal situation applicable to us. However, this only applies to this privacy policy. If we process your personal data on the basis of your consent or if parts of the privacy policy contain provisions of the contractual relationship with the users, any changes will only be made with the consent of the users.
You can view the current version of our privacy policy and its change history at https://www.easy-spanish.org/privacy.
Change History
2024-06-11: Comprehensive update of the privacy policy to enhance clarity and ensure compliance with current data protection regulations.