Privacy Policy

We (How To Study German LLC) take data protection seriously. This notice explains what personal data we process when you use our website, on which legal bases (GDPR), for which purposes, and how you can exercise your rights.

1) Controller & Contact

Controller:
How To Study German LLC
30 N Gould St Ste N, Sheridan, WY 82801, United States
Email: in**@**************an.com

EU Representative (Art. 27 GDPR):
EXCHANGENB OÜ, Männimäe 1, Pudisoo küla, 74626 Kuusalu vald, Harju maakond, Estonia
Email: in**@**************an.com

2) Legal Bases

• Art. 6(1)(b) GDPR – performance of a contract or steps prior to entering into a contract.
• Art. 6(1)(a) GDPR – consent (e.g. analytics, newsletters, embedded media).
• Art. 6(1)(f) GDPR – legitimate interests (security, fraud prevention, website operation).
• Art. 6(1)(c) GDPR – legal obligations (tax and accounting).

3) What We Process & Why

• Server access data (IP address, timestamp, referrer, user agent) for security and stability.
• Contact data (name, email, message) when you contact us.
• Order and payment data for digital products (see Paddle).
• Quiz and interaction data to display results and improve content.
• Newsletter data (email address, first name) if you subscribe.
• Cookies and similar technologies as described below.

4) Cookies & Consent (Real Cookie Banner)

We use Real Cookie Banner (devowl) to manage consent for cookies and similar technologies.
Essential cookies are required for the operation and security of the website.
Non-essential cookies (e.g. analytics, embedded media) are used only after consent.

You can change or withdraw your consent at any time via the cookie settings link on our website.

5) Third-Party Services & Plugins

5.1 Security & Bot Protection – Cloudflare

We use Cloudflare as a security and performance service to protect our website against malicious traffic, bots, and attacks (e.g. DDoS).
Cloudflare processes technical connection data such as IP addresses, request metadata, and security-related information.

This processing is essential to protect the website and is based on Art. 6(1)(f) GDPR (legitimate interest in security and abuse prevention).

Privacy policy: https://www.cloudflare.com/privacypolicy/

5.2 Payments – Paddle (Merchant of Record)

Payments for digital products are handled by Paddle as Merchant of Record.
Paddle processes payment and billing data independently as controller.

Legal basis: Art. 6(1)(b) and Art. 6(1)(c).

https://www.paddle.com/legal/privacy

5.3 Anti-Spam – CleanTalk

We use CleanTalk Anti-Spam and CleanTalk Security to protect forms, logins, and the website from spam and attacks.
Technical data such as IP addresses and request patterns may be processed.

Legal basis: Art. 6(1)(f) GDPR.

5.4 Security – Wordfence

Wordfence provides firewall and login security. IP addresses and activity data may be processed to detect threats.

5.5 Google Site Kit (Analytics & Search Console)

If enabled, Google Analytics is used only after your consent via the cookie banner.
Data may include page views, device information, and approximate location.

Legal basis: Art. 6(1)(a) GDPR.

5.6 Forms – WPForms & Contact Form 7

When you submit a generic contact form, we process the data to handle your request.

5.7 Newsletter (SendFox)

We use SendFox (a service by Sumo Group Inc., 1305 E. 6th St #3, Austin, TX 78702, USA) to manage our subscriber list and send emails.

Registration & Double Opt-In:
If you subscribe to our newsletter, we process your email address and name. Registration takes place via a so-called double opt-in procedure (you will receive a confirmation email asking you to confirm your registration). This prevents misuse of your email address.

Legal Basis:

• The sending of the newsletter is based on your consent (Art. 6(1)(a) GDPR).
• The technical provision of the sign-up form and the processing of data to ensure the security of our system (spam protection) is based on our legitimate interest (Art. 6(1)(f) GDPR) in offering a secure and user-friendly newsletter system.

Data Transfer to the USA:
Data is transferred to SendFox in the USA. We ensure appropriate data protection guarantees through Standard Contractual Clauses (SCCs).

You can unsubscribe at any time via the link in every email.

Privacy Policy SendFox: https://sendfox.com/privacy

5.8 Hosting & Page Builder – Elementor Cloud

Our website is hosted via Elementor Cloud Hosting.
Technical and usage data may be processed on Elementor servers under a GDPR-compliant DPA.

https://elementor.com/dpa

5.9 Embedded Videos (YouTube)

Embedded YouTube videos are loaded only after consent. Google may receive technical data such as IP address.

6) Retention

We store personal data only as long as necessary for the stated purposes or as required by law.
Security logs are usually retained for up to 45 days.

7) International Transfers

Where data are transferred outside the EU/EEA, appropriate safeguards such as Standard Contractual Clauses are used.

8) Security

We apply technical and organizational security measures such as encryption, firewalls, access controls, and backups.

9) Your Rights

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Withdrawal of consent (Art. 7(3) GDPR)

To exercise your rights, contact us at info [at] howtostudygerman [dot] com.

10) Changes to This Policy

We may update this Privacy Policy to reflect legal or technical changes.

Last updated: 5 February 2026