Privacy Policy
We (How To Study German LLC) take data protection seriously. This notice explains what personal data we process when you use our website, on which legal bases (GDPR), for which purposes, and how you can exercise your rights.
1) Controller & Contact
Controller:
How To Study German LLC
30 N Gould St Ste N, Sheridan, WY 82801, United States
Email: in**@**************an.com
EU Representative (Art. 27 GDPR):
EXCHANGENB OÜ, Männimäe 1, Pudisoo küla, 74626 Kuusalu vald, Harju maakond, Estonia
Email: ho*************@***il.com
2) Legal Bases
- Art. 6(1)(b) GDPR – performance of a contract or steps prior to entering into a contract (e.g., purchasing digital products, handling support requests).
- Art. 6(1)(a) GDPR – consent (e.g., non-essential cookies/analytics; given via our cookie banner).
- Art. 6(1)(f) GDPR – legitimate interests (e.g., security, fraud prevention, server logs, basic audience measurement).
- Art. 6(1)(c) GDPR – legal obligations (e.g., tax and accounting record-keeping).
3) What We Process & Why
- Server access data (IP address, timestamp, referrer, URL, user agent) to operate the site securely and troubleshoot issues (legitimate interests).
- Contact/Support data (name, email, message) when you contact us via forms or email (contract or legitimate interests).
- Account/order data for digital purchases handled by Paddle (see section 5) (contract and legal obligations).
- Quiz/interaction data (quiz responses, optional name/email if you provide them) to deliver results, feedback, and statistics (contract or legitimate interests).
- Cookies & similar tech as described in section 4.
4) Cookies & Consent (Real Cookie Banner)
We use the consent tool Real Cookie Banner (devowl) to obtain and manage your consent for cookies and similar technologies. The tool sets a necessary cookie to store your choices (legal basis: Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR). You can change or withdraw consent at any time via the cookie settings link displayed on the site.
Essential cookies are required for the website to function (e.g., security, load balancing, consent storage). Non-essential cookies (e.g., analytics) are only used with your consent.
5) Third-Party Services & Plugins
We use WordPress plugins and third-party services. Depending on your interaction, the following may process personal data. Where applicable, international transfers are protected by appropriate safeguards (e.g., SCCs). Links lead to the providers’ own privacy information.
5.1 Payments – Paddle (Merchant of Record)
For paid digital products, checkout and billing are handled by Paddle as Merchant of Record. Paddle processes your payment details (e.g., name, email, billing address, payment method, IP for tax compliance) to complete transactions and prevent fraud. Paddle acts as an independent controller for payment data. See Paddle’s privacy policy: https://www.paddle.com/legal/privacy. Legal bases: Art. 6(1)(b) (contract) and Art. 6(1)(c) (legal obligation).
5.2 Anti-Spam – CleanTalk Anti-Spam
To protect forms and comments from spam, we use CleanTalk Anti-Spam. When you submit a form, technical data (IP address, email, form text/fields, browser info) are checked against spam indicators. The service may keep short-term logs for security/diagnostics. Legal basis: Art. 6(1)(f) (legitimate interests in site security and abuse prevention). CleanTalk offers EU data center options and SCCs; logs are retained for a limited period as configured.
5.3 Security – CleanTalk Security
We use Security by CleanTalk for firewall, malware, and security monitoring. It may process IP addresses, URLs requested, and suspicious activity patterns to prevent attacks. Legal basis: Art. 6(1)(f) (security of our website).
5.4 Security – Wordfence
Wordfence Security provides additional firewall and login protection. It may process IP addresses, user agent, and attempted login/activity details to detect malicious traffic. Legal basis: Art. 6(1)(f).
5.5 Bot Protection – Advanced Google reCAPTCHA
Where enabled, Google reCAPTCHA helps distinguish human users from bots. Google may receive your IP address and other technical data for this purpose. Legal basis: Art. 6(1)(f) (security). Google privacy: policies.google.com/privacy.
5.6 Site Kit by Google (Analytics/Search Console)
If analytics are enabled via Site Kit, Google Analytics uses cookies or similar tech to measure usage (pages viewed, device info, approximate location, etc.). Data may be aggregated and retained according to our Analytics settings. We load analytics only with your consent via the cookie banner (legal basis: Art. 6(1)(a)). You can withdraw consent at any time. Google privacy: policies.google.com/privacy.
5.7 Quiz Maker (By Quiz Maker team)
Our quizzes are powered by the Quiz Maker plugin. Depending on the quiz, it can store your answers and —if you choose to provide them—name and/or email address to show results, score, or send feedback. Data are stored on our server. Legal basis: Art. 6(1)(b) (providing the quiz feature) or Art. 6(1)(f) (improving content).
5.8 Forms – WPForms Lite & Contact Form 7
When you submit a form, we process the data you provide (e.g., name, email, message) to handle your request. Depending on configuration, submissions are emailed to us and/or stored on our server. Legal basis: Art. 6(1)(b) or Art. 6(1)(f).
5.9 Activity Log (admin only)
We use an Activity Log plugin to monitor administrative changes (e.g., logins, content updates) for security and troubleshooting. It stores user ID/role (for site staff), timestamps, and the action performed. Typical retention is up to 45 days. Legal basis: Art. 6(1)(f).
5.10 Redirection
Redirection manages URL redirects and may log technical error data (e.g., 404s) for debugging. We minimize or anonymize IPs where feasible. Legal basis: Art. 6(1)(f).
5.11 WP Rocket (caching)
WP Rocket speeds up the site by caching pages. It may set necessary cookies for logged-in users and store non-personal cache data. Legal basis: Art. 6(1)(f) (performance and UX). Privacy policy: https://wp-rocket.me/privacy-policy/
5.12 Local Google Fonts
Fonts are served locally via the Local Google Fonts plugin to avoid requests to Google when loading text. No personal data are sent to Google for fonts.
5.13 Elementor & Royal Elementor Addons
We use Elementor and related addons as site-building tools to render and design pages. In the standard plugin setup on our own hosting, Elementor does not itself profile visitors or process personal data beyond what is described elsewhere in this policy.
Our website is hosted via Elementor Cloud Hosting, certain personal data (such as IP addresses, technical usage data, or form submissions) may be processed on Elementor’s servers. In this case, Elementor Ltd. acts as a data processor under the GDPR. The processing is governed by a Data Processing Addendum (DPA) that is part of Elementor’s Terms of Service and ensures GDPR-compliant handling of data. More details can be found here: https://elementor.com/dpa
5.14 SEO & Utilities
Slim SEO, Schema & Structured Data for WP & AMP, XML Sitemap Generator, MaxButtons, Database Cleaner, WPCode Lite, WordPress Hide Posts are utility plugins. They primarily affect page output/metadata or maintenance and generally do not process personal data beyond technical/functional necessities.
5.15 Embedded Videos (YouTube, privacy-enhanced mode)
Where we embed videos, we use YouTube’s privacy-enhanced mode when possible. YouTube/Google may still receive your IP address and information about the page you visit. This loads only with your consent via the cookie banner (legal basis: Art. 6(1)(a)). Google privacy: policies.google.com/privacy.
6) Retention
We keep personal data only as long as necessary for the purposes stated above or as required by law. Security and activity logs are typically retained for up to 45 days unless a longer period is needed to investigate specific incidents. Quiz responses may be kept to show results/history; you can request deletion at any time.
7) International Transfers
Some providers may process data outside the EU/EEA. Where this occurs, we rely on recognized safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms and implement additional measures where appropriate.
8) Security
We apply appropriate technical and organizational measures (encryption, firewalls, least-privilege access, logging, backups) to protect your data against loss, misuse, and unauthorized access.
9) Your Rights
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR) – especially to processing based on legitimate interests and to direct marketing
- Right to withdraw consent at any time (Art. 7(3) GDPR)
- Right to lodge a complaint with a supervisory authority in the EU/EEA
To exercise your rights, please contact us at info [at] howtostudygerman [dot] com or reach out to our EU representative at how2studygerman [at] gmail [dot] com.
10) Changes to This Policy
We may update this notice to reflect legal, technical, or business developments. The “Last updated” date indicates the latest revision.
Last updated: 06 September 2025