Data Privacy Statement

Valid as of November 3rd, 2025

Preamble

We would like to inform you in this privacy statement about the type, scope, and purpose of personal data collection, processing, and use when using the websites provided by Lecturio – “www.lecturio.de”, “www.lecturio.com”, sub-domains like “kunde.lecturio.com”, and the services offered on such websites (e.g. apps). Lecturio is trustworthy, and the protection of your personal data is very important. This is why we would like to show you in a transparent way how and why your data are being used. We aim to offer you user-friendly, high-quality, customer-oriented, and secure services by storing, processing, and using personal data. Lecturio also complies with U.S. laws, including the Family Educational Rights and Privacy Act (“FERPA”), where applicable, which provide privacy protections for personal data.

§ 1 Definitions

In this privacy statement, the following terms are used as defined below:

§ 2 Name and contact data of the controller

The following party is responsible within the meaning of the EU GDPR and other applicable data protection laws of the European Union and its member states:

Lecturio GmbH
Käthe-Kollwitz-Str. 1
04109 Leipzig, Germany
(“Lecturio”, “we” or “us”)

Telephone: +49 341 355 699 – 70
Email: support@lecturio.com

§ 3 Name and contact data of the data protection officer

The data protection officer of the controller for data processing is:

Mr. Stephan Hartmann
Lecturio GmbH
Käthe-Kollwitz-Str. 1
04109 Leipzig, Germany
(“data protection officer”)

Any data subject may contact the data protection officer directly at any time at the above-mentioned address or via email to data-privacy@lecturio.com with any questions or suggestions regarding data protection.

§ 4 Purpose and legal basis of data processing

Lecturio operates a platform that records online courses for students and professionals in cooperation with experts and makes them available via browser and mobile apps. The services of Lecturio are generally time- and location-independent. Various data relating to your member account are collected, stored, processed, and used depending on the extent to which you use the services offered by us.

Collection of general data and information

Specific data transmitted by your browser when visiting our websites are stored automatically by our servers. The log files created thereby include data like your IP address, the URL and landing page, the time, type and number of requests, data volume transferred, date, time and duration of individual accesses, your browser type, as well as other similar information that serve for emergency response in the case of attacks on our IT systems and as protection against license abuse.

The collection and use of the information stored in the log files serve only to correctly deliver the contents of our websites, to conduct anonymous evaluations for statistical purposes (such as analyzing user behavior), to improve our services, and to provide law enforcement authorities with information necessary for prosecution in the case of cyber attacks. These data are not used to draw conclusions about the person concerned.

Data and information provided by the user

As a registered user you may submit your own comments, learning notes, keywords (“tags”), reviews, and other similar information within the framework of using our services (“user contents”), which are partially visible to other users as well. We reserve the right to store, process, and use posts that are visible to other users in anonymized form even after the deletion of the user account, unless you ask us not to. (You can find out more about this in our terms of use: https://www.lecturio.com/en/elearning/legal/termsofuse)

Monitoring of learning progress

Our system collects data about your personal user behavior, such as your learning progress, viewed videos, answered quiz questions, or similar activities, in order to provide you with optimal support while learning. These may be viewed, depending on the implementation, by the administrators of your employer or your university/educational institution. Data regarding your learning progress are not passed on to unauthorized third parties under any circumstances.

Lecturer’s learning content

Learning content uploaded and created by using services provided by us – such as videos, screencasts, quiz questions, documents, and similar educational content (“educational content”) – is only available to users within the same organization in which they were created or submitted and to which they have been allocated.

Business inquiries and offers

As a business client, you have the possibility to request service offers for your company on our website via a form. We use a service of HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland (“HubSpot”) on our website for such inquiries. We manage our inquiries using an integrated software solution. All personal data sent via such form are transferred to HubSpot for further processing by a Lecturio employee. HubSpot also stores cookies on your computer. (You can find more information about stored cookies and HubSpot’s data protection here: https://legal.hubspot.com/privacy-policy.)

§ 5 Recipient of personal data

Additional processors and third parties are necessary for the delivery of our service. These recipients, among others, receive personal data. These services and the purposes for which data are submitted to them are listed in the following paragraphs. Apart from this, only specific Lecturio employees have access to personal data, and only when this is required for delivering a service.

§ 6 User account and registration

We store and use data provided by you when subscribing to or using our services (for example, when opening a member account) for the purpose of performing the services you wish to use according to contract. These data include your email address, password, name, title, as well as other information (such as age, gender, final degree, etc.) that you submit when setting up a member account. If you have provided a high school email address for verification, it will be used for the sole purpose of verifying if you attend that specific school or educational institute.

Facebook Connect

We offer you the possibility to register for our service via Facebook Connect. You will be directed to Facebook for registration, where you can log in with your Facebook user data. Your Facebook profile will then be linked to our service. We automatically receive data (such as your username and email address) from Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (formerly Facebook, Inc.)bbb.org by this linking. We use and store these data for the purpose of registration and authentication at Lecturio. The information transferred to us will be listed in detail when you log in to Lecturio via Facebook for the first time. We only use your name, email address, date of birth, and gender from these data. This information is absolutely necessary for the conclusion of the contract, so that we are able to identify you. You can find more information about Facebook Connect and privacy settings in Facebook’s privacy notice and terms of use.

Google Sign-in

We offer you the possibility to register for our service via Google Sign-In. You will be directed to Google’s page for registration, where you can log in with your Google user data. Your Google profile will then be linked to our service. We automatically receive data (such as your username and email address) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) by this linking. We use and store these data for the purpose of registration and authentication at Lecturio. The information transferred to us will be listed in detail when you log in to Lecturio via Google for the first time. We only use your name and email address from these data. This information is absolutely necessary for the conclusion of the contract, so that we are able to identify you. You can find more information about Google Sign-In and privacy settings in Google’s privacy notice and terms of use.

§ 7 Payment services

If you want to use fee-based services on our website, you will have to submit additional information such as payment processing data (bank account, credit card or other payment details) and your billing address, as well as other information during the ordering process. Of course, we will handle all information submitted by you in accordance with legal requirements and within the framework of the agreed collaboration. Payment processing data will be forwarded to processors within the framework of the statutory provisions in order to process the payment. We will not store your credit card data on our servers. The personal data provided by you and relevant for payment processing are subject to the security and data protection regulations of the following services:

Braintree, Stripe, and PayPal are PCI DSS certified and therefore meet the most stringent requirements for safe handling and storage of credit card data. You will find more information about the security of your personal data with regard to credit card payments on the Braintree and Stripe websites (e.g. https://www.braintreepayments.com/en-de/features/data-security and https://stripe.com/legal). You will find more information about the security of your personal data with regard to purchases on account on https://www.ratepay.com/zusaetzliche-geschaeftsbedingungen-und-datenschutzhinweis-dach/.

§ 8 Customer service

We use the Zendesk ticket system, a customer service platform from Zendesk Inc., 989 Market Street #300, San Francisco, CA 94103, USA (“Zendesk”), to process customer inquiries. For this purpose, necessary data such as last name, first name, postal address, telephone number, email address and technical data (such as browser type or app version) are collected via our services (such as the website and mobile apps) in order to respond to your requests for information. We treat all data provided confidentially. Data you provide and the message history with our customer support are stored for handling follow-up questions and any subsequent contact. The data will be deleted upon termination of your membership with Lecturio or earlier at the request of the person concerned.

Further information on the security of your personal data and data processing by Zendesk can be found in Zendesk’s privacy policy at http://www.zendesk.com/company/privacy. If you have any questions, you can also contact Zendesk’s data protection officer directly at privacy@zendesk.com.

Use of Stylo (Customer Service AI Tool)

We use the AI-supported service Stylo from Stylo, Inc. (USA) as part of our customer service. Stylo is integrated into our support system and assists our employees in analyzing and responding to support requests. No fully automated decisions are made.

Processed Data: The content of your support communication (e.g., name, email address, message content) is transmitted to Stylo. The processing takes place exclusively on our behalf and serves the purpose of handling your request. The legal basis is Art. 6 (1) (b) GDPR (performance of a contract) and Art. 6 (1) (f) GDPR (legitimate interest in efficient customer service).

Data Transfers: Since Stylo is based in the USA, your data may be transferred outside the European Union/EEA (to so-called “third countries” under EU law). To ensure an adequate level of data protection, we have concluded a Data Processing Agreement with Stylo, which includes the EU Standard Contractual Clauses.

Storage Period: Your data will only be stored for as long as necessary to process your request and will then be deleted or irreversibly anonymized.

Your Rights: You can request access to, rectification of, or deletion of your personal data at any time. We remain your primary point of contact for exercising these rights and will coordinate with Stylo as necessary.

§ 9 Cookies

We use so-called cookies on our websites. Cookies are small text files that are stored on your device to hold information. Cookies enable us to speed up navigation on our website, tailor it to your needs and interests, and prevent misuse of our services. Our server can thus recognize your device as soon as you connect to our website, so you don’t have to log in every time you visit. We use so-called permanent cookies on our websites. These allow us to preserve and provide your personal settings or displays over a longer period (depending on each service) within the context of the service. Permanent cookies are deleted automatically after a specified duration (which may differ for each cookie). You may delete cookies at any time in your browser’s security settings. You can configure your browser settings according to your preferences and refuse to accept cookies. Please note, however, that you may not be able to use all functions of the website in that case.

Cookies that are stored by our service in your browser include:

If you want to manage your cookie preferences, please click the button on our site’s cookie notice to adjust your settings.

§ 10 Web analytics, tools and social plugins

Google Analytics and Google Tag Manager

Our website uses Google Analytics and Google Tag Manager, web analysis services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics and Tag Manager use cookies—text files stored on your computer that enable an analysis of your use of our website. The information generated by the cookie about your use of our website is usually transmitted to a Google server in the USA and stored there.

We have activated IP anonymization, so your IP address is truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before transmission. The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. Google uses this information on our behalf to evaluate your use of the website, compile reports on website activities, and provide other services related to website use and internet use on our behalf. The IP address transmitted by your browser for Google Analytics is not merged with other data from Google.

You may prevent the storage of cookies by configuring your browser accordingly; however, please note that you may not be able to use all functions of the website to their full extent in that case. You can also prevent Google from collecting and processing data generated by the cookie about your use of our website (including your IP address) by downloading and installing the browser plugin for deactivation available at: https://tools.google.com/dlpage/gaoptout.

You can find more information about Google Analytics’ data protection regulations here: https://support.google.com/analytics/answer/6004245.

Google Remarketing

We use various services in order to make our internet offering more interesting for you. This advertising function enables us to show users who have already visited our website and shown interest in our offer targeted, personalized, interest-related advertisements on other websites (for example, within Google’s display network). The advertisement is inserted by using cookies that help us analyze user behavior on our site and can subsequently be used for targeted product recommendations and interest-based advertising. Personal data are not stored and user profiles with personal data are not created in this context.

The following remarketing services are used on our website:

Hotjar

We use Hotjar, a service of Hotjar Ltd, Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta (“Hotjar”), in order to better understand our users’ needs and to optimize our service and user experience. Hotjar is a technology service that helps us understand our users’ experience (e.g., how much time they spend on which pages, which links they click, what users do and don’t like) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

Criteo

Anonymized information about the surfing habits of website visitors is collected and stored on our websites by the technology of Criteo GmbH, Gewürzmühlstr. 11, 80538 Munich, Germany (“Criteo”) for marketing purposes. These data are stored in cookies on the visitor’s computer. Criteo analyzes the anonymized recorded surfing behavior using an algorithm and can subsequently display targeted product recommendations as personalized advertising banners on other websites (so-called publishers). In no case will these data be used to personally identify you as a visitor to our website. The collected data are used solely to improve our offerings. This information is not used otherwise or disclosed to third parties. You can object to the completely anonymous analysis of your surfing habits on our websites by using the following link to opt out: https://www.criteo.com/privacy/. You can find more information about Criteo’s technology and data protection on https://www.criteo.com/privacy/.

Doceree

Anonymous data are collected by Doceree, which powers ad serving on parts of the website through real-time bidding. Running ads allows us to keep part of our product free. To make ads less intrusive, we try to keep them as relevant and personalized as possible. To do this, some anonymous data are tracked, such as browser and device type, as well as an encrypted user ID. This data is used by Doceree’s advertising partners to decide what ads to show to which website visitors. If you have any concerns or wish to request to be excluded from personalized targeting, you can reach Doceree by email at support@doceree.com. (Doceree’s address: 14 Walsh Drive, Suite #302, Parsippany, New Jersey 07054, USA. You can find Doceree’s privacy statement here: https://doceree.com/us/us-privacy-policy/.)

Tiktok

Lecturio uses TikTok Ads to promote our service, and we track the effectiveness of our advertising campaigns through the TikTok Pixel. This is a tool that allows us to collect data on user interactions with our site, such as page views, trial starts, and purchases. This data helps us understand the performance of our ads. The cookies are valid for up to 13 months. The information collected by TikTok may include device information, IP address, and user interactions with our website. This data is shared with TikTok for the purpose of ad targeting and performance analysis, and TikTok may use this data in accordance with their privacy policy. We ensure that all data collected through the TikTok Pixel is handled in a manner that respects your privacy rights. You can find more information about how TikTok processes data by visiting their privacy policy page here: https://www.tiktok.com/legal/page/us/privacy-policy/en. You can opt out of TikTok tracking by rejecting the TikTok cookie in our cookie settings. (TikTok Inc.: 5800 Bristol Parkway, Suite 100, Culver City, CA 90230, USA.)

Social plugins (Facebook and X/Twitter)

Our website uses so-called social plugins (“plugins”) from the social network Facebook and the microblogging service X (formerly Twitter). These services are provided by the following companies (“providers”): Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”)bbb.org and X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (formerly Twitter, Inc.clay.com, hereafter “Twitter”).

You can find an overview of Facebook’s plugins and their appearance here: https://developers.facebook.com/docs/plugins.

You can find an overview of Twitter’s buttons and their appearance here: https://about.twitter.com/resources/buttons#tweet.

When you open a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Facebook or Twitter. The content of the plugin is transmitted by the respective provider directly to your browser and integrated into the page. Through this integration, the providers receive the information that your browser has accessed the respective page of our website, even if you do not have a profile on the social network or are not logged in. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider in the USA and stored there.

If you are logged in on one of these services, the provider can directly associate your visit to our website with your profile on Facebook or Twitter. If you interact with the plugins, for example by clicking the “Like” button or the Twitter “Tweet” button (on X), the corresponding information will also be transmitted directly to the provider’s server and stored there. This information may also be displayed on your social media profile or shared with your contacts on the social network (e.g. shown in your Facebook timeline or Twitter/X feed).

You can find more information about the purpose and scope of data collection and the further processing and use of the data by these providers, as well as your rights and settings options for protecting your privacy, in the data protection notices of the providers:

If you do not want Facebook or Twitter to directly associate the data collected via our website with your profile on their services, you should log out of the respective service before visiting our website. You can also completely prevent the plugins from loading by using browser add-ons, such as the script blocker “NoScript” (https://noscript.net/).

Affiliate Program – Tolt

Lecturio uses the tracking function of the affiliate software Tolt, Inc. Through this tool, Lecturio can reward affiliate partners that generate sales. Tolt uses cookies, which are text files stored by the browser. These cookies (named qc_1, qc_id, and pid) provide information about the source through which users access our website and thus enable us to determine if paid affiliates generated sales. The cookies are valid for 60 days. No personal data are stored. As long as the cookie is valid, we as website operators are only able to determine that someone clicked a specific affiliate link and started a paid subscription. We also track whether someone registered a free account and if a trial was started. The statistics include the number of clicks on these links as well as the date and time, and counts of how many users reach a target page with a “conversion tag”. However, the statistics do not contain any data that would allow us to draw conclusions about you as an individual. If you have any concerns or wish to opt out, you can disable this tracking by rejecting the affiliate cookie in our cookie settings. (Tolt Inc.: 2093 Philadelphia Pike, #2726, Claymont, DE 19703, USA. You can find Tolt’s privacy policy here: https://tolt.io/privacy-policy.)

Affiliate Program – NetSlave (Quality Click)

This website uses the tracking function of the affiliate software “Quality Click” by NetSlave GmbH, Simon-Dach-Str. 12, 10245 Berlin, Germany (“Quality Click”). Quality Click uses cookies (named qc_1, qc_id, and pid) that are stored on your computer. These cookies provide information about the source through which users access our website and enable us to determine which affiliate referred users to our page. The cookies are valid for a maximum of 30 days. No personal data are stored. As long as the cookie is valid, we as website operators can only determine via the Quality Click software that you clicked a specific link and therefore accessed one of our offers. The statistics show the number of clicks on these links and the date and time. It also counts how many users reach a target page with a conversion tag. However, the statistics do not contain any data that would allow us to identify you personally. You can prevent the installation of these cookies by adjusting your browser settings or you can set an opt-out (non-tracking) cookie. By using this website, you agree to the processing of data collected via Quality Click as described above and for the aforementioned purposes.

Langfuse

We use Langfuse, a platform provided by Langfuse GmbH, Gethsemanestraße 4, 10437 Berlin (Germany), to analyze our AI-based chat function. Langfuse is integrated on the server side and logs pseudonymized user IDs and the complete chat content (i.e., your inputs and the AI’s responses). Langfuse is operated on servers within the EU. We have a contract with the provider for order processing, which includes the EU standard contractual clauses to ensure an adequate level of data protection. Langfuse stores chat histories for up to 365 days solely to ensure the functionality and error analysis of the AI features; the data is not used for product improvement purposes. This data is also not used for product or training purposes. Processing is carried out in accordance with Art. 6 (1) lit. b GDPR for the fulfillment of the contractual relationship and for the technical provision of the contractually owed services.

UserPilot

We use UserPilot, a cloud-based service provided by Userpilot Inc., 1401 Lavaca Street Unit #7019, Austin, TX 78701, USA, to provide contextual help, guided tours, and interaction analysis within our application. The service is technically integrated via Google Tag Manager, which serves exclusively as a container management tool and does not transfer any personal data to third parties.

UserPilot processes personal data such as your email address (if stored), usage and click behavior within the application, assigned user segments, and, if applicable, information about your tariff or role in order to analyze the use of the platform and display context-sensitive help or tips. This processing is based on our legitimate interest in a user-friendly, efficient, and needs-based design of our services (Art. 6 (1) (f) GDPR).

UserPilot’s server infrastructure is distributed globally; storage within the European Union is planned. To protect your data, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) (c) GDPR to ensure a level of protection that complies with EU data protection regulations.

UserPilot is used regardless of your consent in the cookie banner, as it is not a tracking or marketing tool, but a functional analysis and support system that is used exclusively within our application. You can deactivate data processing by UserPilot at any time by turning off in-app help or guided tours in your account settings or by configuring your browser accordingly.

Matomo

Our website uses Matomo, an open-source web analytics software that we host ourselves. Matomo uses first-party cookies to evaluate usage behavior on our website. Your IP address is anonymized (i.e., shortened) so that it cannot be traced back to you personally. The information generated by the cookies is processed exclusively on our own servers and is not passed on to third parties. Data processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in statistically analyzing the use of our website and continuously improving our offering. Note: You can object to this data processing by Matomo at any time with effect for the future, e.g., by activating the “Do Not Track” option in your browser.

§ 11 App analytics and push messages

Firebase

If you use our mobile apps on iOS or Android, you have the option to activate “push notifications”. We use push notifications to help you get started by sending useful tips to your device and to inform you about the latest course releases, specific content, occasional discount campaigns, and similar content based on your learning progress. You can revoke your consent to receive push messages at any time by changing your device settings. Push messages are sent via Firebase, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Additionally, we use Firebase to collect user data when users use our apps. Firebase collects data about app use, particularly regarding system crashes and errors. Information about the device, the installed app version, and other information that can help us diagnose and fix errors (in particular regarding the software and hardware of the user’s device) are used for this purpose. You can find more information in Firebase’s privacy statement: https://firebase.google.com/support/privacy.

Adjust

Our mobile apps use the usage analysis technology “Adjust.io”, a service provided by adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany (“Adjust”). Adjust collects installation and event data, such as when the app is installed and events like “app opened” or “account created” when you interact with our app. We use this anonymized information to better understand how our users interact with the app and to analyze the performance of mobile ad campaigns. Adjust uses your anonymized advertising identifiers (IDFA on iOS or Android Advertising ID) as well as your anonymized IP and MAC address for this analysis. It is not possible for us to identify you personally through this data. You can find more information about Adjust’s privacy practices here: https://www.adjust.com/privacy-policy/.

Braze

We use the Braze platform, a service of Braze, Inc., 330 W 34th St, 18th Floor, New York, NY 10001, USA (“Braze”) to improve the customer experience. We may process personal information such as your name, email address, and activity data. In addition, we automatically receive and store cookie information and other information about the use of our service in server log files, including IP address, pages visited, time spent on pages, access times, and information about the browser and operating system used. We use this information to ensure you have a better introduction to our service (e.g., via a tooltip tour), to analyze the use of the service and improve its functionality and user-friendliness, and to better adapt the service to your needs. You can find more information about the security of your personal data at Braze here: https://www.braze.com/company/legal/privacy. The processing of personal data by Braze is carried out in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interest in providing the most user-friendly experience of our services.

§ 12 Lecturio Coach Program

General

If you are a member of the Lecturio Coach program, your coaches will have access to the personal data you have entered on Lecturio’s platform (e.g., name and email address). In addition, coaches have visibility of your learning progress. Regular communication between you and a Lecturio Coach may require the use of third-party video conferencing software not provided or operated by Lecturio. The choice of software depends on the respective Lecturio Coach (e.g., they might use Zoom, Microsoft Teams, etc.). The privacy policy of the software used will apply to such communications. The processing of personal data by third-party video conferencing software and the viewing of your data by Lecturio Coaches take place in accordance with Article 6 (1) (b) GDPR, as this is necessary for the performance of the coaching service contract.

Typeform

For initial communication between you and the Lecturio Coach program, we use the Typeform platform, a service provided by TYPEFORM S.L., Carrer de Pallars 108 (Aticco), 08018 Barcelona, Spain (“Typeform”). Typeform processes the data you enter in the form as well as cookie information and other usage information. (You can find more information about Typeform’s use of cookies here: https://admin.typeform.com/to/dwk6gt/.) The processing of personal data by Typeform and the access by Lecturio Coaches take place in accordance with Article 6 (1) (b) GDPR as it is necessary for the performance of the service. You can find more information about the security of your personal data with Typeform here: https://admin.typeform.com/to/dwk6gt/.

§ 13 Newsletter

You have the option to subscribe to our newsletter. To do so, you must provide your email address. We use Optimizely (formerly Episerver)en.wikipedia.org, a service provided by Episerver GmbH, Wallstraße 16, 10179 Berlin, Germany, to send our newsletter. We use the double opt-in process (DOI) for newsletter subscription. After subscribing, you will receive an email asking you to confirm your subscription. When registering for the newsletter, we store your IP address and the date and time of registration. This storage serves only as proof in case a third party misuses an email address and subscribes someone to the newsletter without their knowledge.

A tracking pixel is used when you open a newsletter. The following data are logged: the email address, the specific newsletter issue, and the date and time of opening. The links in our newsletters contain tracking information that enables us to determine which links were of interest to you (if you clicked them). The following data are stored via such tracking links: email address, newsletter issue, specific link clicked, and the date and time of the click. This information helps us understand reader engagement and improve our newsletters.

You can revoke your consent to receive the newsletter at any time with future effect by contacting us (for example, by email to support@lecturio.com) or via the unsubscribe link provided in every newsletter email. Once you revoke consent, we will stop sending you the newsletter and will delete or anonymize the related personal data, unless it is also stored for other purposes described in this statement (in which case it will be retained only as long as needed for those purposes).

§ 14 Duration of storage of personal data

The duration for which personal data are stored is determined by the applicable legal retention periods and our operational needs. Personal data are routinely deleted after the expiry of these periods or immediately after termination of your Lecturio membership, unless the data are required to fulfill or initiate a contract or another legal basis for processing applies. Specifically, the following retention periods generally apply:

If you wish to terminate your membership and have your data deleted, please contact our customer service (e.g., by email to support@lecturio.com). Upon termination of your membership, your personal data will be deleted or anonymized as outlined above, unless we are required by law to retain it for a longer period.

§ 15 Rights of the data subject

As a data subject, you have the following rights under the GDPR and other applicable data protection laws:

If you wish to exercise any of these rights, you can contact our data protection officer or our customer service at any time (e.g., via email to data-privacy@lecturio.com or support@lecturio.com). We will respond to your request as soon as possible and within the legal time limits. Please note that we may require additional information to confirm your identity before processing certain requests. We also reserve the right, as permitted by law, to charge a reasonable fee based on administrative costs or to refuse to act on a request if it is manifestly unfounded or excessive (for example, in case of repetitive requests).

§ 16 Transfer of personal data to third parties

We work with specific external service providers to process your data, including for IT hosting and other support services. Data may be transferred to these service providers (processors or third parties) in the context of providing our services. We ensure that any data transfer is carried out in compliance with the applicable data protection provisions. All service providers are carefully selected and bound by contract to process personal data in accordance with our instructions and applicable data protection law (Art. 28 GDPR data processing agreements, including EU Standard Contractual Clauses when required for international transfers). If any service providers are located in a country outside the EU or EEA, we provide an adequate level of data protection through appropriate safeguards (such as Standard Contractual Clauses or an adequacy decision, where applicable) and inform you of such transfers in the relevant sections of this privacy statement.

§ 17 Sweepstakes

If we organize sweepstakes, contests, or similar competitions, separate terms and conditions and data protection information will apply to the collection and processing of personal data in that context. We will inform participants of those specific privacy terms when such events occur. Please refer to the specific conditions provided for each sweepstake or contest for details on data usage.

§ 18 Miscellaneous

If you become aware that a third party has registered an account with us using your email address (and you did not authorize this), please inform us. Upon verifying the situation, we will immediately delete that profile at your request.

We reserve the right to update this privacy statement at any time in the course of improving our services or implementing new technologies or due to changes in legal requirements. We therefore recommend that you review this privacy statement from time to time to stay informed about how we protect your data.

German law applies.