Privacy Policy
Privacy Policy of Sprachinstitut Berlin
This privacy policy is provided in both German and English. The German version is the legally binding version.
1. Responsible Entity
SID-Sprach-& Bildungsinstitut Deutschland GmbH
Business Address
Kommandantenstrasse 80
10117 Berlin
2. Collection and Storage of Personal Data, and the Nature and Purpose of Their Use
a) When Visiting the Website
When you access our website www.sprachinstitut-berlin.de, information is automatically sent from your browser to the server of our website. This information is temporarily stored in a log file. The following information is collected without your intervention and stored until automated deletion:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
The mentioned data is processed by us for the following purposes:
- Ensuring a smooth connection setup of the website
- Ensuring comfortable use of our website
- Evaluation of system security and stability
- For further administrative purposes
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection. In no case do we use the collected data for the purpose of drawing conclusions about your person.
b) When Subscribing to Our Newsletter
If you have expressly consented according to Art. 6 para. 1 lit. a GDPR, we use your email address to send you our newsletter regularly. To receive the newsletter, providing an email address is sufficient.
You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can send your unsubscribe request at any time to info@sprachinstitut-berlin.de by email.
c) When Using Our Contact Form
If you have any questions, we offer you the opportunity to contact us via a form provided on the website. It is necessary to provide a valid email address so that we know who the inquiry is from and to be able to answer it. Further information can be provided voluntarily.
Data processing for the purpose of contacting us is carried out according to Art. 6 para. 1 lit. a GDPR based on your voluntarily given consent.
The personal data collected by us for the use of the contact form will be automatically deleted after the completion of your request.
3. Transfer of Data
Your personal data will only be transferred to third parties if this is necessary and one of the following legal bases applies:
- Performance of a contract (Art. 6 para. 1 lit. b GDPR): If the transfer is necessary for the processing of a contractual relationship, e.g. for payment processing by payment service providers or for registration for a language course.
- Consent (Art. 6 para. 1 lit. a GDPR): If you have given us your express consent to pass on your data, for example for the sending of marketing material by third parties.
- Legitimate interest (Art. 6 para. 1 lit. f GDPR): If the disclosure is necessary to safeguard our legitimate interests and your interests or fundamental rights do not outweigh this, e.g. for the assertion or defense of legal claims.
- Fulfillment of a legal obligation (Art. 6 para. 1 lit. c GDPR): If we are legally obliged to disclose data to authorities or courts.
Recipients of the data may be:
- Technical service providers (hosting providers, email service providers) who operate our website and communication.
- Payment service providers for processing payments.
- Marketing and analysis partners, if you have given your consent to the use of analysis and tracking tools.
- Authorities or courts if we are legally obliged to disclose them.
We ensure that our partners also comply with high data protection standards. Data is only transferred to third countries (outside the EU) if this is permitted by law and suitable protective measures (e.g. EU standard contractual clauses) have been taken.
Under no circumstances will your data be sold to third parties for advertising purposes.
4. Storage Period and Data Deletion
We only store your personal data for as long as is necessary to fulfill the respective processing purposes or as required by statutory retention obligations. As soon as the purpose of the data processing no longer applies or a statutory storage period expires, the data will be deleted in accordance with the statutory provisions.
5. Your Rights as a Data Subject
You have the right:
Right of access
to request information about your personal data processed by us
Right to rectification
to demand the immediate rectification of incorrect or incomplete personal data stored by us
Right to erasure
to request the erasure of your personal data stored by us, provided that there are no legal or contractual retention obligations to the contrary
Right to restriction
to request the restriction of the processing of your personal data, provided that the legal requirements for this are met
Right to data portability
to receive your personal data in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
Right to withdraw consent
to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future
Right to lodge a complaint
to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates applicable data protection law
You can contact us at any time to exercise your rights. info@sprachinstitut-berlin.de
6. Data Security
We use technical and organizational security measures to protect your data against manipulation, loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
7. Use of Cookies and Tracking Technologies
Our website uses cookies. These are small files that your browser automatically creates and that are stored on your device when you visit our website.
Cookies are used to make our website more user-friendly and effective. Some cookies are essential for the operation of the website, others enable us to analyze user behavior or serve marketing purposes.
When you visit our website for the first time, you will be informed about the use of cookies by a cookie banner and can use the cookie settings to determine which cookies may be set. You can revoke or adjust your consent at any time in the cookie settings on our website.
The legal basis for the use of cookies is Art. 6 para. 1 lit. a GDPR (consent) or Art. 6 para. 1 lit. f GDPR (legitimate interest).
We use Google Consent Mode v2 to manage your consent: before you grant consent, all tracking and marketing signals default to "denied", so no tracking cookies are set and no personal data is transmitted to third parties (in particular Google). Only after you actively consent via the cookie banner are the corresponding signals updated to "granted". Our self-hosted consent manager (Silktide) stores only your consent preferences locally in your browser (localStorage keys with the prefix stcm.consent) — this data does not leave your device and is used solely to make your right to revoke consent technically functional.
8. Third-Party Providers and External Services
We use third-party services such as Google Analytics, Google Tag Manager or payment service providers. These providers may be based in third countries (e.g. the USA), where a lower level of data protection may apply. In such cases, we ensure that suitable protective measures are taken in accordance with the GDPR (e.g. standard contractual clauses of the EU Commission).
Personal data will only be passed on to the extent necessary and in compliance with the applicable data protection laws. Below you will find an overview of the third-party providers we use:
a) TalentLMS (learning management system)
Provider: Epignosis LLC
Data: Name, e-mail address, course information
Purpose: Administration of training and online courses
Legal basis: Fulfillment of contract (Art. 6 para. 1 lit. b GDPR)
b) SEMCO (CRM system and invoicing)
Provider: Semco Software GmbH
Data: Name, email address, customer data, invoice details
Purpose: Customer management and invoicing
Legal basis: Performance of a contract (Art. 6 para. 1 lit. b GDPR)
c) Accounting and tax consultancy (DATEV and WSLP Steuerberatung)
Provider: DATEV eG, WSLP Steuerberatungsgesellschaft
Data: Accounting documents, customer invoices, bank details
Purpose: Financial administration and tax processing
Legal basis: Fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR)
d) Hosting & performance (Vercel)
Our website is hosted on the Vercel platform. We additionally use Vercel Speed Insights for cookieless measurement of page load performance (Core Web Vitals).
Provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA
Data: IP address, user agent, server logs, anonymous performance metrics (Largest Contentful Paint, Cumulative Layout Shift, etc.)
Purpose: Operation of the website, ensuring availability, measuring page load performance without cookies and without personal identifiers
Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
Data transfer: Vercel may process data in the USA. Vercel is certified under the EU-US Data Privacy Framework; a data processing agreement is in place
e) Google Tag Manager
We use Google Tag Manager to manage the measurement and marketing tags used on the website (in particular Google Analytics and Google Ads).
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data: IP address, browser/device information, consent signals (Google Consent Mode v2)
Purpose: Central management of tags. Without your consent, the Tag Manager does not set any tracking cookies and does not pass any personal data to tracking tags (default status: denied).
Legal basis: Legitimate interest for the technical operation of the tag container (Art. 6 para. 1 lit. f GDPR); consent for downstream tags (Art. 6 para. 1 lit. a GDPR)
Data transfer: Google may process data in the USA. Google is certified under the EU-US Data Privacy Framework
f) Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC.
Data: IP address (shortened), usage statistics
Purpose: Analysis of user behaviour to optimize our website
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Data transmission: Processing outside the EU protected by standard contractual clauses
g) Google Ads
We use Google Ads to place ads on the Google network.
Data: IP address, click behavior
Purpose: Success analysis of our advertising campaigns
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
h) Google Fonts (self-hosted)
We use fonts from the Google Fonts library to ensure consistent typography.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data: The font files are downloaded at build time via Next.js and then served from our own servers. When visiting the website, no requests are made to Google servers and your IP address is not transmitted to Google.
Purpose: Consistent and accessible display of typography
Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
i) Google Maps
An interactive Google Maps widget is embedded on our website to display our location in Berlin-Mitte. The map is loaded only after your explicit consent via the External content category.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data: IP address, browser/device information, interaction with the map
Purpose: Display of our location (Berlin-Mitte)
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Data transfer: Google may process data in the USA. Google is certified under the EU-US Data Privacy Framework
j) YouTube videos
Videos from YouTube are embedded on our website (Google LLC).
Data: IP address, information on user behavior
Purpose: Provision of multimedia content
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
When a video is played, cookies are set by YouTube. Further information can be found in Google's privacy policy.
k) Google Calendar & Google Meet
For booking consultation appointments, SID-Sprach-& Bildungsinstitut Deutschland GmbH uses Google Calendar. After scheduling, consultation meetings are conducted via Google Meet (Google's video conferencing service). Both services are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Data: Name, email address, appointment details (date, time, topic), IP address, browser information; for video conferences: audio and video data
Purpose: Appointment booking and conducting video consultations
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Data transfer: Google may also process data in the USA. Google is certified under the EU-US Data Privacy Framework
Further information on data processing by Google can be found in Google's privacy policy.
l) WhatsApp (direct contact)
A WhatsApp chat button is provided on our website. Clicking it forwards you to WhatsApp so you can chat with us directly.
Provider: WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (part of the Meta group)
Data: Phone number, message content, device/connection data — only transmitted to WhatsApp/Meta after you click the chat button
Purpose: Direct contact with Sprachinstitut Berlin via chat
Legal basis: Consent through active click (Art. 6 para. 1 lit. a GDPR)
Data transfer: Meta may process data in the USA. Meta is certified under the EU-US Data Privacy Framework
m) Email delivery (Resend)
We use the email service Resend to send transactional emails and the messages submitted via our contact form.
Provider: Resend, Inc., 2261 Market Street #4667, San Francisco, CA 94114, USA
Data: Name, email address, phone number and message content from contact forms, plus technical delivery metadata (deliverability, bounce status)
Purpose: Reliable delivery of emails to us and to prospective customers
Legal basis: Pre-contractual measures (Art. 6 para. 1 lit. b GDPR) and legitimate interest (Art. 6 para. 1 lit. f GDPR)
Data transfer: Resend processes data in the USA. A data processing agreement is in place; the data transfer is based on the EU Standard Contractual Clauses
n) Database (Neon)
We use Neon's serverless PostgreSQL database to store application data.
Provider: Neon, Inc., 209 W 27th St, New York, NY 10001, USA
Data: Waiting list entries (name, email address, course interest), placement test results and other data stored for the operation of the application
Purpose: Persistent storage of application data
Legal basis: Pre-contractual measures (Art. 6 para. 1 lit. b GDPR) and legitimate interest (Art. 6 para. 1 lit. f GDPR)
Data transfer: Neon may process data outside the EU. A data processing agreement is in place; the data transfer is based on the EU Standard Contractual Clauses
o) Payment processing with Stripe and SumUp
For payments, we work together with Stripe, Inc. and SumUp Limited.
Data: Name, payment information, billing details
Purpose: Payment processing
Legal basis: Contract fulfillment (Art. 6 para. 1 lit. b GDPR)
p) Server-side analytics system (subdomain secure.sprachinstitut-berlin.de)
In addition to Google Analytics, we operate our own server-side system that collects anonymous event data (page views, clicks, form completions) on the subdomain secure.sprachinstitut-berlin.de. Without your consent to analytics cookies, only anonymous aggregates are stored; in particular, we also count completed conversions (waitlist sign-up, contact request, completed placement test, booking as well as corporate and visa/SEMCO enquiries) even without consent, on the basis of our legitimate interest in anonymous conversion measurement — without name, email address, phone number or message text and without the pseudonymous session ID. In addition, we collect — purely anonymously, i.e. without a session ID and without recognition even when consent has been granted — page views (reach), performance metrics (Core Web Vitals such as LCP, CLS, INP) and technical error diagnostics; these serve aggregate analysis only, without profiling. A funnel (placement-test steps and form starts for calculating abandonment rates) is recorded purely anonymously as a plain count without your consent; with your consent to analytics cookies it is linked to the pseudonymous session ID so the funnel can be analysed per session. No data is forwarded from this system to third parties (Google, Meta) at present — should this change, this policy will be updated beforehand.
Provider: SID-Sprach-& Bildungsinstitut Deutschland GmbH (operated in-house); processors: Neon, Inc. (PostgreSQL hosting) and Vercel Inc. (application hosting)
Data (without consent): truncated IP address (/24 for IPv4, /48 for IPv6), daily-rotated browser fingerprint hash, country, page category
Anonymous conversion counting (without consent): conversion type, value (the booking amount for bookings, a symbolic counting value for enquiries), currency, page visited, referrer domain (hostname only, without path/parameters), UTM parameters and timestamp — without name, email, phone number, message text, without session ID and without advertising click IDs
Purely anonymous reach & telemetry (always without session ID, even with consent): page views (page category, language; on the first view of a visit also referrer domain and UTM), Core Web Vitals (LCP, CLS, INP, FCP, TTFB with value and rating), technical JavaScript errors (sanitized and truncated error message, filename and line number — no stack trace; emails/URLs are stripped client-side) — without name/email/phone, without session ID, without recognition
Funnel (consent-dependent): placement-test steps and form starts, each with phase, target language, coarse level bucket, plus referrer domain and UTM on the first step — without name/email/phone and without storing individual completion durations. Without consent anonymous (plain count, no session ID); with analytics consent linked to the pseudonymous session ID for per-session funnel analysis
Data (with consent): additionally a pseudonymous session ID (UUID, 13 months, cookie _sib_aid), referrer, UTM parameters and event parameters; advertising click IDs (e.g. gclid) only with additional marketing consent
Purpose: Reach and conversion measurement, funnel and conversion analysis — even when Google Analytics is blocked by ad blockers
Legal basis: Art. 6 para. 1 lit. f GDPR in conjunction with Sec. 25 (2) no. 2 TTDSG (anonymous aggregates and anonymous conversion counting, legitimate interest) and Art. 6 para. 1 lit. a GDPR (pseudonymous session ID and advertising identifiers, consent)
Storage period: 90 days raw data, 13 months sessions, 26 months conversions
Data transfer: Processing within the EU; currently no forwarding to Google, Meta or other third parties from this system
9. Changes to the Privacy Policy
We reserve the right to amend this privacy policy in order to adapt it to changed legal requirements or new technologies. The current privacy policy can be viewed at any time on our website.
10. Contact for Data Protection Inquiries
If you have any questions about data protection, you can reach us using the following contact details:
Sprachinstitut Berlin
Kommandantenstrasse 80, 10117 Berlin
Germany
E-Mail: info@sprachinstitut-berlin.de