Controller
Silvana Ionica
Freiburger Str. 9, 79312 Emmendingen
E-mail: info@fluent-speak.com
Website: www.fluent-speak.com

Relevant legal bases under the GDPR:
Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.

• Performance of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

• Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany:
In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains, in particular, special provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Note on the applicability of the GDPR and Swiss FADP:
These data protection notices serve to provide information in accordance with both the Swiss FADP (Federal Act on Data Protection) and the General Data Protection Regulation (GDPR). For this reason, please note that for the sake of broader territorial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms “processing” of “personal data”, “overriding interest” and “particularly sensitive personal data” used in the Swiss FADP, the terms “processing” of “personal data”, “legitimate interest” and “special categories of data” used in the GDPR are used. However, the legal meaning of the terms is still determined in accordance with the Swiss FADP where applicable.

Security measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transfer, securing availability, and separation of data related to them. Furthermore, we have established procedures to ensure the exercise of data subject rights, erasure of data, and response to data threats. In addition, we consider the protection of personal data already in the development or selection of hardware, software, and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings.

Securing online connections via TLS/SSL encryption technology (HTTPS):
To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt information transmitted between the website or app and the user’s browser (or between two servers), thus protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Disclosure of personal data

In the course of processing personal data, it may be transmitted to other entities, companies, legally independent organizational units, or persons or disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data to protect your data.

International data transfers

Data transfers to third countries only take place in compliance with Art. 44 et seq. GDPR, for example, by means of EU standard contractual clauses or adequacy decisions. Providers such as Google or Meta may be subject to the EU-U.S. Data Privacy Framework.

General information on data storage and erasure

Personal data is deleted as soon as the purpose ceases to apply or legal retention periods expire. Retention periods can be 3, 6, or 10 years, depending on legal requirements.

Rights of data subjects

You have the right to access, rectify, erase, restrict processing, data portability, and object in accordance with Art. 15 et seq. GDPR. You also have the right to lodge a complaint with the supervisory authority.

Business services

We process personal data of our course participants, interested parties, and contracting partners for the purpose of conducting courses, payment processing, and customer communication.

Payment service providers

Payment data is processed via PayPal and Stripe. The privacy policies of these providers apply.

Web hosting

Our website is hosted by an external provider (e.g., IONOS, WordPress, etc.). Connection and access data are processed in this context.

Contact forms

When you use our contact form, we store your details for the purpose of processing your inquiry. We do not pass on this data without your consent.

Newsletter

When you sign up, we store your e-mail address for the purpose of sending our newsletter. You can unsubscribe at any time.

Analytics tools

We use Google Analytics for statistical evaluation. Your IP address is anonymized. Use only occurs with your consent via the cookie banner.

Social media and embedded content

We integrate content from Instagram, TikTok, YouTube, and Google Fonts. In doing so, personal data such as IP addresses may be transferred to third-party providers.

Cookies and consent management

Our website uses cookies. When you first visit, we ask for your consent to use certain cookies via a banner. You can withdraw this consent at any time via the settings.

Status of this privacy policy: April 2025