Privacy Policy

Last updated: 18 January 2024

Thank you for choosing GOI GmbH (β€œwe,” β€œus,” or β€œour”). We are committed to protecting your privacy and ensuring the lawful, transparent, and secure processing of your personal data. This Privacy Policy explains how we collect, use, and protect information when you use our website and services.

1. Controller

GOI GmbH
Berlin, Germany
Managing Director: Nina Sauer
Email: admin@germanonlineinstitute.com

For questions regarding data protection, please contact us using the details above.

2. Data We Collect

We process the following categories of personal data:

  • Contact and account data – e.g. name, email address, telephone number.

  • Booking and payment data – information necessary for class scheduling and payment processing.

  • Usage data – IP address, browser type, operating system, and interactions with our website.

  • Cookies and similar technologies – used to operate and improve the site, remember preferences, and analyse usage.

3. Purposes and Legal Bases (Art. 6 GDPR)

We process your data only where a legal basis exists:

PurposeLegal basisTo provide and manage language lessons, user accounts, and customer supportArt. 6 (1)(b) – performance of a contractTo process payments and invoicingArt. 6 (1)(b) – contractTo analyse and improve our services and website functionalityArt. 6 (1)(f) – legitimate interestTo send service information and occasional updatesArt. 6 (1)(f) – legitimate interestTo send optional marketing emails (if subscribed)Art. 6 (1)(a) – consentTo comply with accounting and legal obligationsArt. 6 (1)(c) – legal obligation

4. How We Use Your Information

We use personal data to:

  • deliver our online language lessons and manage your bookings,

  • process payments securely,

  • communicate about courses, updates, or support,

  • analyse site performance and improve user experience,

  • personalise recommendations (e.g. course suggestions) based on your preferences.

We do not use your data for third-party advertising or sell personal information.

5. Service Providers (Processors, Art. 28 GDPR)

We work only with trusted processors who act on our instructions:

  • Squarespace Inc. (incl. Acuity Scheduling) – website hosting and scheduling

  • Google LLC / Google Ireland Ltd. – analytics, email, cloud infrastructure

  • HubSpot Inc. – CRM, forms, communication

  • Invoice Ninja – billing and invoicing

All processors are bound by data-processing agreements ensuring GDPR compliance.

6. International Data Transfers

Where data is transferred outside the European Economic Area, including to the United States, we rely on:

  • adequacy decisions such as the EU–U.S. Data Privacy Framework, or

  • Standard Contractual Clauses (SCCs) issued by the European Commission,
    to guarantee an appropriate level of protection.

7. Cookies and Tracking

We use cookies and similar technologies to ensure the site functions correctly, to analyse usage, and to personalise content. You can manage or withdraw your consent at any time via our cookie banner or browser settings. Details appear in our [Cookie Policy].

8. Data Retention

We retain personal data only as long as necessary for contractual, legal, or operational purposes:

  • contractual and billing data – up to 10 years (tax law),

  • analytics data – shorter, anonymised where possible,

  • marketing data – until consent is withdrawn.

9. Your Rights (Art. 15 – 22 GDPR)

You have the right to:

  • access your data,

  • rectify inaccuracies,

  • request erasure (β€œright to be forgotten”),

  • restrict or object to processing,

  • data portability,

  • withdraw consent at any time,

  • lodge a complaint with a supervisory authority (for Berlin: Berliner Beauftragte fΓΌr Datenschutz und Informationsfreiheit).

10. Data Security

We implement technical and organisational measures to protect data against unauthorised access, alteration, disclosure, or destruction. Transmission of data over the internet always carries inherent risks; we strive to minimise them through encryption and secure processors.

11. Social Media

We maintain online presences on platforms such as LinkedIn to communicate with clients and prospects. Please note that any information you post there is publicly visible, and the platform’s own privacy policies apply.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal or operational changes. The current version is always available on our website; material changes will be announced via email or on the site.

By using our website and services, you acknowledge this Privacy Policy.

.