Privacy Policy

Privacy Policy

Last updated: January 15, 2025

1. Data Controller

Connexxo GmbH
Bärenwaldstraße 13
81737 München
Deutschland

Phone: +49-89-55269733
Email: privacy[at]connexxo.com
Website: https://connexxo.com

For services in Italy: Connexxo Italia srl acts as data controller for Italian services.

We process your personal data in accordance with the EU General Data Protection Regulation (GDPR) and German data protection laws. The legal basis for processing includes:

  • Art. 6(1)(a) GDPR: Consent for specific processing activities
  • Art. 6(1)(b) GDPR: Contract performance for service delivery
  • Art. 6(1)(f) GDPR: Legitimate interests for website operation and improvement

3. Categories of Personal Data We Collect

3.1 Website Usage Data

  • IP address (anonymized after 24 hours)
  • Browser type and version
  • Operating system
  • Referring website
  • Pages visited and time spent
  • Access times and dates

Purpose: Website operation, security, and improvement
Legal basis: Art. 6(1)(f) GDPR (legitimate interests)
Retention: 30 days (anonymized data may be kept longer for analytics)

3.2 Contact and Communication Data

  • Name and email address (contact forms)
  • Phone number (if provided)
  • Message content
  • Response history

Purpose: Responding to inquiries and providing customer service
Legal basis: Art. 6(1)(a) GDPR (consent) or Art. 6(1)(b) GDPR (contract performance)
Retention: 3 years from last contact or as legally required

3.3 Training and Course Registration Data

  • Full name and contact details
  • Company affiliation
  • Training preferences and requirements
  • Certification information
  • Payment data (processed by third-party providers)

Purpose: Course delivery, certification management, and customer service
Legal basis: Art. 6(1)(b) GDPR (contract performance)
Retention: 10 years for tax and legal compliance purposes

4. Third-Party Services and Data Processors

4.1 Course Booking Platform

We use namotto Universal Brands GmbH & Co KG (Potsdamer Straße 125, 10783 Berlin, Germany) for course bookings. Their terms: https://myablefy.com/s/connexxo/document/terms_of_business

4.2 Certification Partners

  • Scrum Alliance Inc. (7237 Church Ranch Blvd. #Suite 410, Westminster, CO 80021, USA)
  • LeSS Company BV (Clarissenstraat 31, 5281 AX, Boxtel, Netherlands)

When you complete certified courses, your data (name, email) is shared with these organisations for certification purposes. More information:

4.3 Embedded Content Providers

  • YouTube/Google LLC (901 Cherry Ave., San Bruno, CA 94066, USA) - Video embedding
  • Vimeo Inc. (330 West 34th Street, 10th Floor, New York, NY 10001, USA) - Video embedding
  • LinkedIn/SlideShare (Wilton Place, Dublin 2, Ireland) - Presentation embedding

These services may collect data when you interact with embedded content. Privacy policies:

5. Cookies and Tracking Technologies

5.1 Essential Cookies

  • Session cookies for basic website functionality
  • Language preference cookies
  • Security cookies

Legal basis: Art. 6(1)(f) GDPR (legitimate interests)

5.2 Analytics Cookies

We may use analytics tools to understand website usage patterns. These cookies collect anonymized data about page views, user behaviour, and website performance.

Legal basis: Art. 6(1)(a) GDPR (consent, where required)

You can control cookies through your browser settings. Visit AllAboutCookies.org for guidance. Note that disabling cookies may affect website functionality.

6. International Data Transfers

Some of our service providers are located outside the EU/EEA. Data transfers to third countries are protected by:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules
  • Your explicit consent where applicable

7. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected:

  • Website logs: 30 days
  • Contact inquiries: 3 years
  • Course registrations: 10 years (legal requirement)
  • Marketing communications: Until consent withdrawal

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

8.1 Right of Access (Art. 15 GDPR)

Request information about personal data we process about you.

8.2 Right to Rectification (Art. 16 GDPR)

Request correction of inaccurate personal data.

8.3 Right to Erasure (Art. 17 GDPR)

Request deletion of your personal data, subject to legal retention requirements.

8.4 Right to Restrict Processing (Art. 18 GDPR)

Request limitation of data processing under certain circumstances.

8.5 Right to Data Portability (Art. 20 GDPR)

Request transfer of your data to another controller.

8.6 Right to Object (Art. 21 GDPR)

Object to processing based on legitimate interests or direct marketing.

Withdraw consent for processing at any time (does not affect lawfulness of past processing).

To exercise these rights, contact us at privacy[at]connexxo.com.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection

10. Complaints and Inquiries

For questions or concerns regarding data protection, please first contact our Data Protection Contact at privacy[at]connexxo.com.

You also have the right to lodge a complaint with the competent supervisory authority:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Deutschland
Website: https://www.lda.bayern.de/

11. Changes to This Privacy Policy

We may update this privacy policy to reflect changes in our practices or applicable law. We will notify you of material changes by posting the updated policy on our website with a new effective date.

12. Contact Information

For questions about this privacy policy or our data processing practices, contact:

Data Protection Contact
Connexxo GmbH
Email: privacy[at]connexxo.com
Phone: +49-89-55269733

As a small company, we are not required to appoint an official Data Protection Officer. However, your data protection inquiries are handled with care and attention.