Skip to Content

Privacy Policy

1) Introduction and Contact Details of the Responsible Party

We are pleased to welcome you to our eLearning platform at academy.mystim.com and thank you for your interest. Below, we inform you about the processing of personal data when using our website and our eLearning offerings. Personal data is any information that can be used to identify you personally.

The responsible party in terms of the General Data Protection Regulation (GDPR) is:

Marie-Curie-Straße 5
63755 Alzenau
Deutschland
Tel.: +49 (0)6023 4070100
E-Mail: hallo@mystim.com

2) Data Collection When Visiting the Website and Using the eLearning Platform

2.1 Server Log Files

When using our website purely for informational purposes, that is, if you do not register or otherwise transmit information to us, we only collect data that your browser automatically transmits to the server. This includes, in particular:

  • visited page
  • date and time of access
  • amount of data transmitted
  • source/reference from which you accessed the page
  • browser used
  • operating system used
  • IP address used, possibly in anonymized form

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in the secure, stable, and functional provision of our website. Further evaluation only takes place if there are concrete indications of unlawful use.

2.2 SSL/TLS Encryption

This website uses SSL or TLS encryption for security reasons. You can recognize an encrypted connection by "https://" and the lock symbol in the browser's address bar.

2.3 Use of the eLearning Platform

When using our eLearning platform, we process personal data that is necessary for the provision, management, and execution of our courses. This includes in particular:

  • Name
  • Email address
  • Login and access data
  • Course registrations
  • Course progress
  • completed lessons
  • test results and quiz data
  • if applicable, issued certificates
  • technical usage data within the platform

The processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the execution of the user relationship or for the provision of the learning content you have booked or activated. To the extent that data is processed for security, error analysis, or improvement of the platform, this is done on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

3) Hosting and Technical Provision

Our eLearning platform is operated via Odoo under the subdomain academy.mystim.com.

The provider is:

Odoo S.A.
Chaussée de Namur 40
1367 Grand-Rosière
Belgien

As part of the hosting and technical provision, personal data may be processed, in particular access data, account data, course data, communication data, and technical log data.

We have entered into a contract with the provider for data processing in accordance with Article 28 of the GDPR, as necessary. The processing is carried out to provide a secure and functional eLearning platform in accordance with Article 6(1)(b) of the GDPR, as well as based on our legitimate interest in a secure and efficient platform operation in accordance with Article 6(1)(f) of the GDPR.

4) Cookies and similar technologies

Our website uses cookies and similar technologies. Cookies are small text files that are stored on your device.

We distinguish between:

  • technically necessary cookies that are required for the operation of the website and the eLearning platform
  • functional cookies
  • analytics cookies
  • marketing and tracking cookies

Technically necessary cookies are used based on Article 6(1)(f) of the GDPR, as far as they are necessary for secure and functional operation.
Non-necessary cookies, especially for analytics, marketing, remarketing, or affiliate tracking, are only set with your consent in accordance with Article 6(1)(a) of the GDPR.
You can revoke or change your consent at any time with effect for the future via the cookie consent tool.

5) Contacting us

If you contact us via email, contact form, or other means, we process the data you provide to handle your request.
The legal basis is Article 6(1)(f) of the GDPR. If your request is aimed at a contract or a pre-contractual measure, Article 6(1)(b) of the GDPR is additionally the legal basis.
Your data will be deleted as soon as your request has been processed and there are no legal retention obligations to the contrary.

6) User Account and Course Access

Creating a user account may be required to use certain courses. In this process, we process the data you provide during registration or that is assigned to you as part of course access.

This includes, in particular:

  • Name
  • Email address
  • Password or Login Data
  • Course Assignments
  • Learning Progress
  • Exam Results
  • Certificates
  • Communication Data

The processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the provision of the user account and course functions.

Deletion of your user account is generally possible, provided there are no contractual, legal, or legitimate reasons for further storage.

7) Communication and Direct Marketing

7.1 Platform-Related Emails

We may send you emails that are necessary for the use of the eLearning platform, such as registration confirmations, password links, course information, technical notes, or information about activated content.

The processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR.

7.2 Newsletter and Promotional Communication

If you sign up for our newsletter or promotional information, we process your email address to send you the corresponding messages.

Registration is carried out, where applicable, via a double opt-in procedure. We store your IP address as well as the date and time of registration and confirmation to be able to prove consent.

The legal basis is your consent according to Art. 6 para. 1 lit. a GDPR.

You can revoke your consent at any time with effect for the future, for example via the unsubscribe link in the respective email or by contacting us.

7.3 Sending of Emails via Klaviyo

The sending of our newsletters and other promotional email communications is carried out by the provider:

Klaviyo, Inc.

125 Summer St., Ste 600
Boston, MA 02110
USA

For this purpose, we provide the necessary data for sending, in particular your email address as well as possibly your name, registration data, consent status, and interaction data to Klaviyo.

The processing is carried out for the purpose of sending and managing our email communications. The legal basis is your consent according to Art. 6 para. 1 lit. a GDPR, as far as you have actively registered for newsletters or promotional emails. As far as we send advertising to existing customers, the processing is based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG.

Klaviyo can also evaluate open rates, clicks, and other interactions with our emails. This only occurs if there is corresponding consent.

We have entered into a data processing agreement with Klaviyo. Data may be transferred to the USA. Klaviyo claims to be certified under the EU-US Data Privacy Framework.

You can revoke your consent at any time with effect for the future, for example via the unsubscribe link in the respective email or by contacting us.

7.3 Werbung an Bestandskunden

If you have provided us with your email address in connection with the purchase or use of our services, we may send you information about similar offers of our own under the conditions of § 7 para. 3 UWG.

The processing is based on our legitimate interest in direct marketing according to Art. 6 para. 1 lit. f GDPR.

You can object to this use at any time with effect for the future.

8) Online Marketing and Affiliate Tracking

AWIN Performance Advertising Network

We participate in the affiliate program of AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany.

As part of affiliate tracking, cookies or similar technologies may be used to determine whether users have reached our website via an affiliate link and whether a relevant action has taken place.

In particular, the following data may be processed:

  • IP address
  • Device and browser information
  • Click data
  • Referrer information
  • if applicable, transaction or conversion data

The use only occurs if you have given your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can revoke your consent at any time with effect for the future via our cookie consent tool.

9) Web Analysis and Tracking

9.1 Google Tag Manager

This website uses the Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is used to manage website tags. It allows the integration and control of other services, such as analytics or marketing tools. The Google Tag Manager itself does not create user profiles and, to our knowledge, does not set its own tracking cookies. However, the IP address may be transmitted to Google upon access.

The use is based solely on your consent in accordance with Art. 6 para. 1 lit. a GDPR, as far as consent-required services are integrated via the Google Tag Manager.

Data may be transferred to Google LLC in the USA. Google claims to be certified under the EU-US Data Privacy Framework.

9.2 Google Analytics 4

This website uses Google Analytics 4, a web analytics service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Analytics allows us to analyze the use of our website and eLearning platform. In particular, the following data may be processed:

  • IP address, usually shortened
  • Device information
  • Browser information
  • Usage behavior
  • Page views
  • Duration of stay
  • Interactions
  • Source of origin

Google processes this data on our behalf to create reports on website activities and evaluate the use of our offerings.

The use is based solely on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can revoke your consent at any time with effect for the future via our cookie consent tool.

Data may be transferred to Google LLC in the USA. Google claims to be certified under the EU-US Data Privacy Framework.

9.3 Google Ads Remarketing and Conversion Tracking

We may use Google Ads Remarketing and Google Ads Conversion Tracking to measure the effectiveness of our advertising measures and to display interest-based advertising to users.

The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Cookies or similar technologies may be used. The following may be processed in particular:

  • IP address
  • Device information
  • Browser information
  • visited pages
  • Click and conversion data
  • Cookie IDs or similar identifiers

The use is carried out exclusively with your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can revoke your consent at any time with effect for the future via our cookie consent tool.

10) Embedded content and page functions

10.1 YouTube

Our website may embed videos from YouTube. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

When loading or playing a YouTube video, personal data may be transferred to Google, in particular IP address, device information, browser information, and information about the page accessed.

The use only occurs with your consent in accordance with Art. 6 para. 1 lit. a GDPR, unless the integration is purely technically necessary.

10.2 Google Web Fonts

This website may use Google Web Fonts for the uniform presentation of fonts. The provider is Google Ireland Limited.

When loading the fonts, your IP address may be transmitted to Google.

As far as Google Web Fonts are loaded externally, this only occurs based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. Alternatively, fonts can be embedded locally, which does not establish a connection to Google servers.

10.3 Google reCAPTCHA

We may use Google reCAPTCHA to protect our website from spam, abuse, and automated access. The provider is Google Ireland Limited.

In this context, IP address, device and browser information, duration of stay, and interactions may be processed.

As far as reCAPTCHA is technically necessary, the processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in the security of our website. As far as cookies or comparable technologies are used, the use only occurs with your consent in accordance with Art. 6 para. 1 lit. a GDPR.

10.4 Social Media Plugins

If social media plugins or direct integrations from platforms such as Facebook, Instagram, or Pinterest are used on our website, these are generally activated only after your consent.

Providers may include:

  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
  • Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

When activated, data such as IP address, browser information, device information, and information about the visited page may be transmitted to the respective providers.

The legal basis is your consent according to Art. 6 para. 1 lit. a GDPR.

11) Cookie Consent Tool

Wir nutzen ein Cookie-Consent-Tool, um Einwilligungen für einwilligungspflichtige Cookies und Dienste einzuholen, zu verwalten und zu dokumentieren. Die vollständigen Informationen zu den verwendeten Cookies und deren Zwecken finden Sie in unserer Cookie-Richtlinie unter https://academy.mystim.com/cookie-policy.

In this context, technically necessary information may be processed, such as:

  • Consent status
  • Time of consent
  • browser used
  • If applicable, shortened IP address
  • Selected cookie categories

The processing is carried out in accordance with Art. 6 para. 1 lit. c GDPR to fulfill legal obligations and according to Art. 6 para. 1 lit. f GDPR based on our legitimate interest in compliant consent management.

12) Accounting and internal administration

For accounting, documentation, and internal administrative processes, personal data may be processed as far as necessary for proper business management, accounting, or fulfilling legal obligations.

As far as we use DATEV eG, Paumgartnerstraße 6-14, 90429 Nuremberg, Germany for this purpose, the processing is based on Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR.

13) Recipients of personal data

Personal data may be shared with service providers who assist us in operating the website, the eLearning platform, communication, analysis, advertising, IT security, or administration.

This may include, in particular:

  • Hosting and platform providers
  • IT service providers
  • Email service providers
  • Analysis and marketing providers
  • Affiliate networks
  • Accounting and tax service providers

As far as these service providers process personal data on our behalf, we enter into data processing agreements with them in accordance with Art. 28 GDPR.

14) Transfers to third countries

As part of individual services, a transfer of personal data to countries outside the European Union or the European Economic Area may occur, particularly to the USA.

Such a transfer only takes place if there is an appropriate data protection legal basis, such as:

  • an adequacy decision by the European Commission
  • a certification under the EU-US Data Privacy Framework
  • Standard contractual clauses of the European Commission
  • your explicit consent

15) Duration of storage

We only store personal data as long as necessary for the respective purposes or as required by legal retention obligations.

Account and course data are generally stored for the duration of the user relationship. Certificate and proof data may be stored longer if necessary for documenting completed courses, fulfilling contracts, or defending legal claims.

Data processed based on consent is generally stored until the consent is revoked, unless there is another legal basis for further storage.

Legal retention obligations, in particular commercial and tax obligations, remain unaffected.

16) Rights of the data subjects

You have the following rights in accordance with the legal requirements:

  • Right to access pursuant to Art. 15 GDPR
  • Right to rectification pursuant to Art. 16 GDPR
  • Right to erasure pursuant to Art. 17 GDPR
  • Right to restriction of processing pursuant to Art. 18 GDPR
  • Right to notification pursuant to Art. 19 GDPR
  • Right to data portability pursuant to Art. 20 GDPR
  • Right to withdraw consent given pursuant to Art. 7 para. 3 GDPR
  • Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

17) Right to object

If we process personal data based on Art. 6 para. 1 lit. f GDPR, you have the right to object to this processing at any time for reasons arising from your particular situation.

If personal data is processed for the purpose of direct marketing, you have the right to object to the processing for the purposes of such marketing at any time.

Upon receipt of your objection, we will no longer process the affected data for direct marketing.

18) Currency of this privacy policy

This privacy policy applies to the eLearning platform at academy.mystim.com.

As of: April 2026