General Overview and Data Collection Practices
1. Introduction
Nova Education (“we,” “our,” or “us”) is committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws, including those in Germany.
This Privacy Policy explains:
- The types of personal data we collect.
- How we collect, use, and share your data.
- Your rights regarding your personal data.
Our website: www.novaeducation.de
Contact Information: [email protected]
2. What Data We Collect
2.1 Categories of Data Collected
We collect various categories of personal data depending on your interactions with our website and services:
|
Category |
Examples |
Purpose |
|
Contact Information |
Name, surname, email address, phone number. |
Communication, providing program details. |
|
Identity Documents |
Passport number, ID card, profile photo, national ID serial number, date of birth. |
University applications and legal purposes. |
|
Academic Records |
Diplomas, transcripts, graduation certificates, translated academic records. |
Verifying academic qualifications. |
|
Address Data |
Residence address, mailing address. |
Legal registration and correspondence. |
|
Financial Data |
Credit card details, IBAN, payment receipts. |
Processing payments securely. |
|
Technical Data |
IP address, browser details, device information, cookie preferences. |
Improving website functionality. |
|
Communication Data |
Email history, WhatsApp messages, webinar communications. |
Responding to inquiries and support. |
|
Marketing Data |
Email, phone number, IP address, website behavior. |
Personalized marketing campaigns. |
|
Webinar Registration |
Name, surname, email, phone number. |
Sharing webinar links and managing entries. |
|
System Activity Data |
IP address, email confirmation, digital signatures, timestamps. |
Tracking user interactions and processes. |
2.2 Sensitive Data
We may process sensitive personal data when strictly necessary:
- Examples: Passport details, profile photos, academic records.
- Purpose: Completing university applications or fulfilling legal obligations.
Sensitive data is processed with the highest security measures, including encryption, restricted access, and secure storage protocols.
2.3 Data from Third-party Platforms
We collect or receive personal data indirectly from the following platforms:
|
Platform |
Data Collected |
Purpose |
|
Meta Ads (Facebook/Instagram) |
Name, email, phone number. |
Lead generation for educational programs. |
|
Google Ads/Analytics |
IP address, behavioral data, session logs. |
Measuring ad performance and analytics. |
|
LinkedIn Ads |
Professional details, email. |
B2B outreach for targeted campaigns. |
|
YouTube |
Video interaction data. |
Enhancing user experience on embedded content. |
2.4 Automated Data Collection
We automatically collect the following data when you interact with our website:
- Cookies and Tracking Data: IP address, browsing behavior, referral links, time spent on pages.
- Analytics Data: User activity statistics (via Google Analytics, Facebook Pixel).
- Advertising Pixels: Behavioral data used for remarketing purposes.
2.5 Partner Universities and Institutes
When you apply for an educational program:
- Your personal and academic data (e.g., diplomas, ID cards, transcripts) are securely shared with our partner universities to facilitate the admission and enrollment process.
- Partner universities are independent Data Controllers responsible for their own privacy practices.
3. Why We Collect Data
|
Purpose |
Legal Basis (GDPR) |
Examples |
|
Program Registration and Applications |
Contractual Obligation (Art. 6(1)(b)) |
Processing university applications. |
|
Marketing and Communications |
Consent (Art. 6(1)(a)) |
Sending newsletters, email campaigns, and updates. |
|
User Support and Inquiries |
Legitimate Interest (Art. 6(1)(f)) |
Responding to inquiries and providing assistance. |
|
Analytics and Website Performance |
Consent for cookies (Art. 6(1)(a)) |
Improving user experience, measuring performance. |
|
Payment Processing |
Contractual Obligation (Art. 6(1)(b)) |
Processing online transactions securely. |
|
Legal Compliance |
Legal Obligation (Art. 6(1)(c)) |
Retaining records for financial audits. |
Data Use, Sharing, and Protection
4. How We Use Your Data
We use your personal data for the following purposes:
|
Purpose |
Data Used |
Explanation |
|
Communication |
Name, email, phone number. |
Respond to inquiries, provide updates, and deliver requested details. |
|
University Applications |
Identity documents, academic records, profile photo. |
Facilitate and process university and program applications. |
|
Marketing and Advertising |
Name, email, phone number, IP address, website behavior, cookie data. |
Send newsletters, targeted campaigns, and updates. |
|
Webinar Participation |
Name, email, phone number. |
Share webinar links and manage registrations. |
|
Payment Processing |
Name, email, IBAN, credit card details, payment receipts. |
Verify and complete online payments securely. |
|
Website Analytics and Performance |
IP address, device information, cookies, website usage behavior. |
Measure site performance, enhance functionality, and optimize UX. |
|
User Interaction and Activity Logs |
IP address, email confirmation, timestamps, digital signatures. |
Track user activity for transparency and security. |
|
Legal Compliance |
Any necessary personal and transaction data. |
Fulfill regulatory obligations, such as financial audits. |
5. Data Sharing
5.1 Partner Universities and Institutes
We securely share personal and academic records with partner institutions to:
- Process applications for university programs.
- Verify educational qualifications.
|
Shared Data |
Purpose |
Recipient |
|
Identity Documents, Academic Records, Contact Data |
Admissions processing and enrollment. |
Partner Universities (PEIs). |
5.2 Third-party Platforms and Service Providers
We collaborate with trusted third-party platforms to deliver our services:
|
Third Party |
Purpose |
Data Shared |
Sharing Method |
|
Stripe/PayPal |
Payment processing |
Name, email, credit card details, transaction details. |
API Connection. |
|
Google Drive |
Secure document storage |
ID documents, diplomas, transcripts, contracts. |
Encrypted Drive (2FA). |
|
Adobe Sign |
Electronic contract signing |
Name, email, IP address, digital signature, timestamps. |
Encrypted API Connection. |
|
Fluent Forms/CRM |
Collecting user data via forms |
Name, email, phone number, passport ID, academic records. |
Plugin Integration. |
|
Mailchimp |
Email marketing campaigns |
Name, email, phone number. |
Encrypted Email Service. |
|
Zoom |
Managing webinar participation |
Name, email, phone number. |
Webinar Registration. |
|
Meta (Facebook/Instagram) |
Advertising and campaign tracking |
IP address, cookie data, email (lead forms). |
API and Pixel Integration. |
|
LinkedIn Ads |
Professional outreach for B2B campaigns |
Name, email, professional details. |
Pixel and API Connection. |
|
Google Analytics/Tag Manager |
Website performance and analytics |
IP address, session logs, browsing behavior. |
Pixel Integration. |
|
WhatsApp Business |
Communication and follow-ups |
Name, phone number. |
API Integration. |
|
Hostinger |
Web hosting and database management |
Website form submissions, user data storage. |
Hosting Service. |
5.3 Data Processors and Controllers
- Third-Party Data Processors: We ensure that all processors adhere to GDPR standards through signed Data Processing Agreements (DPAs).
- Data Transfers Outside the EEA: Transfers are protected through Standard Contractual Clauses (SCCs) or similar safeguards.
6. Data Security
We implement robust security measures to protect your personal data:
|
Measure |
Explanation |
|
Encryption |
All data is encrypted during transfer (SSL/TLS) and at rest (storage systems like Google Drive). |
|
Access Controls |
Only authorized staff can access sensitive data based on role-based permissions. |
|
Multi-Factor Authentication (2FA) |
Sensitive platforms (Google Drive, Adobe Sign) are secured with two-factor authentication. |
|
Audit and Monitoring |
Regular audits are performed to identify and mitigate security risks. |
|
Data Minimization |
Only necessary data is collected and processed. |
7. Retention of Data
We retain your data for the duration necessary to fulfill its purpose and comply with legal obligations:
|
Data Type |
Retention Period |
Purpose |
|
Contact Data |
Until consent is withdrawn. |
Marketing and communication. |
|
Identity and Academic Documents |
1 year after delivery to universities. |
Verification for applications. |
|
Financial Records |
10 years (legal requirement). |
Compliance with tax and audit laws. |
|
Webinar Registrations |
6 months after event completion. |
Managing participation records. |
|
Cookies and Website Behavior Data |
Based on cookie consent preferences. |
Analytics and advertising optimization. |
|
Contracts and Agreements |
10 years (legal requirement). |
Maintaining compliance and proof of consent. |
User Rights, Cookies, and Breach Policies
8. Your GDPR Rights
As a data subject under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
|
Right |
Description |
How to Exercise |
|
Right to Access |
You have the right to request a copy of the personal data we hold about you. |
Send an email to [email protected]. |
|
Right to Rectification |
You can request corrections to inaccurate or incomplete personal data. |
Provide updated information via email. |
|
Right to Erasure |
Also known as the “Right to be Forgotten,” you can request deletion of your personal data. |
Email us at [email protected] with “Data Deletion Request.” |
|
Right to Restrict Processing |
You may request restriction of how we process your data (e.g., while accuracy is being verified). |
Submit a request via email. |
|
Right to Data Portability |
You can request your data in a machine-readable format to transfer it to another provider. |
Request data in a structured format. |
|
Right to Object |
You can object to data processing based on legitimate interests or for direct marketing purposes. |
Email objections to [email protected]. |
|
Right to Withdraw Consent |
You can withdraw consent for processing activities at any time, without affecting prior processing. |
Use the “unsubscribe” link in emails or contact us directly. |
|
Right to Lodge a Complaint |
If you feel your rights are violated, you have the right to lodge a complaint with a supervisory authority. |
Contact the German Data Protection Authority (BfDI). |
9. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your browsing experience and improve our website’s functionality.
9.1. Types of Cookies We Use
|
Cookie Type |
Purpose |
Examples |
Retention Period |
|
Essential Cookies |
Enable core website functions, such as form submissions. |
WordPress Session Cookies |
Session-based |
|
Performance Cookies |
Collect anonymized analytics to optimize website content. |
Google Analytics, Tag Manager Cookies |
Up to 14 months |
|
Marketing Cookies |
Track user activity for personalized ads. |
Facebook Pixel, LinkedIn Ads Cookies |
Based on user consent |
|
Functional Cookies |
Enhance usability, such as saving preferences. |
Complianz Cookie Preference Cookies |
12 months |
9.2. How to Manage Cookies
- Consent Management: You can set preferences for cookies through our Complianz Cookie Banner on your first website visit.
- Browser Settings: You can configure your browser to accept, reject, or delete cookies. Instructions can typically be found under the “Help” section of your browser.
- Withdraw Consent: You can change your preferences at any time via the Cookie Settings link on our website.
10. Data Breach Notification Policy
Nova Education has established procedures to detect, investigate, and report any data breaches in compliance with GDPR Article 33 and Article 34.
10.1. What Constitutes a Data Breach?
A personal data breach includes:
- Unauthorized access to personal data.
- Loss, theft, or accidental deletion of personal data.
- Unlawful destruction or alteration of personal data.
10.2. Steps in Case of a Data Breach
|
Step |
Action |
Timeline |
|
1. Detection |
Identify and confirm the occurrence of a data breach. |
Immediate |
|
2. Containment |
Isolate affected systems or processes to prevent further data loss. |
Within 24 hours |
|
3. Assessment |
Assess the nature, scope, and potential impact of the breach. |
Within 48 hours |
|
4. Notification to Authorities |
Notify the relevant data protection authority (BfDI in Germany) if the breach risks individuals’ rights. |
Within 72 hours |
|
5. User Notification |
Inform affected users with details of the breach, including: |
As soon as possible. |
|
– Nature of the breach |
||
|
– Potential impact |
||
|
– Steps taken to address it |
||
|
6. Corrective Actions |
Implement fixes and measures to prevent recurrence (e.g., system updates, audits). |
Ongoing |
|
7. Documentation |
Maintain detailed records of the breach, actions taken, and any notifications. |
Post-breach |
10.3. Preventative Measures
To minimize the risk of data breaches, Nova Education implements:
- Regular Security Audits: Review and test systems for vulnerabilities.
- Access Controls: Restrict access to sensitive data.
- Employee Training: Educate staff on data protection best practices.
- Incident Response Protocol: Predefined steps for breach detection and reporting.
18. Frequently Asked Questions (FAQs)
Here are answers to common questions regarding data processing, retention, and user rights:
18.1. How can I opt out of marketing communications?
You can:
- Click the “Unsubscribe” link provided in all our marketing emails.
- Email us at [email protected] with the subject “Opt-Out Request”.
18.2. How do I request access to my personal data?
To access your data:
- Email your request to [email protected].
- Provide proof of identity (e.g., a passport or national ID).
- We will provide your data in a structured, machine-readable format within 30 days.
18.3. How long do you retain my data?
Retention periods depend on the type of data and purpose of processing:
|
Data Category |
Retention Period |
|
Contact Data |
12 months after last activity |
|
Application Data |
5 years |
|
Payment Data |
7 years for tax and financial compliance |
|
Webinar Data |
6 months after event completion |
|
Signed Contracts |
10 years for legal purposes |
If you have questions about specific data, please contact us.
18.4. How do you ensure my documents (e.g., diplomas, ID) are safe?
We implement the following measures:
- Encryption: All data is encrypted during transfer and storage.
- Access Restrictions: Only authorized staff can view sensitive data.
- Two-Factor Authentication (2FA): Access to platforms like Google Drive is protected by 2FA.
- Secure Storage: Physical copies of documents are stored in locked cabinets with restricted access.
18.5. What happens if there’s a data breach?
In the event of a data breach:
- We investigate and resolve the issue immediately.
- You will be notified within 72 hours if your data is affected.
- Relevant authorities will be informed per GDPR requirements.
- Measures will be implemented to prevent future breaches.
18.6. Are my cookies and tracking data used for advertising?
Yes, with your consent. We use tracking data (e.g., cookies, IP address) to:
- Improve website performance.
- Deliver personalized ads through platforms like Google Ads and Meta (Facebook/Instagram).
You can customize your cookie preferences via the Complianz Cookies Banner when visiting our website.
19. Profiling and Automated Decision-Making
Nova Education uses profiling techniques for the following purposes:
- Marketing Segmentation: To send tailored educational offers and updates.
- Program Recommendations: Suggesting relevant educational programs based on user behavior.
What we do NOT do:
- We do not make automated decisions with significant legal or personal impact.
- We do not profile sensitive data such as health, race, or religion.
Opt-Out Option: You can opt out of profiling activities by contacting us at [email protected].
20. International Data Transfers
Some of our third-party providers (e.g., Stripe, Google, Meta) process data outside the European Economic Area (EEA). To ensure GDPR compliance, we use:
- Standard Contractual Clauses (SCCs): Legal agreements to protect transferred data.
- Encryption Protocols: Data is encrypted during transfer and storage.
If you would like more details about these transfers, please contact us.
21. Updates to This Privacy Policy
We may update this Privacy Policy periodically to reflect:
- Changes in data processing practices.
- New legal or regulatory requirements.
How we notify you:
- Updates will be posted on our website: www.novaeducation.de.
- Users who have opted in to notifications will receive email updates.
Effective Date: This Privacy Policy was last updated on 08.01.2025
22. Contact Information
If you have any questions or concerns regarding this Privacy Policy or how your data is processed, please contact us:
- Company Name: Nova Education Germany GmbH
- Address: Wilmersdorfer Straße 122-123, 10627 Berlin, Germany
- Email: [email protected]
- Phone: +48 530 931 979