Save 15% on Intensive Courses in August!

Data protection

Responsible

Cambridge Institut GmbH
Residenzstraße 22
80333 Munich
Germany
Phone: +49 (0)89 221115
Email: info@cambridgeinstitut.de
Managing Director: Daniel Moore
(hereinafter referred to as ‘we’ or ‘us’)

Principles of data processing

We process your personal data (see Art. 4 No. 1 GDPR) only to the extent necessary to provide this website, our content and services or to fulfil legal obligations.
The legal basis for this is, in particular, Art.
 6(1)(a) (consent already given), (b) (contract/pre-contractual measures), (c) (legal obligation) and (f) (legitimate interest) of the GDPR.
Personal data will be deleted or anonymised as soon as the purpose for which it was stored no longer applies and there are no legal retention periods to the contrary.

Your Rights

You have the right at any time to...

  • Information (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Deletion / ‘Right to be forgotten’ (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to data processing on the basis of Art. 6 para. 1 lit. e or f GDPR (Art. 21 GDPR)
  • Withdraw your consent with effect for the future (Art. 7 para. 3 GDPR).

You also have the right to lodge a complaint with the competent supervisory authority, in particular in the Member State of your habitual residence (Art. 77 GDPR). For Bavaria: Bavarian State Office for Data Protection Supervision (BayLDA), Ansbach.

Provision of the website and log files

In the case of purely informational use, we automatically collect the following data that your browser transmits to our server:

  • Data category - IP address (shortened) Date / time of the request Time zone difference HTTP status code Amount of data transferred in each case Referrer URL User agent (browser & operating system)
  • Purpose - Delivery of the website, ensuring stability & security, error diagnosis
  • Legal basis - Art. 6 para. 1 lit. f GDPR (legitimate interest in secure IT operations)
  • Storage duration - log files < 7 days; IP truncated before storage

This data is not merged with other data sources.

Cookies & consent management

1- Cookie categories

  • Essential cookies – technically necessary (e.g. session ID, shopping basket).
  • Convenience cookies – store settings (e.g. language).
  • Statistics/analysis cookies – help us to improve our offering.
  • Marketing cookies – used for personalised advertising.

2. Legal basis & control

We use essential cookies on the basis of Art. 6 para. 1 lit. f GDPR in conjunction with Section 25 para. 2 no. 2 TTDSG.
All other cookies are only set after you have given your express consent via our cookie banner (Art. 6 para. 1 lit. a GDPR / § 25 para. 1 TTDSG).
You can revoke your consent at any time in the cookie banner or delete cookies in your browser.

Contact (email/form)

When you contact us, we store the data you provide, as well as the time and IP address, solely for the purpose of processing your request.

  • Legal basis: Art. 6 para. 1 lit. b GDPR (pre-contractual measures) or Art. 6 para. 1 lit. f GDPR (our legitimate interest in communication).
  • Storage period: Deletion after final processing; statutory retention obligations remain unaffected.

Newsletter (double opt-in)

You will only receive our newsletter after prior registration and confirmation (double opt-in). For documentation purposes, we store the time of registration and confirmation as well as your IP address.

  • Legal basis: Art. 6 para. 1 lit. a GDPR.
  • Revocation: At any time via the unsubscribe link in the newsletter.

If we use external email service providers, this is done on the basis of a processing agreement in accordance with Art. 28 GDPR.

User account / registration

You can create an account to use certain offers (e.g. registration for Cambridge English exams). Mandatory fields are marked.

  • Purpose: Contract execution, exam preparation, user management.
  • Legal basis: Art. 6 para. 1 lit. b GDPR.
  • Deletion: Upon account deletion or after expiry of statutory retention periods.

Web analysis & performance tools

1. Overheat Conversion Optimisation Suite

We use overheat.de (overheat UG, Germany) for the anonymous recording of randomly selected user interactions (mouse movements, clicks, scroll depths) in order to improve usability.

  • Data types: shortened IP address, device/browser information.
  • Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in website optimisation).
  • Opt-out: Via the Do Not Track setting in your browser or JavaScript blocker.
  • Order processing: Contract concluded in accordance with Art. 28 GDPR.

2. Google Analytics 4

This website uses Google Analytics 4 (Google Ireland Ltd.). Google uses cookies to analyse your usage behaviour pseudonymously. The IP address is shortened before storage (IP anonymisation).

It cannot be ruled out that data may be transferred to Google LLC servers in the USA. Google is certified under the EU-US Data Privacy Framework; we have also concluded standard contractual clauses.

  • Legal basis: Your consent (Art. 6 para. 1 lit. a GDPR).
  • Revocation: At any time via cookie banner or browser add-on (https://tools.google.com/dlpage/gaoptout).
  • Storage period: 14 months.

External resources

1. Google Fonts (locally hosted)

We use locally integrated copies of Google Fonts to ensure consistent font display; therefore, no data is transferred to Google.

2. CDN & hosting service providers

Our website is hosted by a German data centre operator with whom we have concluded a data processing agreement in accordance with Art. 28 GDPR. All data is processed exclusively within the EU.

Recipients & processors

We only pass on your data if

  • you have given your consent (Art. 6 para. 1 lit. a),
  • this is necessary for the performance of the contract (Art. 6 para. 1 lit. b),
  • there is a legal obligation (Art. 6 para. 1 lit. c) or
  • we have a legitimate interest (Art. 6 para. 1 lit. f) and there are no overriding interests on your part.

We have a data processing agreement with all service providers in accordance with Art. 28 GDPR.

Data

We use HTTPS/TLS encryption and technical and organisational measures in accordance with Art. 32 GDPR (e.g. access controls, backups) to protect your data from loss, destruction or unauthorised access.

Storage and deletion periods

We process and store personal data only for the period necessary to achieve the purpose of storage or as provided for by EU regulations or national laws. If the purpose no longer applies or a statutory storage period expires, the data is routinely deleted or anonymised.

Changes to this privacy policy

Changes to the law or to our internal processes may require this privacy policy to be amended. The current version is always available on this page.