Version: 1.1
Effective Date: 2026-02-20
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
Jean Isserstedt
trading as “CGIsserstedt”
Einzelunternehmen
Am Treptower Park 16
12435 Berlin
Germany
E-Mail: [email protected]
We process personal data only insofar as this is necessary to provide our online language examination simulation platform.
Personal data includes any information relating to an identified or identifiable natural person.
We process data in accordance with:
This platform is intended exclusively for individuals who are at least 18 years old.
We do not knowingly collect personal data from individuals under the age of 18.
If we become aware that personal data has been collected from a person under 18 without valid authorization, we will delete such data without undue delay.
If you believe that a minor has provided personal data to us, please contact us using the details provided above.
Purpose: Account creation and access to the platform
Legal Basis: Art. 6(1)(b) GDPR (contract performance)
When using the exam simulation feature, your spoken responses are recorded and stored.
Audio recordings may contain personal data.
Purpose:
Legal Basis:
Audio recordings are not used for biometric identification.
Consent for improvement purposes can be withdrawn at any time via account settings or by contacting us. Withdrawal does not affect processing that has already occurred based on valid consent.
In limited cases, audio recordings may be reviewed by qualified language professionals for quality assurance and evaluation improvement purposes.
The purpose of such review is to assess the accuracy of automated evaluation results and improve the reliability and fairness of the evaluation system.
Where human review is conducted:
All reviewers are bound by strict confidentiality obligations and may only process the data for the purposes described above.
Legal Basis:
Art. 6(1)(f) GDPR (legitimate interest).
Our legitimate interest lies in ensuring the quality, fairness, and reliability of automated evaluation results provided by the platform.
When accessing the platform, we process technical data such as:
Purpose: Ensuring system security, fraud prevention, and technical stability
Legal Basis: Art. 6(1)(f) GDPR (legitimate interest)
Our legitimate interest lies in maintaining the secure and reliable operation of our platform.
When users provide consent (e.g., for system improvement) or acknowledge required audio processing, we store:
Purpose: Legal documentation and compliance
Legal Basis:
We store personal data only for as long as necessary for the purposes described in this Privacy Policy.
Account data is stored for the duration of the user account.
If an account remains inactive for 24 months, it may be deleted automatically.
Users may request deletion of their account at any time.
Audio recordings submitted during exam simulations are stored for a maximum period of 90 days.
Users may delete recordings earlier via their account or by contacting us.
A limited number of recordings may be temporarily reviewed by qualified language professionals for quality assurance purposes during this retention period.
Such review is performed using pseudonymized recordings and without access to user account information.
After 90 days, raw audio recordings are permanently deleted.
Technical access logs, including IP addresses, are stored for a maximum of 14 days.
These logs are used exclusively for:
After 14 days, logs are automatically deleted or anonymized.
Where required for legal defense or compliance with statutory obligations, certain data (such as records of Terms acceptance or consent documentation) may be retained for up to 3 years following account deletion.
Such data is stored in a restricted manner and used solely for legal purposes.
We use carefully selected technical service providers (processors) to operate the platform in accordance with Art. 28 GDPR.
We have concluded Data Processing Agreements (DPAs) with all relevant service providers.
Our application servers and databases are hosted by Hetzner Online GmbH within the European Union (Germany).
We use OpenAI, L.L.C. to perform automated speech-to-text transcription of audio recordings submitted by users.
Audio recordings may be transmitted to OpenAI's API infrastructure for the sole purpose of generating text transcripts.
OpenAI processes the data as a processor on our behalf.
OpenAI states that API data is not used to train their models and is retained only for limited abuse monitoring purposes.
Where data transfers outside the European Union occur, they are safeguarded using appropriate mechanisms such as Standard Contractual Clauses.
We use Cloudflare, Inc. as a processor for secure network delivery and object storage.
Audio recordings are stored using Cloudflare R2 object storage, which provides an S3-compatible storage interface.
Cloudflare, Inc. is headquartered in the United States.
Where personal data is transferred outside the European Union, such transfers are based on:
We use cookies and similar technologies to operate and secure our platform.
Cookies are small text files stored on a user’s device that enable certain functionalities and improve user experience.
We distinguish between:
The use of cookies is governed by §25 of the German Telecommunications-Telemedia Data Protection Act (TTDSG) and, where personal data is processed, by the GDPR.
Technically necessary cookies are required to:
These cookies are essential for the operation of the platform and do not require user consent.
Legal Basis:
Our legitimate interest lies in providing a secure and functional online service.
We use PostHog for product analytics and usage measurement.
Provider:
PostHog Ltd.
Purpose:
Data processed may include:
Analytics data is processed on servers located within the European Union.
Analytics cookies and tracking technologies are activated only after explicit user consent via our consent banner.
No analytics data is collected before consent is granted.
Legal Basis:
Technically necessary cookies are stored only for the duration required to maintain session integrity or platform functionality.
Analytics cookies are stored for a maximum period of 12 months, unless deleted earlier by the user.
Consent preferences are stored locally within the user’s browser. If consent settings are changed or the consent version is updated, renewed consent may be requested.
Users may delete cookies at any time via their browser settings.
Users may withdraw or modify their consent for analytics at any time with future effect.
A permanent “Cookie Settings” link is available in the website footer, allowing users to review or change their preferences.
Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
Under the GDPR, you have the following rights:
If processing is based on consent, you may withdraw consent at any time with future effect.
To exercise your rights, please contact us at the email address listed above.
You also have the right to lodge a complaint with a supervisory authority.
Competent supervisory authority in Germany:
Berlin Commissioner for Data Protection and Freedom of Information
The platform provides automated evaluations based on submitted audio responses.
These evaluations are intended solely for training purposes and do not produce legal effects or similarly significant effects within the meaning of Art. 22 GDPR.
No automated decision-making within the meaning of Art. 22 GDPR takes place.
If you believe you have identified a security vulnerability affecting the platform, please report it responsibly to:
Please include sufficient detail to allow us to investigate and reproduce the issue.
We implement appropriate technical and organizational measures to protect personal data, including:
We reserve the right to update this Privacy Policy.
Material changes will be communicated appropriately and, where required, renewed consent will be requested.
If you have any questions about this document, please contact us at [email protected]