Privacy Policy

Last updated: 22.12.2025
Applies to: handsondataeng.com and related pages used to market, sell, and deliver our online courses.

Legal framework: This policy is designed to meet the requirements of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and Germany’s Telecommunications‑Telemedia Data Protection law governing cookies and similar technologies (TTDSG/TDDDG). Core transparency requirements derive from GDPR Articles 12–14; cookie consent and device access rules derive from TTDSG/TDDDG §25; German specifics supplement GDPR under the BDSG.

1) Controller and Contact

  • Controller: Mohammed Al-Moayed / HandsOnDataEng
  • Registered address: Gründer- und Technologiezentrum Solingen GmbH Haus 4 42657
  • Email: info@HandsOnDataEng.com
  • Phone: +49 202-555-0188
  • Data Protection Officer (if appointed): [Name, contact details]

If you have questions about this policy or wish to exercise your rights, contact us using the details above.

2) What We Collect

We collect and process the following categories of personal data:

  1. Identity and account data
    Name, email address, password (hashed), preferred language, country, avatar (optional).
  2. Order and payment data
    Course selections, order numbers, invoice details, VAT information, payment status and tokens from payment providers. We do notstore full payment card numbers on our servers.
  3. Learning activity data
    Enrollments, course progress, quiz results, assignments, certificates, support requests.
  4. Device, usage, and cookie data
    IP address, device and browser information, settings, consent choices, and identifiers stored via cookies, local storage, or SDKs (see Section 6).
  5. Communications
    Emails and messages exchanged with support, feedback, and survey responses.
  6. Marketing preferences
    Newsletter subscriptions, opt‑ins/opt‑outs, and related preferences.

We do not require special category data for our services. Please do not submit such data.

3) Purposes and Legal Bases

We process personal data for these purposes and legal bases under Article 6 GDPR:

  • Account creation and course delivery (including automatic account creation when you complete checkout): Contract performance.
  • Payments, invoicing, refunds, and fraud prevention: Contract performance and legal obligation (e.g., tax and accounting).
  • Customer support and operational notices: Legitimate interests in providing, maintaining, and improving services; you may object at any time.
  • Email marketing, newsletters, and promotions: Consent. You may withdraw consent at any time.
  • Analytics and personalization using non‑essential cookies/SDKs: Consent (see Section 6).
  • Security, compliance, and enforcement: Legal obligation and legitimate interests (e.g., service integrity, incident handling).

When legitimate interests are used, we assess and balance those interests against your rights and freedoms.

4) Where Data Comes From

  • Directly from you when you browse, create an account, purchase a course, contact support, or subscribe to communications.
  • Automatically from your device through cookies and similar technologies (subject to consent where required).

5) Sharing and Recipients

We use carefully selected service providers acting under data‑processing contracts that require confidentiality and appropriate security measures. Typical recipients include:

  • Payment processors and gateways for secure payments and refunds.
  • Learning platform / LMS and content delivery for hosting courses, streaming, assessments, and certificates.
  • Email, CRM, and customer support tools for transactional messages and, when you opt in, newsletters.
  • Cloud hosting, security, and backup providers.
  • Professional advisers (legal, accounting) where necessary.

We do not sell personal data.

6) Cookies and Similar Technologies (Germany)

We use cookies, local storage, and SDKs to:

  • operate the site, enable secure login, keep your cart, and deliver courses (strictly necessary, set without consent);
  • analyze usage and performance (analytics, set only with your prior consent);
  • personalize content and measure marketing (marketing, set only with your prior consent).

A consent banner is presented on first visit and whenever settings change. Non‑essential technologies are not activated until you opt in. You can refuse non‑essential cookies, withdraw consent at any time, or adjust choices via our cookie settings interface available on every page. Refusing non‑essential cookies does not affect essential site functionality.

7) International Data Transfers

Some providers may process data outside the European Economic Area. When this occurs, we implement recognized safeguards such as the European Commission’s standard contractual clauses combined with risk assessments and additional measures where appropriate. Details are available on request.

8) Retention

We retain personal data only as long as necessary for the purposes set out in this policy, after which it is deleted or irreversibly anonymized.

  • Account and learning data: retained while your account is active and for [X years] after last activity to maintain training records and certificates or until you request deletion unless we must retain for legal claims.
  • Orders, invoices, and tax records: retained for up to ten (10) years in line with German commercial and tax retention rules.
  • Support tickets and communications: [X months/years] from resolution.
  • Marketing consents and preferences: retained until you withdraw consent or until periodic refresh [e.g., 24 months].
  • Cookies and identifiers: per the lifespan disclosed in the cookie settings interface; you may withdraw consent at any time.

9) Your Rights

Subject to statutory exceptions, you have the following rights:

  • Access to your personal data and a copy of it.
  • Rectification of inaccurate or incomplete data.
  • Erasure (“right to be forgotten”).
  • Restriction of processing.
  • Portability of data you provided to us, in a structured, commonly used format.
  • Objection to processing based on legitimate interests, including profiling for such purposes.
  • Withdraw consent at any time for processing based on consent (e.g., marketing or analytics cookies).
  • Complaint to a supervisory authority. You may contact any EU supervisory authority; in Germany, competence depends on the controller’s seat.

To exercise rights, contact us using the details in Section 1. We may need to verify your identity before fulfilling a request.

10) Security

We implement appropriate technical and organizational measures, including encryption in transit, secure password hashing, access controls, logging, least‑privilege role management, vulnerability patching, backups, and incident response procedures. We require our processors to apply comparable safeguards.

11) Children’s Privacy

Our services target adults aged 18 and over. We do not knowingly collect data from children. If we become aware of such data, we will delete it unless retention is legally required.

12) Automated Decision‑Making

We do not use automated decision‑making, including profiling, that produces legal effects or similarly significant impacts on you. If this changes, we will provide required information in advance and obtain consent or rely on another lawful basis where appropriate.

13) Changes to This Policy

We may update this policy to reflect legal, technical, or business developments. When changes are material, we will take appropriate steps to inform you (for example, by email or an in‑product notice). The “Last updated” date at the top will always show the latest version.

14) Country‑Specific Notes (Germany)

  • Germany’s BDSG supplements GDPR in permitted areas (for example, employee data, DPO thresholds, and additional procedural rules).
  • Cookies and any storage or access to information on user devices are subject to Germany’s TTDSG/TDDDG rules. Non‑essential cookies require prior, explicit consent.
  • Where German or EU law requires longer retention (e.g., tax law), those periods prevail.

15) Contact

For privacy requests or questions, contact:
HandsOnDataEng Website
Gründer- und Technologiezentrum Solingen GmbH Haus 4 42657
Email: info@handsondataeng.com
Phone: +49 202-555-0188

Shopping Cart
Scroll to Top