Privacy Policy (EU + International)

Last updated: 22 January 2026

This Privacy Policy explains how FMEA Schule (“we”, “us”, “our”) collects and processes personal data when you use our website, purchase our products, or contact us.

1) Controller (Data Controller)

FMEA Schule
Waldkolonie 6
64404 Bickenbach
Germany
Email: info@fmeaschule.de

This entity is the “Controller” under the EU General Data Protection Regulation (GDPR).

2) Scope

This Privacy Policy applies to:

  • our website and related pages
  • contact requests (email/forms)
  • purchases and payments via our shop (WooCommerce)
  • newsletter sign-ups and email communications
  • analytics (Google Analytics)
  • cookies and consent management (Complianz)

3) Categories of personal data we process

Depending on how you use the site, we may process:

  • Identity & contact data: name, email address, billing address (if applicable)
  • Order & transaction data: purchased products, invoice data, payment status
  • Account data (if you create an account): login, account settings
  • Communication data: messages, inquiry details, support emails
  • Technical data: IP address, device/browser information, timestamps, referrer URL
  • Usage data: pages visited, interactions, session information (only if you consent to analytics cookies)

We do not intentionally collect special categories of personal data (e.g., health, religion). Please avoid sending such data by email.

4) Legal bases (GDPR)

We process personal data under the following legal bases:

  • Art. 6(1)(b) GDPR (contract / pre-contract): to provide purchased products, handle checkout, respond to product inquiries
  • Art. 6(1)(c) GDPR (legal obligation): e.g., tax/invoice retention
  • Art. 6(1)(f) GDPR (legitimate interests): website security, fraud prevention, basic site operation
  • Art. 6(1)(a) GDPR (consent): newsletter subscription and analytics/cookies where required

Where consent is required, you can withdraw it at any time (see section 10).

5) Processing activities in detail

5.1 Website hosting and server log files (IONOS)

When you visit our website, our hosting provider processes technical data and server log files (e.g., IP address, timestamp, requested page) to deliver the site, maintain stability, and protect against attacks.

  • Purpose: website delivery, security, error diagnosis
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and reliable operation)
  • Recipients: IONOS (hosting provider)
    IONOS states it supports GDPR-focused protections for its infrastructure. (cloud.ionos.com)
    IONOS also explains that data processing arrangements for hosting are covered via their terms / DPA framework. (ionos.co.uk)

Retention: server logs are stored only as long as necessary for security and troubleshooting, then deleted or anonymized.

5.2 Contact (email / forms)

If you contact us, we process the information you send (e.g., name, email, message) to respond.

  • Purpose: answering inquiries, support, pre-contract communication
  • Legal basis:
    • Art. 6(1)(b) GDPR (pre-contract/contract) or
    • Art. 6(1)(f) GDPR (legitimate interest in handling inquiries)

Retention: inquiries are deleted when no longer needed, unless we must keep them for legal reasons or to defend legal claims.

5.3 Shop, orders and customer accounts (WooCommerce)

If you purchase products or create an account, we process your data to complete the order, deliver digital products, handle invoices, and provide customer support.

  • Purpose: order processing, delivery of digital products, customer management, invoicing
  • Legal basis: Art. 6(1)(b) GDPR (contract), Art. 6(1)(c) GDPR (legal obligations)

Retention: invoices and transaction records are stored according to statutory retention obligations (e.g., tax law).

5.4 Payments (PayPal via WooCommerce)

If you pay via PayPal, PayPal processes payment data under its own responsibility. We receive transaction confirmation and necessary payment status information.

  • Purpose: payment processing
  • Legal basis: Art. 6(1)(b) GDPR (contract)

Recipients: PayPal and associated payment service providers (as selected during checkout).

5.5 Newsletter and email marketing (MailerLite)

If you subscribe to our newsletter, we process your email address (and any optional details you provide) to send updates, training content, and offers.

  • Purpose: newsletter delivery, email communication
  • Legal basis: Art. 6(1)(a) GDPR (consent)

You can unsubscribe at any time using the link in each email.

MailerLite transfers & safeguards: MailerLite states it adheres to the EU-U.S. Data Privacy Framework and also uses safeguards such as SCCs where required. (mailerlite.com)

5.6 Analytics (Google Analytics / GA4)

We use Google Analytics (GA4) to measure and improve website performance (e.g., which pages are visited, how users navigate).

  • Purpose: website analytics and optimization
  • Legal basis: Art. 6(1)(a) GDPR (consent)
  • Consent control: Analytics runs only after you accept analytics cookies in our cookie banner/settings.

Google transfers & safeguards: Google states it complies with the EU-U.S. Data Privacy Framework (DPF). (policies.google.com)

6) Cookies and consent management (Complianz)

We use Complianz as a cookie consent tool to manage cookie preferences and document consent where required. Complianz describes itself as a cookie consent solution supporting GDPR/ePrivacy requirements for WordPress sites. (WordPress.org)

Cookie categories (typical)

  • Necessary cookies: required for core site functions (cannot be disabled)
  • Functional cookies: improve user experience (where used)
  • Analytics cookies: Google Analytics (only with consent)
  • Marketing cookies: (currently not used for Meta/LinkedIn pixels based on your setup)

You can change or withdraw consent anytime via the cookie settings link/banner on our site.

7) Recipients and processors

We may share personal data with:

  • Hosting provider: IONOS (website hosting) (cloud.ionos.com)
  • Email service provider: MailerLite (newsletter delivery) (mailerlite.com)
  • Analytics provider: Google (GA4) (policies.google.com)
  • Payment providers: PayPal (if selected at checkout)

We only share data to the extent necessary for the purposes described above.

8) International data transfers (outside EU/EEA)

Some service providers may process data outside the EU/EEA (e.g., in the United States). Where this happens, we rely on appropriate safeguards, such as:

  • EU adequacy decisions (e.g., EU-U.S. Data Privacy Framework, where applicable) (dataprivacyframework.gov)
  • Standard Contractual Clauses (SCCs) and additional measures where required (mailerlite.com)

You can request information about the safeguards used by contacting us (see section 12).

9) Data retention

We keep personal data only as long as necessary:

  • Orders/invoices: according to statutory tax/commercial retention obligations
  • Account data: as long as the account is active (or as required for legal reasons)
  • Inquiries: until resolved, then deleted unless legal retention applies
  • Newsletter: until you unsubscribe
  • Analytics data: according to our Google Analytics settings and only when you have consented

10) Your rights (EU/EEA – GDPR)

If you are in the EU/EEA, you have the right to:

  • access your data (Art. 15)
  • rectification (Art. 16)
  • erasure (Art. 17)
  • restriction (Art. 18)
  • data portability (Art. 20)
  • object (Art. 21)
  • withdraw consent at any time (Art. 7(3))

To exercise your rights, contact: info@fmeaschule.de

11) Supervisory authority (EU/EEA)

You also have the right to lodge a complaint with a supervisory authority.
For our location in Hesse (Germany), the competent authority is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI)
Postfach 3163, 65021 Wiesbaden, Germany
Email: poststelle@datenschutz.hessen.de
Website: datenschutz.hessen.de (datenschutz.hessen.de)

12) Contact for privacy requests

Email: info@fmeaschule.de
Subject suggestion: “Privacy Request”
Please include sufficient information to identify you (e.g., the email address you used).

International Addendum (UK, Switzerland, United States)

This section provides additional notices for users outside the EU/EEA.

A) United Kingdom (UK GDPR)

If you are in the UK, the legal bases and rights described above apply in an equivalent manner under UK GDPR. You may also lodge a complaint with the UK supervisory authority (ICO).

B) Switzerland (FADP)

If you are in Switzerland, you have similar rights to access, correction, deletion, and objection under Swiss data protection law.

C) United States – State Privacy Laws

If you are in certain US states with privacy laws (e.g., California), you may have rights such as access, deletion, or opting out of certain uses of personal information.
Because we do not sell personal information and currently do not use cross-site marketing pixels (e.g., Meta Pixel), many “opt-out of sale/sharing” mechanisms may not apply. You can still contact us at info@fmeaschule.de for privacy requests.