GuteCare Academy

Legal

Privacy & Cookie Policy

Last updated: 30.11.2025

This English version is an official and binding version for international users. In case of discrepancies, the German version prevails where required by law.

1. Controller (Data Controller under GDPR)

The controller responsible for processing your personal data under the General Data Protection Regulation (GDPR) is:

GuteCare UG (haftungsbeschränkt)
Bundesallee 187
10717 Berlin, Germany
Commercial Register: HRB 280410 B (Berlin Charlottenburg)
VAT ID: PENDING
Represented by the Managing Director: Ahmed Samir Mohamed Abdelghaffar
Email:
Phone:

2. Introduction and Scope

We care about the protection of your personal data. This Privacy & Cookie Policy explains which data we collect, how and why we process it, on what legal bases, with whom we share it, how long we store it, and which rights you have under GDPR.

This Policy applies to:

  • Our public website and landing pages
  • Our digital learning platform (LMS) and online courses
  • Our recruitment and advisory services for nursing professionals
  • All electronic communication channels (e.g. email, contact forms, support tools)

3. Categories of Personal Data We Process

3.1 Data of International Nursing Candidates

  • Identity & Contact Data: name, email, phone number, nationality, address.
  • Professional & Qualification Data: degrees, certificates, nursing license, CV, work experience.
  • Uploaded Documents: passport, diplomas, certificates, recognition and visa-related documents.
  • Application & Communication Data: messages, notes from consultations, interview notes, scheduling information.

3.2 Data Processed Through the LMS

  • Account and login data
  • Course bookings and package selection
  • Learning progress, test results, attendance, homework submissions
  • Interaction data (e.g. messages to instructors, forum participation)

3.3 Technical & Usage Data (Website & LMS)

  • IP address, browser type and version, operating system
  • Referrer URL, access timestamps, pages visited, session IDs
  • Device identifiers and approximate location (derived from IP)

3.4 Contact and Support Data

  • Name, email address, and phone number (if provided)
  • Message content and attachments
  • Meta data such as time, channel, and technical logs

3.5 Data of Employers and Business Contacts

  • Company name, address, and billing details
  • Contact person’s name, position, email, and phone number
  • Contract and communication data related to cooperation

4. Purposes and Legal Bases of Processing

4.1 Contract Fulfilment – Art. 6(1)(b) GDPR

We process personal data where necessary to enter into or perform a contract with you, in particular for:

  • Registration and management of user accounts
  • Provision of online courses and learning materials
  • Tracking of your learning progress and issuing certificates of participation
  • Providing recruitment and advisory services
  • Communication related to your bookings or applications

4.2 Consent – Art. 6(1)(a) GDPR

We rely on your explicit consent for:

  • Non-essential cookies and similar tracking technologies
  • Optional uploads or additional information you choose to provide
  • Marketing communication (e.g. newsletters, offers) via email or messenger
  • Sharing your profile and documents with potential employers
  • Communication via third-party tools such as WhatsApp or similar services

You can withdraw your consent at any time with effect for the future, for example by using unsubscribe links or by contacting us.

4.3 Legal Obligations – Art. 6(1)(c) GDPR

We process data where necessary to meet our legal obligations, such as:

  • Bookkeeping, tax, and commercial law requirements
  • Compliance with regulatory obligations and documentation duties

4.4 Legitimate Interests – Art. 6(1)(f) GDPR

We process data based on our legitimate interests, for example for:

  • Ensuring IT security, system stability, and fraud prevention
  • Logging and monitoring to prevent misuse of our services
  • Performing basic usage analytics to improve content and usability
  • Internal planning and optimization of our services and support

Where we rely on legitimate interests, we balance our interests against your rights and freedoms.

5. Cookies and Similar Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device. We also use similar technologies such as Local Storage, Session Storage, and tracking pixels where necessary. Cookies enable login sessions, security, preferences, analytics, and user experience improvements.

5.2 Types of Cookies We Use

a) Strictly Necessary Cookies (Essential)

These cookies are required for the website and LMS to function properly (e.g. authentication, session management, security, cookie consent storage). They do not require consent and cannot be disabled within our systems.

b) Functional Cookies

These cookies enhance user experience . We only use them with your consent.

c) Performance & Analytics Cookies

These cookies are used only with your consent. They help us understand how users navigate our website and LMS, which pages are visited, and technical performance. We may use tools such as privacy-friendly analytics or internal LMS statistics. Where third-party tools (e.g. Google Analytics) are used, details are described in this Policy.

d) Marketing & Tracking Cookies

These cookies are used only with your explicit consent. They help us measure and optimize marketing campaigns (for example via ad networks or social media pixels). Where such tools are used (e.g. Meta Pixel, Google Ads, LinkedIn Insight Tag), they are described in the relevant sections of this Policy.

5.3 Legal Basis for Cookie Use

For strictly necessary cookies, the legal basis is Art. 6(1)(b) GDPR (necessary for contract) and Art. 6(1)(f) GDPR (our legitimate interest in secure and functional services).

All non-essential cookies (functional, analytics, marketing) are used only on the basis of your consent under Art. 6(1)(a) GDPR.

5.4 Cookie Banner and User Choices

When you first visit our website, a cookie banner allows you to choose:

  • Accept all cookies
  • Reject all non-essential cookies
  • Adjust settings by category in the Cookie Settings panel

Non-essential cookies are disabled by default and are only activated after you give consent. You can withdraw or change your choices at any time via This Link

5.5 Third-Party Services and International Transfers

Some external services may use cookies or similar technologies, for example: analytics tools, video platforms, payment providers, embedded content, or chat widgets. Depending on the provider, data may be transferred to countries outside the EU/EEA (e.g. the United States). In such cases, we use appropriate safeguards such as standard contractual clauses or rely on adequacy decisions where available.

5.6 Storage Duration and Deletion

  • Essential cookies: session-based or up to 12 months
  • Functional cookies: up to 12 months
  • Analytics cookies: typically 1–12 months
  • Marketing cookies: typically 1–12 months or until you withdraw consent

5.7 Managing Cookies

You can delete or block cookies via your browser settings. You can also adjust your consent choices at any time via This Link . Please note that disabling essential cookies may impair or prevent the use of certain features.

6. Sharing of Personal Data

6.1 Processors (Art. 28 GDPR)

We use carefully selected service providers (processors) to support our operations, for example: hosting providers, LMS service providers, email and communication services, payment processors, analytics tools, and video platforms. These providers process data strictly on our instructions and are bound by data processing agreements (DPAs) in accordance with Art. 28 GDPR.

6.2 Our Main Service Providers (Processors)

  • Hetzner Online GmbH (Germany): Hosting infrastructure and server environment.
  • Supabase (EU Region): Managed PostgreSQL database and authentication services.
  • Postmark (USA): Transactional email delivery (data transfer under SCCs).
  • Stripe Payments Europe / PayPal Europe: Payment processing services.
  • Zoom Video Communications: Video conferencing for live sessions and onboarding.
  • WhatsApp Business (Meta): Optional communication channel (used only with explicit consent).

The processors listed above represent our primary service partners. You may request a full and current list of all processors at any time.

6.3 Employers (With Your Consent)

As part of our recruitment services, we may share your application documents, profile, and relevant data with potential employers or cooperation partners, but only if you have explicitly consented to this. You can withdraw this consent at any time for the future.

6.4 Other Recipients

In certain cases, we may be legally obliged to disclose data to public authorities (e.g. tax authorities). We do not sell your personal data.

7. International Data Transfers

Our core infrastructure is hosted within the European Union. If we use service providers located in third countries (e.g. the United States), or if data is processed there, we ensure that an adequate level of data protection is guaranteed, for example through:

  • Adequacy decisions by the European Commission, or
  • Standard Contractual Clauses (SCCs) and additional safeguards, or
  • Your explicit consent, where appropriate.

8. Retention Periods

We store personal data only as long as necessary for the respective purposes or as required by law.

  • Candidate data: generally up to 3 years after last contact or completion of services
  • Course records: course duration plus 12 months
  • Learning progress: generally up to 3 years
  • Payment and invoice data: 10 years (tax law requirements)
  • Server logs: typically 14–30 days
  • Cookies: as described in Section 5

If legal limitation periods or statutory retention obligations apply, we may store certain data for longer in a restricted form.

9. Security Measures

We implement appropriate technical and organisational measures to protect your data against unauthorized access, loss, misuse, or destruction, such as:

  • SSL/TLS encryption for data transmission
  • Encrypted passwords and role-based access control
  • Regular backups and monitoring
  • Hosting on servers located in the EU

10. Minors

Our services are primarily intended for adults and for persons who are at least 16 years old in the sense of GDPR. We do not knowingly enter into contracts with, or knowingly collect personal data from, children without appropriate consent.

If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us. We will promptly review the situation and delete such data if required.

11. Your Rights under GDPR

You have the following rights with respect to your personal data:

  • Right of access – to know whether we process your data and which data this is.
  • Right to rectification – to correct inaccurate or incomplete data.
  • Right to erasure – to have data deleted, where legally permitted.
  • Right to restriction – to restrict processing in certain cases.
  • Right to data portability – to receive data in a structured, commonly used, and machine-readable format.
  • Right to object – to object to processing based on Art. 6(1)(f) GDPR or for direct marketing.
  • Right to withdraw consent – for processing based on your consent, at any time with future effect.

To exercise your rights, please contact us using the contact details below. We will respond in accordance with legal requirements.

12. Automated Decision-Making and Profiling

We do not use automated decision-making in the sense of Art. 22 GDPR and do not perform profiling that produces legal effects concerning you or similarly significantly affects you.

Learning analytics (e.g. progress tracking, test results) are used only to deliver and improve the course experience and to provide you and instructors with feedback, not for automated decisions about your rights or access to services.

13. Right to Lodge a Complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement.

The supervisory authority responsible for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
Website: https://www.datenschutz-berlin.de/

14. Data Protection Contact

At present, we are not legally required to appoint a Data Protection Officer under Art. 37 GDPR. However, you can contact us at any time with questions about data protection:

GuteCare UG (haftungsbeschränkt)
Bundesallee 187
10717 Berlin, Germany
Email:
Phone:

15. Changes to This Policy

We may update this Privacy & Cookie Policy from time to time, for example due to legal changes, technical developments, or adjustments to our services. The current version is always available on our website. We will inform you separately about significant changes where required.

GuteCare Academy

GuteCare Academy specializes in preparing international healthcare professionals for successful careers in Germany through tailored language, cultural, and professional training.

Links
Information
Contact

© 2025 GuteCare Academy. All rights reserved.