PRIVACY & DATA PROTECTION (GDPR)

Personal data we collect

• Account and contact data (name, email address, authentication tokens).
• Profile details and study preferences (desired degree level, target countries, language options, saved filters).
• Usage and device information (pages visited, search queries, log files, truncated IP address, browser/OS).
• Communication content that you send to us via forms, email, or the admin area.
• Technical identifiers such as cookie IDs and your consent status for analytics or marketing cookies.

How we use your data

• To provide the platform, deliver secure logins, and respond to enquiries.
• To personalise search results and recommend suitable universities or programs.
• To send essential service notifications or replies to your questions.
• To protect the platform, detect fraud, and maintain audit logs.
• To analyse aggregated usage statistics so that we can improve Way-to-Uni.
• To comply with legal obligations such as record keeping and responding to competent authorities.

Lawful basis under GDPR

• Art. 6(1)(b) GDPR – processing necessary to perform the contract and provide requested services.
• Art. 6(1)(c) GDPR – processing required to comply with legal duties (e.g., security logging, bookkeeping).
• Art. 6(1)(f) GDPR – our legitimate interests in safeguarding and improving the platform; we balance these interests with your rights.
• Art. 6(1)(a) GDPR – your consent for optional analytics/marketing cookies managed through the consent banner.

Data protection

• We store data on EU/EEA servers, encrypt traffic, back up systems, and never sell personal data.
• We apply role-based access controls, train staff regularly, and vet processors with data processing agreements.

Retention & deletion

Personal data is kept only as long as needed for the purposes above. Search logs are deleted after 12 months, consent records are kept for at least 3 years, and contractual/accounting data follows statutory retention periods (6–10 years). You may request earlier deletion where no legal obligation prevents it.

Processors & recipients

• Infrastructure, email, and analytics providers that process data on our behalf under EU Standard Contractual Clauses where required.
• Authorities or legal advisors when necessary to comply with law or protect our rights.

Cookies & tracking

We use essential cookies to operate the site and optional cookies for analytics, performance measurement, and personalised content. Optional cookies are activated only after you provide consent via the banner.

• Essential cookies – required for authentication, load balancing, and storing your consent choice.
• Analytics cookies – help us understand aggregated user behaviour (e.g., which filters are popular).
• Personalisation/marketing cookies – remember your preferences and tailor the experience.

Your GDPR rights

You have the right to:

• Access – obtain confirmation and a copy of the data we store about you.
• Rectification – correct inaccurate or incomplete information.
• Erasure – request deletion where no overriding legal obligation exists.
• Restriction or objection – limit or object to processing based on legitimate interests.
• Data portability – receive data you provided in a machine-readable format.
• Withdraw consent – change your cookie decision at any time via the banner.

How to exercise your rights

Send us an email at [email protected]. We verify your identity and respond within one month. You may also complain to your local supervisory authority; in Germany this is the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

Contact / Data Protection Officer

Way-to-Uni UG (haftungsbeschränkt), Data Protection, Berlin, Germany