Legal

Privacy Policy

Last updated: March 2026 — DSGVO / GDPR compliant

Contents

Controller
Overview of Processing
Legal Bases
Hosting
Server Log Files
Cookies
Contact
Payment Processing
Analytics & Tracking
Your Rights
Withdrawal of Consent
Right to Lodge a Complaint
Data Retention
Changes to This Policy

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Christian Schmitz

Project Mastery – Christian Schmitz

Weststrasse 18, 56424 Moschheim, Germany

Email: oberprinte@gmail.com

Phone: 026197343900

2. Overview of Processing

When you use this website, we process the following categories of personal data:

Technical access data (IP address, browser, referring URL) via server log files
Account data (name, email address, password hash) for course access
Payment data processed by Stripe (we do not store card details ourselves)
Communication data from contact inquiries (email address, message content)
Usage data (course progress, lesson completions)

3. Legal Bases

We process your personal data based on the following legal grounds under Art. 6(1) GDPR:

Art. 6(1)(a) GDPR – Consent: Where you have given explicit consent (e.g., for optional analytics or marketing cookies).
Art. 6(1)(b) GDPR – Contract performance: Processing necessary to provide the course you purchased or to fulfill pre-contractual measures at your request.
Art. 6(1)(f) GDPR – Legitimate interests: Processing necessary to maintain website security, prevent fraud, and ensure technical operation of our services.

4. Hosting

This website is hosted on the Polsia platform, which uses the following infrastructure providers:

Render (web server & application hosting)
Neon (PostgreSQL database)
Cloudflare (CDN, DDoS protection, media delivery)

These providers may process personal data (including server logs) in data centers outside the European Economic Area (EEA). All third-country transfers are covered by appropriate safeguards, in particular Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR.

We have concluded data processing agreements (DPA) with all hosting providers as required by Art. 28 GDPR.

5. Server Log Files

Every time you access our website, our web server automatically collects and stores information in server log files. This includes:

IP address of the requesting device
Date and time of the request
URL requested
HTTP status code and transferred data volume
Browser type and version
Operating system
Referring URL (previously visited page)

This data is not merged with other data sources. Log files are retained for 14 days and then automatically deleted. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in maintaining website security and functionality).

6. Cookies

This website currently uses only technically necessary storage mechanisms (specifically, browser localStorage) to maintain your login session and course progress. No consent is required for these, as they are essential for the service to function.

We do not currently use tracking cookies, advertising cookies, or third-party cookies that require consent.

We plan to implement a consent management tool before activating any optional analytics or marketing tools. When such tools are activated, you will be asked for explicit consent before any tracking cookies are set.

7. Contact

When you contact us via email or a contact form, the data you provide (email address, name, and message content) is stored and processed solely to handle your inquiry.

This data is processed on the basis of Art. 6(1)(b) GDPR (pre-contractual/contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

Data submitted through contact channels is retained for 6 months after the inquiry is resolved, unless a longer retention period is required by law or the inquiry leads to a contractual relationship.

You can reach us at: oberprinte@gmail.com

8. Payment Processing

Payments on this website are processed by Stripe, Inc. (354 Oyster Point Blvd, South San Francisco, CA 94080, USA).

When you make a purchase, you are redirected to Stripe's secure checkout. We do not receive or store your full payment card details. Stripe processes your payment data directly and independently. The data transfer to Stripe is necessary for contract performance pursuant to Art. 6(1)(b) GDPR.

Stripe participates in the EU–US Data Privacy Framework (DPF), which provides an adequate level of data protection for transfers to the United States. For more information, see Stripe's privacy policy at stripe.com/privacy.

9. Analytics & Tracking

Analytics tools are currently inactive. We do not collect analytics data at this time beyond basic server logs described above.

We have technically prepared integration with Google Analytics and Meta Pixel for potential future use. These tools will only be activated with your explicit prior consent (opt-in), in compliance with Art. 6(1)(a) GDPR and applicable ePrivacy regulations. Before activation, this privacy policy will be updated and a consent management tool will be implemented.

10. Rights of Data Subjects

Under the GDPR, you have the following rights with respect to your personal data:

Right of access (Art. 15 GDPR): You may request a copy of the personal data we hold about you.
Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete data.
Right to erasure (Art. 17 GDPR): You may request deletion of your personal data under certain conditions ("right to be forgotten").
Right to restriction of processing (Art. 18 GDPR): You may request that we restrict processing of your data in certain circumstances.
Right to data portability (Art. 20 GDPR): You may request your data in a structured, machine-readable format.
Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests (Art. 6(1)(f) GDPR) at any time.

To exercise any of these rights, please contact us at oberprinte@gmail.com. We will respond within 30 days as required by law.

11. Withdrawal of Consent

Where processing is based on your consent (Art. 6(1)(a) GDPR), you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

To withdraw consent, contact us at oberprinte@gmail.com.

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority responsible for Germany is:

The Federal Commissioner for Data Protection and Freedom of Information (BfDI)

Graurheindorfer Str. 153, 53117 Bonn, Germany

www.bfdi.bund.de

13. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.

In particular, data subject to statutory retention obligations under German commercial and tax law (§§ 147 AO, 257 HGB) — such as invoices and payment records — may be retained for up to 10 years. After expiry of the applicable retention period, data is routinely deleted.

Account and course progress data is retained for the duration of your active account and for up to 12 months after account termination, to allow for potential re-activation or dispute resolution.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or service offerings. The current version is always accessible at project-mastery.me/privacy.

For significant changes affecting your rights, we will notify you via email (if you have an account) or by prominently displaying a notice on the website. The date at the top of this page indicates when the policy was last updated.