Mastering Academy

Privacy Policy

We are pleased about your interest in Mastering Academy. This Privacy Policy explains which personal data we process when you use this website, contact us, request a consultation, subscribe to updates or purchase a product.

The use of this website is generally possible without actively providing personal data. Personal data is processed where this is technically necessary for operating the site or where you voluntarily provide it, for example by using a form, sending an e-mail or purchasing a product.

Last updated: 11 July 2026

1. Definitions

This Privacy Policy uses the terminology of the General Data Protection Regulation (GDPR). In particular, personal data means any information relating to an identified or identifiable natural person. Processing means any operation performed on personal data, such as collection, storage, use, disclosure or deletion.

Controller means the person or legal entity that determines the purposes and means of processing. Processor means a service provider that processes personal data on behalf of the controller. Consent means a freely given, specific, informed and unambiguous indication of wishes by which the data subject agrees to processing.

2. Name and address of the controller

Controller within the meaning of the GDPR and other applicable data protection laws is: MASTERING ACADEMY GERMANY UG (haftungsbeschränkt) F. Tischmeyer Großmannstraße 213 20539 Hamburg Germany Phone: +49 174 24 36 747 E-mail: [email protected] Website: www.mastering-academy.com

3. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognize an encrypted connection by the browser address changing to https:// and by the lock symbol in the browser bar.

4. Cookies

This website itself does not set tracking cookies and does not use tracking pixels, web beacons or comparable identification technologies. Technically necessary cookies may be set solely to provide functions you actively request, for example when an embedded form or login-protected function requires a session.

Our web analytics (see the section on web analytics below) works without cookies and without persistent identifiers. For this reason, this website does not require a cookie consent banner solely for the analytics described here. If we introduce services requiring consent in the future, we will obtain consent in advance via a suitable consent mechanism.

You can configure your browser to block or delete cookies at any time; the public website remains usable.

5. Collection of general data and information

When this website is accessed, technical access data may be processed automatically. This can include browser type and version, operating system, referrer URL, requested pages or files, date and time of access, IP address, transferred data volume, status codes and similar data required to deliver the website and protect the technical systems.

This data is used to deliver the website correctly, maintain security and stability, troubleshoot errors, prevent abuse and provide law enforcement authorities with information where legally required. The legal basis is Art. 6 (1) lit. f GDPR.

6. Registration on our website

Where registration or customer-account functions are offered, the data requested in the respective input form is processed to create and operate the account, provide the requested content or services and prevent misuse. The legal basis is Art. 6 (1) lit. b GDPR where the processing is required for a contract or pre-contractual measures, and Art. 6 (1) lit. a GDPR where consent is requested.

7. Commercial and business services

We process data of customers, interested parties and business partners in order to provide courses, coaching, consulting, support, billing and related communication. This includes contact details, contract data, payment-related information, communication content and information required to perform or document the respective service.

The legal bases are Art. 6 (1) lit. b GDPR for contract performance and pre-contractual measures, Art. 6 (1) lit. c GDPR for legal obligations, and Art. 6 (1) lit. f GDPR for the organization, documentation and protection of our business operations.

8. Subscription to our newsletter

If you subscribe to a newsletter, we process your name, e-mail address, consent status and subscription metadata in order to send the requested information and document consent. The legal basis is Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time with effect for the future.

The current website contains newsletter form components, but the mailing provider integration is not active in this codebase yet. Before an external newsletter provider is connected for production mailing, this Privacy Policy must be updated with the provider, processing location, data processing agreement and any analytics details.

9. Contact possibility via the website

If you contact us by e-mail or via a contact form, we process the personal data you provide in order to handle your request and communicate with you. This usually includes your name, e-mail address, message content and technical metadata required for sending or security.

The legal basis is Art. 6 (1) lit. b GDPR if your request relates to a contract or pre-contractual measures, Art. 6 (1) lit. f GDPR for our legitimate interest in efficient communication, and Art. 6 (1) lit. a GDPR where consent is requested.

10. Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data will be processed for the purpose of handling your request. We do not disclose this data without a legal basis or your consent.

11. Consultation requests and forms (self-hosted CRM system)

You can request a personal consultation through embedded forms on this website. These consultation funnels are provided through our Odoo-based CRM system. The Odoo host is configured by us and the form is embedded as an iframe.

The data you enter, such as name, contact details and answers about your interests or experience level, is processed to handle your inquiry, prepare the consultation and document the communication. The legal basis is Art. 6 (1) lit. a GDPR for the consent requested in the form and Art. 6 (1) lit. b GDPR where the inquiry is aimed at pre-contractual measures.

12. Routine deletion and blocking of personal data

We process and store personal data only for as long as necessary for the respective purpose or as required by statutory retention obligations. Once the purpose no longer applies or a statutory retention period expires, the data is deleted or restricted in accordance with legal requirements.

13. Rights of the data subject

You have the right to request information about the personal data processed about you, rectification of inaccurate data, erasure, restriction of processing, data portability and objection to processing based on Art. 6 (1) lit. e or f GDPR.

Where processing is based on consent, you may withdraw that consent at any time with effect for the future. You also have the right not to be subject to a decision based solely on automated processing, including profiling, where the requirements of Art. 22 GDPR apply.

To exercise your rights, contact us using the details listed in Section 2.

14. Data protection during applications and the application process

If you apply to us, we process the personal data submitted with your application for the purpose of handling the application process. The legal basis is Sec. 26 BDSG in conjunction with Art. 6 (1) lit. b GDPR. If no employment relationship is established, application documents are generally deleted after the statutory or operational retention period unless legitimate interests or legal obligations require longer storage.

15. Hosting

This website is hosted on infrastructure provided by Vercel Inc. Vercel processes technical access data and server logs required to deliver the website, operate the hosting platform, prevent abuse, detect attacks, troubleshoot errors and ensure availability.

Access data may include IP address, request URL, date and time, user agent, referrer, status code, transferred data volume and comparable technical information. We have concluded a data processing agreement with Vercel where required. The legal basis for hosting and related security logging is our legitimate interest in a secure, fast and reliable website pursuant to Art. 6 (1) lit. f GDPR.

Vercel Inc. is certified under the EU-US Data Privacy Framework (DPF). Where required, additional safeguards such as Standard Contractual Clauses may apply.

16. Web analytics

We use Vercel Web Analytics and Vercel Speed Insights to understand aggregated website usage and technical performance. These services are operated by Vercel and are designed to work without cookies, without persistent visitor identifiers and without cross-site tracking.

The processed data can include visited URL, referrer, country or region derived from the request, browser and device information, page-load and Web-Vitals performance metrics and similar aggregated usage data. The data is used to improve content, usability, performance and technical reliability.

The legal basis is Art. 6 (1) lit. f GDPR. Because this analytics setup is cookieless and does not use persistent identifiers, no cookie banner is required solely for this processing.

17. Fonts

This website uses fonts through next/font. The font files are self-hosted and delivered from our own website or hosting infrastructure. When you visit the website, your browser does not make requests to Google Fonts servers for these fonts.

The legal basis for serving the fonts is our legitimate interest in a consistent, performant and privacy-friendly presentation of the website pursuant to Art. 6 (1) lit. f GDPR.

18. YouTube

This website may embed videos from YouTube. We use click-to-load video facades: the YouTube iframe is not loaded until you actively start the video. Where possible, YouTube is embedded via the youtube-nocookie.com domain.

If a video has no locally hosted poster image, the preview image may be loaded from i.ytimg.com before the video is started. This can transmit technical access data, including your IP address, to Google. Once you start a YouTube video, Google Ireland Limited and Google LLC may process data such as IP address, device information, the page visited and playback interactions. If you are logged into a Google account, Google may associate the activity with that account.

The legal basis for loading and playing YouTube videos is your consent pursuant to Art. 6 (1) lit. a GDPR. Google LLC is certified under the EU-US Data Privacy Framework. Further information is available at https://policies.google.com/privacy.

19. Vimeo

This website may embed videos from Vimeo. We use click-to-load video facades: the Vimeo iframe is not loaded until you actively start the video. Vimeo embeds are configured with dnt=1 where possible to reduce tracking by Vimeo.

After activation, Vimeo Inc. may process technical data such as IP address, device information, referrer, the page visited and playback interactions. Vimeo may process data in the United States. Data transfers are safeguarded by Standard Contractual Clauses where required.

The legal basis for loading and playing Vimeo videos is your consent pursuant to Art. 6 (1) lit. a GDPR. Further information is available at https://vimeo.com/privacy.

20. Data protection provisions about the application and use of Digistore24

For the processing of purchases made on our website, we use the services of Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany ("Digistore24"). Digistore24 acts as a reseller and handles payment processing, invoicing and refund management.

When you make a purchase through Digistore24, data such as name, e-mail address, billing address, payment information and product information is processed. Digistore24 may also process technical data such as IP address and device information for fraud prevention.

Digistore24 acts as a separate controller for payment processing. For our purposes, such as product delivery and customer communication, we receive certain customer data from Digistore24 in our role as vendor. The legal bases are Art. 6 (1) lit. b GDPR and Art. 6 (1) lit. c GDPR. Further information is available at https://www.digistore24.com/page/privacy.

21. Legal basis of the processing

Art. 6 (1) lit. a GDPR is the legal basis where we obtain consent. Art. 6 (1) lit. b GDPR applies where processing is necessary for a contract or pre-contractual measures. Art. 6 (1) lit. c GDPR applies where processing is required to comply with legal obligations. Art. 6 (1) lit. f GDPR applies where processing is necessary for legitimate interests and your interests, rights and freedoms do not override those interests.

22. Legitimate interests in the processing pursued by the controller or a third party

Where processing is based on Art. 6 (1) lit. f GDPR, our legitimate interests include the secure, reliable and efficient operation of the website, communication with interested parties and customers, prevention of abuse, improvement of our services, documentation of business processes and protection of legal claims.

23. Duration for which the personal data are stored

Personal data is stored only for as long as required for the respective purpose or by statutory retention obligations. Statutory retention periods under German tax and commercial law typically range from 6 to 10 years.

24. International data transfers

Some service providers used by us are based in the United States or process personal data outside the European Economic Area. For such transfers, we rely on the following safeguards where applicable:

  • EU-US Data Privacy Framework (DPF) for service providers certified under this framework, in particular Google LLC and Vercel Inc.
  • Standard Contractual Clauses (SCCs) pursuant to Art. 46 (2) lit. c GDPR, in particular for providers not covered by the DPF.
  • Your explicit consent pursuant to Art. 49 (1) lit. a GDPR for specific transfers where this is required.

You can request information about the applicable safeguards by contacting us at the address listed in Section 2.

25. Legal or contractual requirements to provide the personal data

The provision of personal data may be required by law or contract, for example for billing, tax retention obligations or contract performance. If required data is not provided, we may be unable to conclude or perform a contract or provide a requested service.

26. Existence of automated decision making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

27. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. The competent supervisory authority for the controller is the Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Ludwig-Erhard-Str. 22, 7. OG, 20459 Hamburg, Germany.