Skip to main content

Home / Privacy Policy

Privacy Policy

Last Updated: February 18, 2026

1. Introduction & Controller Identity

This Privacy Policy explains how Korynex School (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website (the “Site”) or contact us to request information about online courses, webinars, and educational programs.

The data controller responsible for processing your personal data is:

  • Legal entity: Korynex Learning GmbH
  • Registered address: Arnulfstraße 59, Neuhausen-Nymphenburg, 80636 Munich, Germany
  • Contact email: [email protected]
  • Telephone: +49 89 2154 3098

We do not appoint a Data Protection Officer (DPO) as a default matter. If our processing changes in a way that requires a DPO under applicable law, we will update this policy and publish relevant contact details.

Effective date of this Privacy Policy: February 18, 2026.

2. Personal Data We Collect

The personal data we collect depends on how you interact with the Site. We aim to collect only what is needed to operate the Site, respond to requests, and manage enrollment communications.

2.1 Data you provide directly

  • Identity and contact details: name, email address, telephone number (if you call us or include it in a message).
  • Form content: information you submit through our contact or enrollment request forms, such as course interest and any message you write (schedule preferences, level notes, goals, or other details you choose to share).
  • Communications: email correspondence and the metadata of those messages (date/time, subject line, message history).

2.2 Data we collect automatically

  • Technical data: IP address, browser type and version, device type, operating system, language settings, approximate location derived from IP, and similar diagnostic data.
  • Usage data: pages viewed, time on page, referral source, click paths, and basic interaction signals used to understand how the Site performs.
  • Cookies and identifiers: small text files stored in your browser that help maintain session continuity and (where you consent) enable analytics and marketing measurement.
  • Conversion events: events that indicate an action happened (for example, a form submission or landing page view). These events may be recorded in a privacy-preserving way and, where applicable, shared with advertising partners only if you consent to marketing cookies.

2.3 What we do not intentionally collect

We do not intentionally collect special-category data (such as health data, biometric data, religious or political views), financial account details, or government-issued IDs through our standard Site forms. Please do not include such information in messages. If you send sensitive data in a free-text field, we will treat it as part of your message and handle it with additional care, but we may ask you to remove it or resend the request without it.

3. Why We Process Your Data & Legal Basis (GDPR Art. 6)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process personal data under the legal bases in Article 6 of the GDPR (or UK GDPR). Even when you are outside the EEA/UK, we apply comparable safeguards as a matter of practice.

  • Handling contact and enrollment requests: we use your name, email, and message content to respond and provide cohort information. Legal basis: Article 6(1)(b) (steps prior to entering a contract) and Article 6(1)(a) (consent) where your submission includes consent language.
  • Operating and securing the Site: we process technical data to keep the Site reliable, prevent abuse, detect spam, and investigate incidents. Legal basis: Article 6(1)(f) (legitimate interests in security and service continuity).
  • Analytics and site improvement: where you consent, we use analytics signals to understand how visitors use the Site and to improve content, navigation, and performance. Legal basis: Article 6(1)(a) (consent).
  • Marketing, remarketing, and conversion measurement: where you consent, we use marketing cookies and measurement tools to understand campaign performance and to show more relevant ads. Legal basis: Article 6(1)(a) (consent).
  • Legal compliance: when needed, we process data to comply with legal obligations (for example, responding to lawful requests, enforcing rights, and keeping required records). Legal basis: Article 6(1)(c) (legal obligation).

Automated decision-making (GDPR Art. 22)

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects for you. If this changes, we will provide a clear explanation and the rights available to you.

4. Cookies & Tracking

Cookies are small text files stored on your device. Some cookies are required to keep the Site functioning. Others (analytics and marketing) are optional and activate only if you provide consent through our cookie banner or preferences panel.

4.1 Essential cookies (always active)

Essential cookies are required for the Site to function, to remember core preferences, and to support security controls. These cookies do not require consent under many EU implementations of cookie law because they are strictly necessary.

  • _site_session (first-party): used for session continuity and basic security handling. Retention: session.
  • cookie_consent (first-party): stores your consent choice for analytics and marketing. Retention: up to 12 months.
  • CSRF/security tokens (first-party): used to protect forms and reduce abusive automated traffic. Retention: session to short-lived persistent, depending on implementation.

4.2 Analytics cookies (consent)

If you allow analytics cookies, we may use Google Analytics 4 (GA4) to understand aggregate usage patterns. Where available, IP anonymization is applied, and reporting is designed to be statistical rather than personal. Analytics retention is typically 14 months for event-level data, though cookie lifetimes can be longer depending on your browser settings.

  • _ga (third-party): GA4 user identifier. Retention: up to 2 years.
  • _ga_XXXXXXXXXX (third-party): GA4 session state cookie (10-character GA4 ID). Retention: up to 2 years.

4.3 Marketing cookies (consent)

If you allow marketing cookies, we may use tools such as Google Ads conversion measurement and Meta Pixel for conversion attribution, remarketing, and audience creation (custom or lookalike audiences). These tools may process cookie identifiers, device signals, and page interaction events. Marketing cookies are used to measure which ads led to a visit or a form submission and to limit repetitive ad delivery.

  • _gcl_au (third-party): Google Ads conversion linker. Retention: about 90 days.
  • _fbp (third-party): Meta Pixel browser identifier. Retention: about 90 days.
  • _fbc (third-party): Meta click identifier when a click ID is present. Retention: about 90 days.

4.4 Beyond cookies (pixel tags and server-side measurement)

Some measurement techniques do not rely exclusively on cookies. When you provide consent for analytics or marketing, our systems may also use pixel tags or server-side event forwarding. For example, a server may log that a conversion event occurred and pass limited event data to an advertising partner for measurement. Where used, identifiers may be derived from IP address and user-agent strings, and in some cases hashed identifiers may be transmitted to support matching (for example, for conversion attribution). We only activate such processing when your consent settings allow it.

For more detail on cookies, please see our Cookie Policy.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR and applicable ePrivacy rules. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Article 6(1)(a)). We record your choices in the cookie_consent browser cookie for up to 12 months.

You may withdraw or change consent at any time via the “Manage cookie preferences” link in the footer. You can also clear cookies in your browser to remove stored preferences. Withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal.

6. Sharing With Advertising & Service Partners

We share limited personal data with service providers and advertising partners to operate the Site and (when you consent) measure or improve marketing performance. We do not sell personal data.

  • Google LLC (Analytics, Ads measurement, Tag Management, remarketing): cookie identifiers, usage signals, conversion events, and campaign attribution data, when analytics/marketing consent is granted.
  • Meta Platforms, Inc. (Pixel, audiences, conversion measurement): page view events, conversion events, and identifiers for attribution and remarketing, when marketing consent is granted.
  • Cloudflare (CDN and security): IP-based threat detection and delivery optimization to keep the Site secure and available.

We do not permit these providers to use Site data for their own independent commercial purposes beyond providing services to us, subject to their contractual and policy commitments. Some providers may process data as independent controllers for certain functions; in those cases, their own policies apply.

7. International Transfers

Some service providers may process personal data outside the EEA/UK, including in the United States. Where required, we rely on recognized transfer mechanisms such as the EU-U.S. Data Privacy Framework (DPF) (where applicable), the UK Extension to the DPF, the Swiss-U.S. DPF, and Standard Contractual Clauses (EU 2021/914) as a fallback. For UK transfers, we may also use the UK International Data Transfer Addendum (IDTA) as appropriate.

Transfer mechanisms and safeguards can evolve. We review provider documentation periodically and update this policy when our approach changes materially.

8. Retention

We keep personal data only as long as needed for the purposes described in this policy, unless a longer retention period is required or permitted by law. Typical retention periods are:

  • Contact and enrollment submissions: up to 2 years from the last meaningful interaction, unless you ask for deletion earlier or a legal obligation requires longer retention.
  • Analytics data: typically 14 months for event-level retention, subject to configuration and provider features.
  • Marketing cookies: retained according to the cookie lifetimes (often 90 days), unless cleared sooner.
  • Email correspondence: for the duration of the inquiry and up to 1 year thereafter to maintain context and handle follow-ups.
  • Security logs: typically up to 90 days, unless an incident requires longer investigation retention.
  • Cookie consent records: up to 3 years for audit and compliance, where needed.
  • Legal/tax records: as required by applicable law (often 6–10 years for certain financial records), where relevant.

9. Your Rights (GDPR & UK GDPR)

If you are in the EEA or UK, you may have the following rights regarding your personal data:

  • Right of access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Right to withdraw consent at any time (Article 7(3))
  • Right to lodge a complaint with a supervisory authority (Article 77)

To exercise a right, email us at [email protected]. We aim to respond within 30 days. This period may be extended by up to 60 days for complex requests; if so, we will tell you why.

If you wish to contact a supervisory authority, general information is available via the European Data Protection Board (EDPB) and national regulators. For the UK, the regulator is the Information Commissioner’s Office (ICO).

10. Children

This Site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has submitted personal data to us without verifiable parental consent, please contact [email protected] and we will delete the data promptly.

11. Do Not Track

This website does not respond to Do Not Track (DNT) browser signals. Some third-party providers may have their own DNT handling. You can control cookie preferences using our consent tools and your browser settings.

12. Account & Data Deletion Requests

The Site is primarily an informational and contact channel for educational offerings and does not require an account. To request deletion of data you have submitted, email [email protected] with the subject line “Data Deletion Request”.

We may need to verify your identity before fulfilling a deletion request. We aim to complete deletion within 30 days, unless we must retain limited information to meet legal obligations or to establish, exercise, or defend legal claims.

13. Business Transfers

If Korynex Learning GmbH is involved in a merger, acquisition, asset sale, financing, reorganization, insolvency, or similar event, personal data may be transferred to a successor or affiliated entity as part of that transaction. If such a transfer materially changes how your personal data is used, we will provide notice via the Site.

14. California (CCPA / CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). This section describes categories of personal information we may collect and your choices.

14.1 Categories disclosed (past 12 months)

  • Identifiers: name, email, IP address, cookie IDs, device identifiers (shared with service providers and, if you consent, advertising partners).
  • Internet or network activity: page views, interactions, referrer information (used for analytics and, if you consent, marketing measurement).
  • Inferences: interest categories or preferences inferred from site interactions, where marketing tools are enabled with your consent.

14.2 Sale and sharing

We do not sell personal information as defined by the CCPA. We may share personal information for cross-context behavioral advertising when you enable marketing cookies via our consent tools. California residents may opt out of sharing for such advertising by disabling marketing cookies in our cookie preferences panel.

14.3 Your California rights

  • Right to know what personal information we collect, use, disclose, and share
  • Right to delete personal information (subject to exceptions)
  • Right to correct inaccurate personal information
  • Right to opt out of sale/sharing for targeted advertising
  • Right to non-discrimination for exercising privacy rights

To submit a request, email [email protected] with the subject line “California Privacy Request”. We will verify your identity as required. Authorized agents may submit requests with proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act (VCDPA), including access, correction, deletion, portability, and the right to opt out of targeted advertising.

To submit a request, email [email protected] with the subject line “Virginia Privacy Request”. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

If we decline to take action on a request, you may appeal by emailing us with the subject line “Appeal of Refusal — Privacy Request”. We will respond within 60 days. If the appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or service offerings. If we make a material change, we will post a prominent notice on the Site at least 14 days before the change takes effect, where feasible. The “Last Updated” date at the top of this page will be revised whenever the policy changes.

18. Contact

For questions about this Privacy Policy or to submit a privacy request, contact: