Data privacy statement


For German click here – Für die deutsche Fassung bitte hier klicken.

Welcome to lawpilots. Your partner for modern online trainings. With our e-learnings your employees develop sustainable awareness of data protection, compliance, information security and occupational safety for everyday work situations. We guarantee up to date expertise in the legal realm.

In this privacy policy we (the company LawPilots GmbH) inform you about the processing of personal data when using our websites.
Personal data means any information relating to an identified or identifiable person. In particular, this includes information that enables us to draw conclusions about your identity, such as your name, your telephone number, your address or email address. Statistical data collected by us – for example, when you visit our websites – which cannot be linked to you personally is not covered by the term ‘personal data’.

1. Contact

The point of contact and so-called controller for the processing of your personal data when visiting our websites within the meaning of the EU General Data Protection Regulation (GDPR) is
lawpilots GmbH
Am Hamburger Bahnhof 3
10557 Berlin
T: +49 (0)30 555 707 860
F: +49 (0)30 213 002 899
If you have any questions about data protection in connection with our products and services or the use of our websites, you can contact us  at the above postal address or by sending an email to the address provided (please mark all correspondence with: “data privacy”).

2. Data processing on our websites

2.1. Visiting our websites, access data

Every time you use our website, we collect the access data automatically transmitted by your browser in order to make visiting the websites possible. This access data includes in particular:

  • IP address of the requesting device;
  • date and time of the request;
  • addresses of the website visited and the requesting website;
  • information about the browser used and the operating system;
  • online identifiers (e.g. device IDs, session IDs).

It is necessary to process this access data to make it possible to visit the website and to guarantee the long-term functionality and security of our systems. The legal basis for this is Art. 6(1) Sentence 1(b) GDPR. For data protection reasons, we do not permanently store or analyze log files.

2.2. Making contact

There are a number of ways for you to contact us, e.g. via the contact forms on this website. In this context we process data exclusively for the purpose of communicating with you. The legal basis for this is Art. 6(1)(b) GDPR. The data we collect when you use the contact form will be automatically erased once we have finished processing your enquiry, unless we still require your enquiry to fulfil contractual or legal obligations (see ‘Storage period’).

2.3. Applications

You can apply to us for advertised vacancies by email. The purpose of data collection here is the selection of applicants for potential employment. In order to process your application, we collect the data provided by you (usually your first and last name, email address, application such as curriculum vitae and cover letter, earliest possible date you could start work and salary expectations). We would like to point out that we cannot guarantee confidentiality if applications are sent unencrypted by email. As a rule, you can also apply for our positions by post or in person. The legal basis for the processing of your application documents is Art. 6(1) Sentence 1(b) and Art. 88(1) GDPR in conjunction with Section 26(1) Sentence 1 of the German Federal Data Protection Act (BDSG).

2.4. Stripe

We use the services of Stripe of Stipe Inc. 185 Berry Street, Suite 550, San Francisco, CA 94108, USA («Stripe»). Stripe is an external payment service provider used to process payments made to us. In connection with the processing of such payments, we do not retain any personally identifiable information or financial information such as credit card numbers. Rather, these data (in particular contact and transaction data such as credit card data or bank details) are forwarded directly to Stripe, whose use of your personal data is governed by its privacy policy. The use of an external payment service provider is based on our legitimate interest in being able to offer you an additional payment option with Stripe. The legal basis is therefore Art. 6(1)(f) GDPR.

Stripe collects further data for its own purposes such as the prevention of misuse and further development of its products as well as for marketing purposes. The data collected by cookies and other technologies includes in particular communication data (IP address, device identifier, browser version, information on the operating system).

The data processing by Stripe partly takes place on servers in the USA. In the event that personal data is transferred to the USA, Stripe has submitted to the EU-US Privacy Shield.

Further information can be found in Stripe’s Privacy Policy.

2.5. Drift

We also use the Drift service (, Inc., 
222 Berkeley Street, Suite 600
, Boston, MA 02116, USA) to improve customer service and the chat function offered on our websites. For this purpose, we send your given e-mail address and the given name to Drift. In the event that personal data is transferred to the USA, Drift is subject to the EU-US Privacy Shield. The legal basis for data processing is Art. 6(1)(b) GDPR.

Please also refer to Drift’s data protection information.

2.6. Newsletter/MailChimp

We use our newsletter primarily to keep you informed about current developments in the world of data protection and news concerning legislation and case law as well as economic and political aspects from our specialist fields. We use the services of MailChimp, a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, for the processing of the newsletter dispatch and our transactional e-mails (e.g. booking confirmations and training reminders). The legal basis for this is our legitimate interest in the efficient sending of newsletters, Art. 6(1)(f) GDPR.

For newsletter subscriptions we use the so-called double opt-in procedure, which means that we will only send you newsletters by email if you click on a link in our notification email to confirm that you are the owner of the email address provided. If you confirm your email address, we will store your email address, the time of registration and the IP address you used when registering until you unsubscribe from the newsletter. The sole purpose of storing this data is to be able to send you the newsletter and prove that you registered. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. It is of course also sufficient if you notify us using the contact details provided above or in the newsletter (e.g. by email or letter). The legal basis of this processing is your consent pursuant to Art. 6(1)(a) GDPR.

Both the e-mail addresses of our newsletter recipients and recipients of transactional e-mails, as well as their further data described in the context of this notice, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. MailChimp may also use this information to optimize or improve its own services, e.g. for technical optimization of the dispatch and display of the newsletter or for economic purposes, to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them or pass them on to third parties.

MailChimp is subject to the EU-US Privacy Shield and is committed to comply with EU data protection regulations.

Please refer to Mailchimp’s Privacy Policy for details.

2.7. Trustpilot

Our customers and training participants have the opportunity to evaluate lawpilots on the Trustpilot platform (Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark). If you wish to submit a rating and do so via our website, we will transmit your e-mail address to Trustpilot. The legal basis for data processing is Art. 6(1)(a) GDPR.

Please refer to Trustpilots Privacy Policy (UK) for details.

2.8. Google Tag-Manager

Our websites uses Google Tag Manager, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Tag Manager serves to manage tracking tools and other services, so-called website tags. A tag is an element that is stored in the source code of our websites in order to record, for example, predefined usage data. Google Tag Manager does not use cookies. Google Tag Manager ensures that the usage data required by our partners (see the data processing activities described below) is forwarded to them. In some cases, the data is processed on a Google server in the USA. In the event that personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield. The legal basis is Art. 6(1) Sentence 1(f) GDPR, based on our legitimate interest in being able to integrate and manage multiple tags on our website in an uncomplicated manner. For more details, please refer to the information provided by Google about Google Tag Manager.

2.9. Use of our own cookies

We use our own cookies and comparable technologies (e.g., local storage) only on the learning platform for conducting our online courses. If you reject cookies, the learning platform will not work for you without problems. The legal basis for the data processing is Art. 6(1) Sentence 1(f) GDPR, based on our legitimate interest in operation of our learning platform. We use cookies from the third-party providers listed below.

2.10. Use of cookies and comparable technologies for usage analysis

To improve our websites, we use cookies and comparable technologies (e.g., web beacons) for the statistical recording and analysis of general usage behavior based on access data. The legal basis for the data processing described below is Art. 6(1) Sentence 1(f) GDPR, based on our legitimate interest in the demand-oriented design and continuous optimization of our websites.

2.10.1 Google Analytics

Our websites uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies and similar technologies in order to analyze and improve our websites based on your user behavior. For evaluation purposes, Google may transfer the data generated in this context to a server in the USA and store it there. In the event that personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield. However, your IP address is shortened before the usage statistics are evaluated, which means that no conclusions can be drawn about your identity. For this purpose, our websites uses the Google Analytics extension code “anonymizeIP” to ensure that IP addresses are collected in anonymized form.
Google will process the information generated by the cookies for the purpose of evaluating your use of the websites, compiling reports on website activity for the websites operators, and providing other services relating to website usage and internet usage.

As described above, you can configure your browser to reject cookies, or you can prevent the recording of data generated by cookies about your use of our websites (including your IP address) and its processing by Google by downloading and installing a browser add-on provided by Google. As an alternative to the browser add-on or if you use a mobile device to visit our websites, please use this opt-out link. This will prevent Google Analytics from recording data within our websites in the future (the opt-out only works in the browser used and only for this domain). If you delete your cookies in this browser, you will need to click on this link again. Please refer to Google’s Privacy Policy for more information.

2.10.2 1&1 Internet SE

Our websites uses the 1&1 WebAnalytics analysis tool from 1&1 Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. The following data in particular is collected with 1&1 WebAnalytics for statistical evaluation and technical optimization of the websites:

  • Referrer (previously visited website);
  • Requested website or file;
  • Browser type and browser version;
  • Operating system used;
  • Device type used;
  • Time of access;
  • IP address in anonymous form (used only to determine the location of access).

Further information can be found in the Privacy Policy (German) of 1&1 Internet SE.

2.10.2 Mouseflow

Our websites use Mouseflow, a web analysis tool of Mouseflow ApS, Flaesketorvet 68, 1711 Kopenhagen, Denmark. The data processing serves the purpose of analyzing this website and its visitors. For this purpose, data is collected and stored for marketing and optimization purposes. This data can be used to create user profiles under a pseudonym. Cookies can be used for this purpose. The web analysis tool Mouseflow records individual visits (only with anonymous IP addresses). This creates a protocol of mouse movements and clicks with the intention of randomly playing back individual website visits and deriving potential improvements for the website. The data collected with Mouseflow will not be used to personally identify the visitor to this website and will not be merged with personal data about the bearer of the pseudonym without the separate consent of the person concerned. The processing takes place on the basis of Art. 6 (1) f) GDPR for the legitimate interest in direct customer communication and in the design of the website in line with requirements. For reasons arising from your particular situation, you have the right at any time to object to this processing of personal data concerning you based on Art. 6 (1) f GDPR. To do this, you can deactivate a recording on all websites that use Mouseflow globally for your current browser under the following link:

For more information, see Mouseflow’s Privacy Policy.

2.11. Use of cookies and comparable technologies for online advertising

We also use cookies and comparable technologies for advertising purposes. Some of the access data generated by your use of our websites is used for interest-based advertising. Analyzing and evaluating this access data allows us to show you personalized advertising on our websites and on the websites of other providers. This means advertising that reflects your actual interests and needs.
The legal basis for the data processing described in the following section is Art. 6(1) Sentence 1(f) GDPR, based on our legitimate interest in the personalized advertising of our products and services.
In the following section, we would like to explain these technologies and the providers used for them in more detail.

The data collected may include in particular

  • the IP address of the device,
  • the date and time of access,
  • the ID number of a cookie,
  • the device ID of mobile devices,
  • technical information about the browser and operating system.

However, the data collected is stored exclusively in pseudonymous form, meaning that no direct conclusions can be drawn about individual persons.
In each of the following descriptions of the technologies we use, you will also find information about how you can object to our analysis and advertising measures by means of what are known as opt-out cookies. Alternatively, you can exercise your right to object using the settings on the websites Truste or Your Online Choices, which allow you to opt out of the services provided by a range of advertisers. Both sites let users place opt-out cookies to deactivate all ads from the providers listed at once, or alternatively to adjust their settings for each individual provider. Please note that if you later delete all cookies in your browser or use a different browser and/or profile, you will need to store a new opt-out cookie.

2.11.1. Google AdWords Remarketing

Our websites use “AdWords Remarketing”, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use AdWords Remarketing to advertise our products and services within Google Search and the Google Search Network following your visit to our websites. The service uses cookies and similar technologies for this purpose. For evaluation purposes, Google may transfer the data generated in this context to a server in the USA and store it there. In the event that personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield.
If you use a Google Account, depending on the settings in your Google Account, Google can link your web and app browsing history to your Google Account and use information from your Google Account to show you personalized ads. If you do not want this information to be associated with your Google Account, you must log out of Google before visiting our websites.
You can configure your browser to reject cookies as described above. You can also disable the “Ads Personalization” button in your Google Ads Settings. In this case, Google will then only display general advertising which has not been selected based on information collected about you.

Please refer to Google’s Privacy Policy for more information.

2.11.2. Google DoubleClick

Our websites uses DoubleClick by Google, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA («Google»). DoubleClick uses cookies and similar technologies to show you advertisements that are relevant to you. The use of DoubleClick enables Google and its partner sites to serve ads based on previous visits to our or other sites on the Internet. The data collected in this context may be transferred by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield.

You may refuse the use of cookies by selecting the appropriate settings on your browser (as described above), however please note that if you do this you may not be able to use the full functionality of the websites. You can also prevent Google from collecting the data generated by the cookies and related to your use of the websites and Google from processing this data by downloading and installing the DoubleClick deactivation browser plug-in. As an alternative to the browser plug-in or within browsers on mobile devices, you can disable the «Personalized advertising» button in Google’s advertising preferences. In this case, Google will only display general ads that have not been selected based on the information we collect about you.

For more information, please see Google’s Privacy Policy.

2.12 Facbook Fanpage

We jointly operate a fan page on the social network of Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA («Facebook»), where we communicate with interested parties and followers and inform them about our products and services.

We may receive statistics from Facebook about how Facebook/Fanpage users use our Fanpage, such as information about interactions, likes, dislikes, comments, or aggregated information and statistics (such as the age or origin of our followers) that help us learn about interactions with our site. For more information about the nature and extent of these statistics, please see the Facebook info on using pages insights. Further information on the respective legal responsibilities can be found in the Facebook Page Insights Controller Addendum. The legal basis for this data processing is Art. 6 (1b) of the GDPR and 6 (1f) of the GDPR based on our aforementioned legitimate interest.

We have no control over the data that Facebook processes on its own responsibility in accordance with Facebook’s terms of use. However, we would like to point out that when you visit the fan page, data on your usage behavior is transferred from Facebook and the fanpage to Facebook. Facebook itself processes the aforementioned information in order to compile more detailed statistics and for its own market research and advertising purposes over which we have no control. You can find more detailed information on this in Facebook’s privacy policy. In the event that personal data is transferred to the USA, Facebook has submitted to the EU-US Privacy Shield.

If we receive your personal data while operating the fanpage, you are entitled to the rights stated in this data protection declaration. If you also wish to assert your rights against Facebook, the easiest way to do this is to contact Facebook directly. Facebook knows the details of the technical operation of the platform and the associated data processing as well as the concrete purposes of data processing and can implement appropriate measures on request if you make use of your rights. We are happy to support you in asserting your rights to the extent possible and forward your requests to Facebook.

3. Disclosure of data

In principle, we will only pass on the data we collect if:

  • you have given your explicit consent pursuant to Art. 6(1) Sentence 1(a) GDPR;
  • disclosure is necessary pursuant to Art. 6(1) Sentence 1(f) GDPR in order to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed;
  • we are legally obliged to do so under Art. 6(1) Sentence 1(c) GDPR; or
  • this is permitted by law and is required under Art. 6(1) Sentence 1(b) GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may in particular include data centers that store our websites and databases, IT service providers that maintain our systems, IT services and consulting firms. If we pass data on to our service providers, they may use the data exclusively for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organizational measures in place to protect the rights of data subjects and are carefully monitored by us.
In addition, data may be disclosed in connection with official requests, court orders and legal proceedings if this is necessary to pursue or enforce rights.

4. Storage period

In principle, we only store personal data for as long as necessary to fulfil contractual or legal obligations for which we have collected the data. We then delete the data without delay, unless we still require the data until the end of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.
For evidence purposes, we must keep contract data for another three years after the end of the year in which the business relationship with you ends. After the standard statutory period of limitation, any claims become statute-barred at this point in time at the earliest.
Even after that, we are still required to store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations, which may arise on the basis of the German Commercial Code, the Fiscal Code, the Banking Act and the Money Laundering Act. The periods specified there for retaining documents range from two to ten years.

5. Your rights

You have the right to information about how we process your personal data at any time. When providing this information, we will explain the data processing to you and provide you with an overview of the data stored about you. If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected. You may also demand that your data be erased. Should the erasure not be possible in exceptional cases due to other legal regulations, the data will be blocked so that it is only available for that legal purpose. You are also entitled to have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect. You also have the right to data portability, which means that on request we will send you a digital copy of the personal data you have provided.
In order to assert your rights described here, you can contact us at any time using the contact details provided. This also applies if you wish to receive copies of safeguards in order to prove an adequate level of data protection.
Finally, you have the right to lodge a complaint with our competent data protection supervisory authority. You can assert this right by contacting a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. In Berlin, where LawPilots GmbH is headquartered, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

6. Right of withdrawal and objection.

You have the right to withdraw the consent you gave us at any time. As a result of this, we will cease the data processing based on this consent with future effect. This withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.
Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time for reasons arising from your particular situation. If your objection is to data processing for direct marketing purposes, you have a general right of objection, which we will implement without requiring you to give reasons.
If you would like to make use of your right of withdrawal or objection, it is sufficient to simply notify us using the contact details provided above.

7. Changes to this privacy policy

We will update this privacy policy from time to time, for example if we adapt our websites or there is a change in the legal or regulatory requirements.

Last amended: September 2018


Pablo Palma
Servicio de atención al cliente:
Lun – Vie 8:30 h – 18:00 h

Háganos saber su opinión. Estamos aquí para ayudarle.

+34 911 985 740

Obviamente, sus datos serán tratados de forma confidencial. La transmisión de datos está encriptada. Encontrará más información en nuestra declaración de protección de datos (EN).

lawpilots GmbH Recht. Einfach. Verstehen. lawpilots bietet innovative & praxisnahe E-Learnings Anonym hat 4,65 von 5 Sternen 1856 Bewertungen auf