Privacy Policy/Datenschutzerklärung

Version 1.0, Last update 10th June 2021

When you visit expath.com (hereinafter referred to as "Website"), or use the services offered on it, personal data about you will be processed, i.e. your data will be collected, stored, used and transmitted. In accordance with Art. 13 and 14 of the EU General Data Protection Regulation (GDPR), this data protection policy informs you about this processing and your related rights.

Data controller

Controller in the meaning of Art. 4 (7) GDPR, other data protection laws applicable in Member states of the European Union and other provisions related to data protection is Expath Training & Consulting GmbH, Jansastr. 9, 12045 Berlin, Deutschland, Phone: 030 880 63 605, email: hello@expath.com (hereinafter referred to as "we").

Data Protection Officer

You can contact our data protection officer via dpo@expath.com.

Retention & Storage

Generally, we will only retain your personal data as long as necessary to fulfill the purposes mentioned above. After that period, your personal data will be retained solely for the period that is statutory required or another legitimate purpose replaces the original purpose. This may, for instance, be the case with data needed to defend ourselves against potential claims within the statute of limitations of such.

Your rights as a data subject

In accordance with the GDPR, you have the following rights with regard to your personal data to the extent permitted by law:

  • Right of access,
  • Right to rectification,
  • Right to erasure,
  • Right to restriction of processing,
  • Right to object to the processing,
  • Right to withdraw consent,
  • Right to data portability.

If we process your personal data on the basis of our legitimate interests (Art. 6 (1) (f) GDPR), you can object to the processing by contacting us or the Data Protection Officer (e. g. by email, contact data above). Cases in which we base processing on our legitimate interest are described in this Data Protection Policy.

You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data.

For Website visitors

Any visitor of the Website might be subject to the following processing of personal data, depending on the services you use on the Website.

Functioning and security of the Website

The following personal data is automatically processed each time the website is accessed for technical and security reasons:

  • Browser type and version used,
  • Your operating system,
  • Date and time of access,
  • Request details and destination address (protocol version, HTTP user agent string),
  • Websites from which your system accesses our Website (Referrer),
  • Websites accessed by your system from our website,
  • Name of the file accessed and the amount of data transferred,
  • Message as to whether the request was successful (HTTP status code).

(hereinafter: “browser data”).

The processing of browser data is technically required and takes place in our interest to display the Website properly and to guarantee technical stability and security.

The legal basis for processing is Art. 6 (1) (f) GDPR.

We store browser data in so-​called server log files for up to 30 days for the purpose and in our interest of clarifying abuse or fraud actions. Browser data is not stored together with other of your personal data. Browser data, which must be stored for further evidentiary purposes, is excluded from deletion until the respective incident has been finally clarified.

The legal basis for this processing is Art. 6 (1) (f) GDPR.

For Newsletter Subscribers

On the Website, you can register to receive a newsletter. Your name, email address and your subscription decision will be processed for this purpose.

To receive the newsletter, you have to enter your email address. We store it exclusively in order to be able to send you the newsletter.

The legal basis for the processing of your email address is Art. 6 (1) (a) GDPR.

Registration to our newsletter takes place via a so-​called “double opt-​in mechanism”. After entering your email address, we will send an email containing a confirmation link (“double opt-​in”). If no confirmation is received within 48 hours, the registration will be automatically deleted. If you click the link of the confirmation email, we will save your email address until you unsubscribe from the newsletter.

The legal basis for these proceedings is Art. 6 (1) (a) GDPR.

To prevent unauthorized use of your personal information, we also store the time of your registration and your IP address.

The legal basis in this respect is Art. 6 (1) (f) GDPR.

In addition, for technical and organizational reasons, the time of the last change to your data record, the time of giving consent and the status of a completed double opt-in are processed. This serves the purpose of fulfilling our data protection accountability obligations.

The legal basis is Art. 6 (1) (c) GDPR.

You have the right to withdraw your consent any time. You can declare your withdrawal by clicking the link provided in every newsletter. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

We process your data only as long as you receive the newsletter. As soon as you unsubscribe, we will immediately delete your email address, unless there are any storage obligations to the contrary.

Newsletter delivery

To create, send, and manage our email newsletters, to measure our email campaigns performance, improve site features for customers, and evaluate your use of the Website, we process your name, email, email activity, and prior newsletters sent to you. Furthermore, we use cookies, which contain data about your computer’s IP address, browser, etc. To provide this service, we use a software from The Rocket Science Group LLC (Mailchimp). Further information on the purpose and scope of data collection and processing by Mailchimp can be found in their Privacy Policy. There you will find more information about your rights as well as options to protect your privacy.

The legal basis for our processing is Art. 6 (1) (a) GDPR.

For Contacting us

When you contact us (e. g. by contact form, email or telephone), we process personal data we collect (content of your message, name, title, email address, phone number, employer; date and time of contact form use) exclusively in order to handle your inquiry, respond to it or contact you. The data will be deleted after the correspondence has ended, as far as there are no legal or other obligations to store.

The legal basis for this processing of your personal data is Art. 6 (1) (b) GDPR. Insofar as the correspondence is neither necessary for the performance of a contract with you nor in order to take steps prior to entering into a contract, the legal basis for the processing is Art. 6 (1) (f) GDPR. In such a case, it is in our legitimate interest to communicate with you and to manage and document the communication.

Online test

When interacting with our online placement test, we process your name and email (if provided), your test score, employer, and the date and time of the test taken, so we can provide you classes matching you skill level.

To provide this service, we use Typeform. Further information on the purpose and scope of data collection and processing by Typeform can be found in its Privacy Policy.

The legal basis for this processing is Art. 6 (1) (b) GDPR.

For Website Analytics

For the purpose of and in our legitimate interest in optimizing the Website, we analyze your use of the Website, compile reports on activities on Website, using the website analytics tool Google Analytics. Therefore, personal data such as your IP address or browser configuration is processed. The tool analyzes user behavior on the Website, e.g. which pages a user visits. Also, user profiles are created. Google Analytics sets cookies to identify unique users that visit the Website. Before this happens, however, we use an anonymization service of Google that shortens your IP address when visiting the Website (a script deletes the last digits of your IP address). Only this shortened IP address is transmitted to Google servers in the USA for analytics purposes. It should not be possible to connect a shortened IP address with you anymore.

The IP address shortening is also performed by Google. In most cases, the shortening takes place on servers within the EU or other states of the European Economic Area (EEA). According to Google, the IP address transmitted in this process is not merged with other data that Google possesses about you.

You have several options to prevent usage analysis by Google Analytics:

  • You can use our privacy banner when visiting our website to declare that you object to the usage analysis;
  • You can prohibit the setting of cookies in the settings of your browser. To make the settings, please consult the help and support section of your browser provider;
  • You install a free browser plug-in.

Legal basis for this processing is Art. 6 (1) (f) GDPR.

Social Media Plugins

We use the social media plugins of the social media providers Facebook, Instagram, Linkedin and Twitter. If you choose to click on social media button, your IP address, date and time of access, time zone, page accessed on our website, HTTP status code, browser, and browser’s language will be transferred to the respective social network. This information is transferred – even if you do not have an account at the social media provider – via a small pixel on the webpage that features the plugin. Facebook will also note which webpage you used on the Website to access their own website. If you are already logged into your Facebook or Twitter account, this data will be connected to your account. You can avoid the assignment of information to your Facebook and/or Twitter by logging out of your corresponding account before clicking the plugin button on the Website.

In order to protect your data, we use a “two-click” solution. This means that when you visit our site, none of your personal data is automatically passed on to Facebook or Twitter. Your personal data and information regarding your activity on our website is only transmitted to the plugin provider if you click on the corresponding button. You can identify the provider of the plugin by the mark on the box above its initial letter or logo. The social media providers collect your data also via cookies.

Further information on the purpose and scope of data collection and processing by the social media providers can be found in Facebook’s, Instagram’s, Linkedin’s, and Twitter‘s Privacy Policy. There you will find more information about your rights as well as options to protect your privacy.

It is in our legitimate interest and the purpose of the processing to offer you the possibility to interact with social networks and other users.

The legal basis for the use of the plug-ins is Art. 6 (1) (f) GDPR.

Recipients of personal data and data transfer to third countries

To perform the processing described above, we sometimes transfer your personal data to external service providers. Such third parties may have access to your personal data to the extent necessary for the provision of their services.

These transfers involve transfer of personal data to third countries not situated in the European Economic Area (EEA). To ensure that your personal data is adequately secure, and where such adequate level of protection has not been bindingly recognized by the EU Commission for the above countries, we have put in place adequate safeguard.

The recipients of your personal data are the following:

  • The Rocket Science Group LLC Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA helps us with our newsletter. Therefore, personal data is transferred to the United States of America. The Rocket Science Group LLC Mailchimp is registered under the EU - U.S. Privacy Shield.
  • For website analytics, personal data is transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is registered under the EU - U.S. Privacy Shield.
  • For video playback and embedding on or website, we transfer personal data to Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA. Vimeo Inc. is registered under the EU - U.S. Privacy Shield.
  • When using social media plugins on our website, we transfer personal data to Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA or Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA respectively. Both companies are registered under the EU - US Privacy Shield.

For Clients

The following describes the processing of personal data that might take place if you are one of our clients. If order or receive any of our services online, please also check the „Website visitors“ section of this policy.

Access control & checkout

To be able to sell services online and to restrict access to premium content (for example, full-length online workshops) to our customers, we process personal data, e.g. your name, address, email address, internet preferences, what you purchased, date and time of purchase, bank details, credit card details, PayPal email address, name, and email address. We also use cookies that are necessary to provide you with our services.

The legal basis for this processing is Art. 6 (1) (b) GDPR.

Accounting and finance

For accounting purposes, which includes e.g. invoice creation and management, bookkeeping, auditing and fulfillment of legal financial obligations, we process order information (what you purchased, date and time of purchase), number of times you log into an online workshop, bank details, credit card details, PayPal email address, name, and email address). We also use the help of tax advisors, banks and third party online services, and cloud storage providers (such as Tresorit; click here for Tresorit‘s Privacy Policy).

Legal basis for this processing is Art. 6 (1) (b) GDPR.

We store invoices and all payments made to and from us, containing personal data, consisting of online transaction and invoice data. We are legally obliged to store this data.

To facilitate online payment, we use third party service providers such as Paypal Holdings Inc., Klarna AG/Sofort GmbH and Stripe Inc. Further information on the purpose and scope of data collection and processing by our payment service providers can be found in the providers‘ Privacy Policies (PayPal, Klarna/Sofort, or Stripe).

Legal basis for this processing is Art. 6 (1) (c) GDPR.

Customer service requests

We also process your personal data to provide you a customer support and helpdesk solution, which is in our legitimate interest. The personal data includes all information submitted to us by you in your service request. In order to manage customer service requests from customers, we use the third party tool Freshdesk from Freshworks. If you email us a customer service request or send it to us through one of our webforms, this information is forwarded to the Freshdesk platform, including all information you provided in that email. Freshdesk utilizes cookies to customize user experience and optimize their services. When visiting their website, Freshdesk collects data about your device and the services you use on their website.

Legal basis for this processing is Art. 6 (1) (b) GDPR if the processing is necessary to fulfil our contractual obligations to you, and Art. 6 (1) (f) GDPR in all other cases.

For Online workshop videos

We have included Vimeo videos in our online workshops, which are stored at https://vimeo.com and can be played directly from our website, to be able to provide you our online workshop offers.

If you accessed the corresponding subpage of our website with the video plugin, Vimeo will be informed of that fact. In addition, electronic information such as your IP address will be transmitted. Further information on the purpose and scope of data collection and processing by Vimeo can be found in Vimeo’s Privacy Policy.

The legal basis for our processing is Art. 6 (1) (b) GDPR.

Language classes booking

To provide you online classes, we need to process your personal data which might include your name, phone number, email address, the start and end date of classes and lessons, your current employer, data on presence and absence, date and time of your booking, meta data of emails exchanged between us, use of media and means of communication, and the location of your course booking. For this purpose, we also use online tools of third party providers, such as Google Calendar and Drive, Edoobox or TutorCruncher. Further information on the purpose and scope of data collection and processing for this purpose can be found in the Privacy Policies of Google, Edoobox and TutorCruncher.

To provide you online classes, we use the software „zoom“. Zoom is a third party application of Zoom Video Communications, Inc. You need to enter into a legal relationship with Zoom yourself, and they are controller of the data that you provide to them. Further information on the purpose and scope of data collection and processing by Zoom can be found in Zoom’s Privacy Policy.

However, when we are the host of a class using a zoom video session that you take part in, zoom gives us access to some of your personal data. This includes, e.g. the fact that you take part in the session, your name, your picture and voice, and other data that you provide. This processing is necessary to provide you our services.

Legal basis for the processing is Art. 6 (1) (b) GDPR.

Relocation and coaching client booking

To provide you with our relocation services and coaching services, we need to process your personal data which might include your name, address, email address and phone number, age, sex, date of birth, place of birth, nationality, current employer, work responsibilities, salary, income, wealth, working hours, termination of employment, your professional career, qualifications, experience, your educational career, rental situation, availibility, what services you purchased from Expath and the date ordered, passport picture, signature, data about family members and marital status (for family relocation), date and time of emails exchanged, visa and work permits, use of media and means of communication, passport number, social insurance ID, and date of arrival in Germany.

The processing might include the transfer of that personal data to the Business Administration Services of Berlin and to our Freelance Coaches.

We also use online tools of third party providers, such as Google Workspace, ReloTalent, Nitro Pro, Smallpdf, Skype, and Whatsapp. Further information on the purpose and scope of data collection and processing for this purpose can be found by clicking on the respective service.

Legal basis for the processing is Art. 6 (1) (b) GDPR.

Document storage

When e.g. using our services (e.g. relocation, language classes), you might provide us with documents that contain personal data. We store and use these documents and the data included to provide you our services. We might use third party online storage providers such as Tresorit and Google Drive (please click to read the respective company’s Privacy Policies).

The legal basis for our processing is Art. 6 (1) (b) GDPR.

If the documents you provide contain any data of a sensitive nature, especially special categories of data in the meaning of Art. 9 GDPR (i.e., personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation), we will process the data only based on your prior explicit consent.

Client newsletter reception

As our client, we may send you a newsletter from time to time. To create, send, and manage our email newsletters, to measure our email campaigns performance, improve site features for customers, and evaluate your use of the Website, we process your name, email, email activity, and prior newsletters sent to you. Furthermore, we use cookies, which contain data about your computer’s IP address, browser, etc. To provide this service, we use a software from The Rocket Science Group LLC (Mailchimp). Further information on the purpose and scope of data collection and processing by Mailchimp can be found in their Privacy Policy. There you will find more information about your rights as well as options to protect your privacy.

Legal basis for this processing is Art. 6 (1) (f) GDPR, and our legitmate interest is to present our services and to provide helpful information to our existing customers.

You can decide not to be included in our list of newsletter recipients at any time, e.g. by telling us via hello@expath.com or clicking on the respective link in a newsletter you have received from us.

Quality control

We process your name, email address, and date and time of emails sent to evaluate and assure the quality and performance of all Expath employees and freelancers.

Legal basis for this processing is Art. 6 (1) (f) GDPR.

Our legitimate interest is to ensure a high standard and quality when delivering our services.

Recipients of personal data and data transfer to third countries

To perform the processing described above, we sometimes transfer your personal data to external service providers. Such third parties may have access to your personal data to the extent necessary for the provision of their services.

These transfers involve transfer of personal data to third countries not situated in the European Economic Area (EEA). To ensure that your personal data is adequately secure, and where such adequate level of protection has not been bindingly recognized by the EU Commission for the above countries, we have put in place adequate safeguard.

The recipients of your personal data are the following:

  • To help us with providing our language classes, we use the tool Edoobox from Etzensperger Informatik AG, Kirchweg 24, CH-3366 Bettenhausen, Switzerland. For that purpose, we transfer personal data to Switzerland, which is recognized by the European Commission as a country providing adequate protection for your rights.
  • To help us with providing our language classes, we use the tool Google Calendar from Google. For that purpose, we transfer personal data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is registered under the EU-U.S. Privacy Shield.
  • To help us with providing our language classes, we use the tool TutorCruncher from TutorCruncher, The Food Exchange, New Covent Garden Market, London, SW8 5EL, United Kingdom. For that purpose, we transfer personal data to TutorCruncher.
  • When our sevices require online storage of documents, we use online third party providers, such as
  • Tresorit AG, Minervastrasse 3, 8032 Zurich, Switzerland. Switzerland is recognized by the European Commission as a country providing adequate protection for your rights;
  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is registered under the EU-U.S. Privacy Shield.
  • To facilitate payment for our services, we use tools and APIs of third party providers, such as
  • Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA . Stripe is registered under the EU-U.S. Privacy Shield.
  • Sofort GmbH. Theresienhöhe 12 80339 Munich, Germany
  • PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.
  • To provide customer support and helpdesk, we transfer personal data to Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA. Freshworks is registered under the EU-U.S. Privacy Shield.