Privacy & data protection

Privacy Notice for the website course shop

This notice explains how we collect, use, and protect your personal data when you visit fairplay-digital.com, purchase our training services, or interact with us.

We are committed to protecting your privacy and handling your data transparently.

0) Master data & versioning

Company (controller)
FairPlay Digital GmbH
Address
Sonninstraße 22a, 20097 Hamburg, Germany
Email (privacy)
privacy@fairplay-digital.com
Email (general)
info@fairplay-digital.com
Website
https://www.fairplay-digital.com
Company registration
HRB 189002 (AG Hamburg), VAT: DE363792704
Managing Directors
Yassine Hamza, Nicklas Andre Tietje
Last updated
27/09/2025 · Version 1.0
Status
Active
Distribution
FairPlay Digital
Author
Yassine Hamza

First version of the privacy notice for the website course shop.

1) Who we are (Data Controller)

FairPlay Digital GmbH ("we", "us", "our", "FairPlay Digital") is the controller for processing activities related to this website and course shop.

Company Registration
HRB 189002
Address
Sonninstraße 22a, 20097 Hamburg, Germany
Email (privacy)
privacy@fairplay-digital.com
General contact
info@fairplay-digital.com

2) What data we collect

Identity & Contact Data

  • Full name and email address
  • For company purchases: company name, VAT number, billing address, and designated contact person details
  • Professional title and role (optional)

Training Records

  • Courses purchased, enrolled, or accessed

Billing & Financial Data

  • Invoice details and billing address
  • Payment status and transaction IDs
  • Payment method type (not full card details; processed directly by Stripe)
  • Checkout compliance data (request IP address, detected country code, and provider confidence rating) stored with your cart record in our database (linked to your session cookie) for tax calculation and fraud prevention

Communications Data

  • Email correspondence
  • Consent records

Technical & Usage Data (via Google Analytics with consent)

  • Browser type and version; device category; operating system
  • Page views and session duration
  • Basic access logs for security
  • Referring website/source

Credit/debit card details are processed directly by Stripe; we never receive or store complete card data.

3) How we use your data (Purposes & Legal Bases)

Marketing communications

Existing customers: information about similar training services under legitimate interests (soft opt-in). Opt out anytime.

Prospective contacts: marketing only with explicit consent.

Unsubscribe via the link in any email or contact privacy@fairplay-digital.com.

Special note on PECB courses

For PECB-branded courses, a MyPECB account is required. If you do not have one, we may invite you to create it or initiate activation by sharing your name and email with PECB for contract performance and our legitimate interest in efficient service delivery.

Automated decision-making

We do not make decisions based solely on automated processing.

PurposeLegal basisDetails
Service DeliveryArt. 6(1)(b) GDPRCreating bookings, providing course access, confirmations, account management
PECB Course AdministrationArt. 6(1)(b) & (f) GDPRMyPECB account creation/activation, course assignment, certification management
Customer SupportArt. 6(1)(b) & (f) GDPRAnswering questions, resolving issues, technical assistance
Billing & AccountingArt. 6(1)(c) GDPRIssuing invoices, tax compliance, audits, record keeping
Security & Fraud PreventionArt. 6(1)(f) GDPRAnti-fraud checks, security monitoring, incident response, protecting systems
Service ImprovementArt. 6(1)(f) GDPRAnonymous analytics, performance metrics, quality assurance
Direct MarketingArt. 6(1)(f) GDPR (§7(3) UWG) or Art. 6(1)(a) GDPRSimilar services to existing customers (opt-out) or consent for prospects
Legal ComplianceArt. 6(1)(c) GDPRResponding to legal requests, court orders, regulatory requirements

4) Where your data comes from

Sources

  • Directly from you (registration, purchase, forms, contact)
  • Automatically generated (transaction IDs, timestamps, system logs)
  • Third parties (payment processors, PECB updates, business partners registering participants, public B2B directories)

5) Who we share data with

We never sell your personal data. We only share what is necessary.

Independent controllers

PECB (for PECB courses) processes data under its own privacy policy for certification and exam administration.

Training partners may receive limited data on a need-to-know basis when delivering specific courses.

Other disclosures

Where required by law or court order; to protect vital interests; as part of a business transfer (with notice); or where you have given explicit consent.

International transfers

When data is transferred outside the EEA, we use EU Standard Contractual Clauses, adequacy decisions where applicable, and additional security measures as needed.

ProviderPurposeLocationSafeguards
StripePayment processingUSAEU–US Data Privacy Framework; SCCs
NeonDatabase hostingGermany (Frankfurt)EU-based; DPA in place
Microsoft (Microsoft 365)Email communicationsEEA data centersEU-based processing; DPA; SCCs
VercelWebsite hosting & CDNEU/GlobalDPA; SCCs; EU data residency option
Google Analytics (GA4)AnalyticsUSA/IrelandEU–US Data Privacy Framework; SCCs

6) Cookies & Tracking Technologies

Your cookie choices

  • Manage consent via “Cookie Settings” at the bottom of any page.
  • Install Google’s opt-out browser add-on to opt out of Analytics.
  • Use your browser settings to block or delete cookies.
TypePurposeDurationOptional?
EssentialSite functionality, securitySessionNo
Analytics (GA4)Usage analytics (with consent)14 monthsYes
PreferencesLanguage, display settings12 monthsYes

We do not use advertising cookies or social media pixels.

7) How long we keep your data

Deletion process on request

  • Active data removed within 30 days.
  • Backups expire naturally within max. 30 days.
  • Certain records may be retained longer to meet legal obligations.
Data categoryRetention periodReason
Account & course dataActive account + 24 months inactivityService continuity
Certification records10 years or as requestedProfessional requirements
Financial records10 years (Germany: § 147 AO)Legal obligation
Support communications12 months after resolutionQuality assurance
Marketing consentUntil withdrawn + 3 yearsCompliance evidence
Security logs90 daysSecurity monitoring
Backups30 days rollingDisaster recovery

8) Security measures

Technical measures

TLS 1.3 encryption in transit; AES-256 at rest; Web Application Firewall; regular security updates and patches; vulnerability scanning and penetration testing.

Organizational measures

Strict access controls (CEO & CTO only for production), mandatory 2FA for admin access, DPAs with all processors, regular security training, incident response procedures (24-hour notification target), privacy by design for new features.

9) Your rights under GDPR

How to exercise your rights
Email privacy@fairplay-digital.com with your name, email and specific request; response within 30 days (up to 90 days for complex cases).

You may exercise the following rights:

  • Access (Art. 15) – obtain a copy of your data
  • Rectification (Art. 16) – correct inaccurate data
  • Erasure (Art. 17) – request deletion (“right to be forgotten”)
  • Restriction (Art. 18) – limit how we process your data
  • Portability (Art. 20) – receive your data in machine-readable format
  • Object (Art. 21) – oppose processing, especially for marketing
  • Withdraw consent (Art. 7) – cancel previously given consent

10) Data provision requirements

Mandatory data

  • Name and email
  • Payment information (via Stripe)
  • For PECB courses: MyPECB account

Optional data

  • Professional details
  • Marketing preferences
  • Feedback and reviews

You can use our services without providing optional data.

11) International users

We comply with GDPR for all users. Prices and contracts are governed by German law. Data may be processed in Germany regardless of your location.

12) Children's privacy

Our services are for professionals and businesses. We do not knowingly collect data from anyone under 16. If you believe we have inadvertently collected such data, please contact us immediately.

13) Changes to this notice

We may update this notice to reflect:

  • Changes in our data processing
  • New legal requirements
  • Service improvements

Notification of changes

  • Minor changes: updated notice posted on website
  • Significant changes: email to active users
  • Please review the “Last updated” date regularly

14) Contact us

Email (privacy)
privacy@fairplay-digital.com
Postal address
FairPlay Digital GmbH, Sonninstraße 22a, 20097 Hamburg, Germany
Initial acknowledgement
Within 5 business days