1. Data Controller (Verantwortliche Stelle)
In the sense of Art. 4(7) GDPR and Turkey's KVKK Art. 3, the data controller is:
TechNS UG (haftungsbeschränkt) Ludwig-Erhard-Str. 16A, 61440 Oberursel (Taunus), Germany Email: info@applytogerman.com — Phone: +49 6171 277 51 37
We have not appointed a Data Protection Officer (Datenschutzbeauftragter); inquiries may be directed to the address above.
2. Personal Data Collected
| Category | Data | When |
|---|---|---|
| Access data | IP (hashed), browser, referrer, path | Every page view |
| Account data | Name, email, password (bcrypt) | On registration |
| Newsletter | Email, name (optional) | On subscription |
| Reviews | Name, email, university review | On submission |
| Cookies | Session, language, consent state | Browser cookies |
3. Purposes & Legal Basis
- Service provision (university discovery, comparison) — Art. 6(1)(b) GDPR, contract performance
- Security & abuse prevention — Art. 6(1)(f) GDPR, legitimate interest
- Newsletter — Art. 6(1)(a) GDPR, explicit consent (double opt-in)
- Analytics — Art. 6(1)(f) GDPR (self-hosted, anonymized; consent for non-essential)
- Legal obligations — Art. 6(1)(c) GDPR (e.g. tax record retention)
4. Retention Periods
- Access logs — Anonymized after 90 days
- Account data — Until deletion request
- Newsletter — Until unsubscribe
- Reviews — Until removed by author or moderator
- Legal obligations (tax) — 10 years (HGB § 257, AO § 147)
5. Third-Party Data Transfer
We share data only with:
- Hosting: All-Inkl (KASSERVER.COM), EU/Germany
- Email delivery: Brevo (formerly Sendinblue), EU, GDPR-compliant
- CDN/fonts: None (self-hosted Inter font, no Cloudflare)
- Analytics: Self-hosted (no Google Analytics)
No transfers to the USA.
6. Cookies
See our Cookie Policy. Summary:
- Essential: Session (CSRF, login), language preference
- Analytics: Anonymous visitor counts (only with consent)
- Advertising: None
7. Your Rights (GDPR Art. 15-22 / KVKK Art. 11)
- Access — Know what data we store about you
- Rectification — Correct inaccurate data
- Erasure ("right to be forgotten") — Delete your account and all data
- Restriction — Stop specific processing
- Portability — Receive your data in a machine-readable format
- Objection — Object to processing based on legitimate interest
- Complaint — File with the Hessian DPA (HBDI) or KVKK Authority
Contact: info@applytogerman.com
8. SSL/TLS Encryption
All connections are encrypted with HTTPS (TLS 1.2+). The 🔒 icon in your URL bar confirms encrypted communication.
9. Automated Decision-Making
No automated decision-making or profiling per Art. 22 GDPR is performed.
10. Changes to this Policy
We may update this policy due to legal changes or service updates. Material changes will be notified via email or a site banner. The effective date is shown above.