Skip to content
EEdel Online

Privacy Policy

Last updated: March 16, 2026

At Edel Online ("we", "us"), we take the protection of your personal data very seriously. This Privacy Policy informs you, in accordance with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), about how we collect, process, and protect your personal data.

1. Data Controller

The data controller within the meaning of Art. 4(7) GDPR is:

2. Personal Data We Collect

To provide our services, we collect the following personal data:

2.1 Identity and Contact Data

  • First and last name
  • Email address
  • Phone number

2.2 Education Data

  • German language level (A1–C2)
  • Lesson history and progress data
  • Placement test results

2.3 Payment Data

  • Payments are processed through the Iyzico payment infrastructure (PCI DSS compliant)
  • Credit card data is processed exclusively by Iyzico and is not stored on our servers

2.4 Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Page views and interaction data (via Google Analytics)

3. Purposes of Data Processing

Your personal data is processed for the following purposes:

  • Provision and management of our educational services
  • Lesson scheduling, appointments, and calendar management
  • Level assessment and progress tracking
  • Payment and billing processing
  • User account creation and management
  • Communication and notifications (WhatsApp, email)
  • Service quality improvement and analytics
  • Fulfilment of legal obligations

4. Legal Basis for Processing

The processing of your personal data is based on the following legal grounds under Art. 6(1) GDPR:

  • Art. 6(1)(a) GDPR — Consent: Processing based on your explicit consent (e.g., for marketing communications or the use of analytics cookies)
  • Art. 6(1)(b) GDPR — Performance of a contract: Processing necessary for the performance of our educational services agreement (e.g., account management, lesson scheduling, payment processing)
  • Art. 6(1)(c) GDPR — Legal obligation: Processing necessary for compliance with legal requirements (e.g., tax retention obligations for payment records)
  • Art. 6(1)(f) GDPR — Legitimate interest: Processing based on our legitimate interests (e.g., improving our services, ensuring IT security, fraud prevention), provided that your interests or fundamental rights do not override

5. Recipients of Data

Your personal data may be shared with the following third parties:

  • Supabase: Database and authentication infrastructure (EU-Central-1 region, Frankfurt)
  • Iyzico: Payment processing (PCI DSS compliant)
  • Google Analytics: Anonymised website analytics
  • Apple: iOS app authentication (Apple Sign In)
  • Expo: Push notifications for the mobile app

Your data will not be sold to third parties for commercial purposes or shared beyond the purposes stated above.

6. Data Transfers to Third Countries

Some of the service providers listed above may process data outside the European Economic Area (EEA). In such cases, we ensure an adequate level of data protection through:

  • EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR
  • Adequacy decisions by the European Commission pursuant to Art. 45 GDPR (where available)

7. Data Retention

  • Account data: For as long as your account remains active
  • Education data: Duration of service + 1 year
  • Payment records: 10 years (legal retention requirement)
  • Analytics data: Anonymised and retained indefinitely

Once the retention period expires, your data is periodically deleted or anonymised.

8. Cookies

Our website uses the following categories of cookies:

  • Essential cookies: Theme preference (light/dark mode)
  • Analytics cookies: Google Analytics (only with your consent pursuant to Art. 6(1)(a) GDPR)

You can disable cookies in your browser settings. Please note that some website features may not function properly if cookies are disabled.

9. Your Rights Under the GDPR

Under Art. 15–21 GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You have the right to obtain information about the personal data we process about you
  • Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate data or the completion of incomplete data
  • Right to erasure / "right to be forgotten" (Art. 17 GDPR): You have the right to request the deletion of your personal data, provided no legal retention obligations apply
  • Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your data
  • Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format, or to request its transfer to another controller
  • Right to object (Art. 21 GDPR): You have the right to object to the processing of your data at any time on grounds relating to your particular situation, where processing is based on Art. 6(1)(f) GDPR
  • Withdrawal of consent (Art. 7(3) GDPR): Where processing is based on your consent, you may withdraw it at any time with effect for the future
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data

To exercise your rights, please contact us at info@edeldil.com.

10. Security Measures

To protect your personal data, we implement the following technical and organisational measures in accordance with Art. 32 GDPR:

  • SSL/TLS encryption (HTTPS)
  • Row Level Security (RLS) — database-level access control
  • Encrypted authentication tokens
  • Regular security audits

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time. Changes will be published on this page and the "last updated" date will be adjusted accordingly.

12. Contact

If you have any questions or concerns about our Privacy Policy, please do not hesitate to contact us:

← Back to Home