Privacy Policy

Last updated: August 6, 2025

Controller

Fahrschule Oscar GmbH
Hauptstrasse 92
12159 Berlin

Authorized representative: Detlef Hoffleit

Email address: info@fahrschule-oscar.de

Imprint: https://fahrschule.web-raetzel.de/impressum

Overview of Processing

The following overview summarizes the types of data processed, the purposes of their processing, and the categories of data subjects.

Types of data processed

Inventory data
Payment data
Contact data
Content data
Contract data
Usage data
Meta, communication and procedural data
Log data

Categories of data subjects

Service recipients and clients
Interested parties
Communication partners
Users
Business and contractual partners
Educational and course participants

Purposes of processing

Provision of contractual services and fulfillment of contractual obligations
Communication
Security measures
Office and organizational procedures
Administrative and management procedures
Feedback
Provision of our online offering and user-friendliness
Information technology infrastructure
Business processes and economic procedures

Relevant Legal Bases

The following is an overview of the legal bases of the GDPR on which we process personal data. In addition to the provisions of the GDPR, national data protection regulations in Germany, particularly the Federal Data Protection Act (BDSG), apply.

Consent (Art. 6(1)(a) GDPR): The data subject has given consent for a specific processing purpose.
Contract performance and pre-contractual measures (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract.
Legal obligation (Art. 6(1)(c) GDPR): Processing is necessary to comply with a legal obligation.
Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless overridden by the interests or fundamental rights of the data subject.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements to ensure a level of protection appropriate to the risk. We consider the state of the art, implementation costs, the nature, scope, context and purposes of processing, and the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

Measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability, and separation of the data. We also have procedures in place to ensure data subject rights, data deletion, and responses to data risks.

We consider the protection of personal data when developing or selecting hardware, software and procedures, in accordance with the principle of privacy by design and default.

For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator, our website uses TLS encryption. You can recognize an encrypted connection by the browser address bar changing from “http://” to “https://” and by the lock symbol in your browser bar.

Transfer of Personal Data

In the course of processing personal data, it may happen that data is transferred to or disclosed to other entities, companies, legally independent organizational units, or persons. These recipients may include IT service providers or providers of services and content embedded in a website.

In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements for data processing on behalf, unless the recipients process the data independently.

General Information on Data Storage and Deletion

Personal data that we process is deleted once it is no longer required for its intended purpose and there are no legal retention obligations. If the data is not deleted because it is needed for other legally permissible purposes, its processing will be restricted.

This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Retention is in accordance with legal requirements, particularly for 6 years pursuant to § 257(1) HGB (commercial letters, accounting documents, etc.) and for 10 years pursuant to § 147(1) AO (tax documents).

Rights of Data Subjects

As a data subject, you have the following rights under the GDPR:

Right of access (Art. 15 GDPR): You have the right to request confirmation as to whether data concerning you is being processed and to obtain access to such data and further information.
Right to rectification (Art. 16 GDPR): You have the right to request the correction or completion of inaccurate data concerning you.
Right to erasure (Art. 17 GDPR): You have the right to request the immediate deletion of data concerning you.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of data processing.
Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used and machine-readable format.
Right to object (Art. 21 GDPR): You have the right to object to the future processing of data concerning you at any time.
Right to withdraw consent: You have the right to withdraw consents given at any time with effect for the future.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority.

The responsible authority for us is the State Office for Citizens and Regulatory Affairs, Friedrichstr. 219, 10969 Berlin.

Business Services

We process data of our contractual and business partners, e.g., customers and prospects, in the context of contractual or comparable legal relationships as well as associated communications and measures, such as responding to inquiries.

We process this data to fulfill our contractual obligations, including the provision of agreed services, any obligations to update, and remedy of defects in performance. The processing also serves to protect our rights, for administrative purposes, and for business organization.

In accordance with applicable legal provisions, we only disclose the data of our contractual partners if required for the aforementioned purposes or for fulfilling legal obligations. We provide information about other forms of processing (e.g., for marketing purposes) separately in this privacy policy.

Deletion is carried out in accordance with statutory requirements after the expiry of legal retention and limitation periods. If longer retention is necessary (e.g., due to tax law), the data will be stored accordingly.

Types of data processed: Inventory data, payment data, contact data, contract data
Data subjects: Service recipients and clients, interested parties, educational and course participants
Purposes of processing: Contract performance, communication, office and organizational procedures
Legal bases: Art. 6(1)(b) GDPR, Art. 6(1)(c) GDPR, Art. 6(1)(f) GDPR

Business Processes and Procedures

We process personal data of customers, prospects, business partners and other third parties as part of business operations. This includes accounting, customer management, finance and communication.

This processing is for fulfilling contractual obligations, organizing operations, and optimizing business processes. Additionally, it may be necessary to protect our rights, manage data, and comply with legal retention requirements.

Types of data processed: Inventory data, contact data, payment data, contract data
Data subjects: Customers, business partners, interested parties
Purposes of processing: Business processes, contract management, financial accounting, organization
Legal bases: Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR

Provision of Online Services and Web Hosting

We process user data to provide our online services. For this, we process the user’s IP address, which is necessary to deliver content and functionality to the browser or device.

Hosting provider: manitu GmbH, Welvertstraße 2, 66606 St. Wendel, Germany
Website: https://www.manitu.de
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

We also use hosting services to operate this website, including infrastructure, platform services, computing capacity, storage, database services, email delivery, security and technical maintenance.

Processing is based on our legitimate interest in providing this online service securely and efficiently.

Web Analytics and Google Analytics

We use the service “Google Analytics” provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google processes user data to analyze usage behavior within our online offering and to create reports on website activity.

Google Analytics uses cookies that are stored on your device. The information generated by these cookies about your use of this website is usually transmitted to and stored on a server operated by Google in the USA. We use Google Analytics with IP anonymization enabled.

Your IP address is shortened within the EU or EEA. Only in exceptional cases is the full IP address sent to a server in the USA and shortened there. The IP address transmitted by your browser will not be merged with other Google data.

Legal basis: Consent (Art. 6(1)(a) GDPR)
Opt-out: https://tools.google.com/dlpage/gaoptout
More information: https://policies.google.com/privacy

Social Media Plugins

Our online offering may include social plugins (“plugins”) of social networks such as Facebook or Instagram. These services are provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the provider’s servers. Personal data may be transmitted. If you are logged into your user account with the respective network, your visit to our website may be associated with your account.

Legal basis: Consent (Art. 6(1)(a) GDPR)
More information: https://www.facebook.com/policy.php

Use of Cookies

Our website uses cookies. These are small text files stored on your device that contain certain information. Cookies are used either based on your consent or our legitimate interest in optimizing and economically operating our online offering.

Cookies help make our offering more user-friendly, efficient, and secure. For example, they allow you to stay logged in or retain language settings.

Legal bases: Consent (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR)

You can prevent the storage of cookies by adjusting your browser settings. Stored cookies can be deleted at any time. Please note that disabling cookies may limit the functionality of this website.
We use the "Real Cookie Banner" consent tool to manage the use of cookies and similar technologies (tracking pixels, web beacons, etc.) and related consents. Details on how "Real Cookie Banner" works can be found at https://devowl.io/de/rcb/datenverarbeitung/.

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and the related consents, we use the consent tool "Real Cookie Banner." You can find details on how "Real Cookie Banner" works at https://devowl.io/de/rcb/datenverarbeitung/.

The legal bases for processing personal data in this context are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest lies in the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither legally nor contractually required, nor is it necessary for entering into a contract. You are not obliged to provide the personal data. However, if you do not provide the personal data, we cannot manage your consents.

Legal bases for the processing of personal data in this context are Art. 6(1)(c) and Art. 6(1)(f) GDPR. Our legitimate interest is in managing the use of cookies and related technologies and the consents given.

The provision of personal data is neither legally nor contractually required. You are not obliged to provide this personal data. If you do not provide the data, we cannot manage your consents.

Contact and Request Management

If you contact us (e.g. via contact form, email, phone or social media), we process your information to handle the contact request and its processing. The processed data includes name, contact details, and message content.

Types of data processed: Inventory data, contact data, content data
Data subjects: Communication partners
Purposes of processing: Handling inquiries, communication
Legal bases: Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR

This data is deleted once it is no longer necessary for the purpose of its collection. This is the case when the respective issue has been conclusively clarified and no legal retention obligations prevent deletion.