Legal

Privacy Policy

How Aufsky Education collects, uses, stores, and protects your personal information — and your rights under GDPR.

1. Data controller

Aufsky Education
Altenessener Straße 162, 45326 Essen, Germany
Email: privacy@aufsky.com
General contact: Contact form

2. Personal data we collect

Depending on how you use our services, we may process:

  • Identity and contact data (name, email, phone, address, nationality, country of residence)
  • Account credentials (managed via AWS Cognito — we do not store plain-text passwords)
  • Education and career data (qualifications, CV, applications, visa-related documents)
  • Communication content (contact messages, consultation bookings, support)
  • Newsletter email address (only after double opt-in confirmation)
  • Technical data (IP address in server logs, cookies — see our Cookie Policy)

3. Purposes and legal bases

  • Contract / pre-contract — Processing applications, consultations, and services you request
  • Consent — Newsletters, non-essential cookies, marketing embeds (e.g. YouTube)
  • Legitimate interests — Security, fraud prevention, improving our services
  • Legal obligation — Where required for compliance or official procedures

4. Third-party processors

We use trusted providers to operate our platform. Data may be processed by:

  • Amazon Web Services (EU) — Cognito (authentication), AppSync/DynamoDB (data), S3 (file storage), SES (email), hosted in eu-north-1 (Stockholm)
  • Email provider — Transactional email (Zoho SMTP or AWS SES, as configured)
  • YouTube / Google — Embedded videos only if you accept marketing cookies
  • Social platforms — Links only (Facebook, LinkedIn, WhatsApp, etc.); no automatic data transfer until you interact

5. Retention

  • Active student/application records — for the duration of our service relationship and as required for legal/accounting purposes
  • Contact form messages — typically up to 24 months unless a longer period is required
  • Newsletter data — until you unsubscribe or withdraw consent
  • Cookie consent records — up to 182 days (see Cookie Policy)
  • Server/audit logs — limited retention for security and compliance

6. International transfers

Our primary hosting is in the European Union. If data is transferred outside the EEA (e.g. by a future sub-processor), we ensure appropriate safeguards such as Standard Contractual Clauses where required.

7. Your rights

Under GDPR you may have the right to access, rectify, erase, restrict, object, and data portability. You may withdraw consent at any time (without affecting prior lawful processing).

Submit a request via our Data Rights page or email privacy@aufsky.com. We respond within 30 days. You may lodge a complaint with your local supervisory authority.

8. Security

We use HTTPS, access controls, role-based permissions for staff, encrypted authentication via Cognito, and rate limiting on public forms. See also our Terms of Use.

9. Cookies

See our Cookie Policy for details on categories and how to manage preferences.

Last updated: May 2026.

See also: Privacy Policy · Cookie Policy · Terms of Use · Impressum · Your Data Rights