PRIVACY POLICY

We operate our websites in accordance with the principles set out below. We are committed to complying with all applicable data protection laws and regulations and consistently strive to observe the principles of data avoidance and data minimisation.

1. Name and Address of the Controller and the Data Protection Officer

Controller:
The controller within the meaning of the General Data Protection Regulation (GDPR), other national data protection laws of the Member States of the European Union, and other applicable data protection provisions is:

TTSmashCity UG (haftungsbeschränkt)
Konrad-Adenauer-Platz 28 53225 Bonn Germany
Email: contact@tt-smashcity.com
Website: www.tt-smashcity.com

2. Definitions

This Privacy Policy has been drafted in accordance with the principles of clarity and transparency.
If, however, any uncertainty remains regarding the use of specific terms, the corresponding definitions may be consulted here.

3. Legal Basis for Data Processing

a) Processing of Personal Data under the GDPR

We process personal data such as your first and last name, email address, IP address, and similar information only where a legal basis exists. In particular, the following legal bases under the GDPR may apply:

  • Article 6(1)(b) GDPR: Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
  • Article 6(1)(a) GDPR: The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Article 6(1)(c) GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Article 6(1)(d) GDPR: Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
  • Article 6(1)(e) GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Article 6(1)(f) GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

At the relevant sections of this Privacy Policy, we will expressly inform you of the specific legal basis on which your personal data is processed.

b) Consent of Legal Guardians pursuant to Article 8(1) sentence 2 alternative 2 GDPR

A legal guardian must consent to all data processing activities carried out on this website where the consent of a minor who has not yet reached the age of 16 is required.

Detailed information on the individual processing operations, their purposes, and the categories of data concerned that require the data subject’s consent can be found in this Privacy Policy.

Consent may be withdrawn at any time by submitting a revocation notice in text form to the contact details of the controller. The lawfulness of the processing carried out prior to the withdrawal remains unaffected.

c) Pocessing of Information pursuant to Section 25(1) TDDDG

We also process information pursuant to Section 25(1) of the German Telecommunications and Digital Services Data Protection Act (TDDDG) by storing information on, or accessing information from, your terminal device. This may include both personal and non-personal information, such as cookies, browser fingerprints, advertising identifiers, MAC addresses, and IMEI numbers.

A “terminal device” refers to any device that is directly or indirectly connected to the interface of a public telecommunications network for the purpose of transmitting, processing, or receiving messages, within the meaning of Section 2(2) No. 6 TDDDG.
As a rule, such processing is carried out on the basis of your consent pursuant to Section 25(1) TDDDG.

No consent is required where an exception under Section 25(2) Nos. 1 or 2 TDDDG applies. Such an exception exists where access to or storage of information is strictly necessary either for the transmission of a communication via a public telecommunications network or in order to provide a telemedia service expressly requested by you.
You may withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

4. Disclosure of Personal Data

The disclosure of personal data also constitutes processing within the meaning of Section 3 above. However, we would like to specifically inform you at this point about the disclosure of data to third parties. The protection of your personal data is of utmost importance to us. For this reason, we exercise particular care when transferring your data to third parties.

Personal data is disclosed to third parties only where a valid legal basis exists. For example, we may disclose personal data to individuals or entities that act as processors on our behalf pursuant to Article 28 GDPR. A processor is any natural or legal person who processes personal data on our behalf, in particular within a relationship subject to our instructions and control.

In accordance with the requirements of the GDPR, we enter into a data processing agreement with each of our processors in order to contractually oblige them to comply with applicable data protection regulations and to ensure comprehensive protection of your personal data.

5. Storage Period and Deletion

We delete your personal data as soon as it is no longer necessary for the purposes for which it was collected or otherwise processed, unless further processing is required for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims.

6. SSL / TLS Encryption

For security reasons and to protect the transmission of confidential content, such as enquiries sent to us as the website operator, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the change in the browser’s address bar from “http://” to “https://” and by the lock symbol displayed in your browser. When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

7. Use of AI Systems (Artificial Intelligence)

For the purpose of optimising our processes and improving your personalised user experience on our website, your personal data may be processed using artificial intelligence (AI) technologies. In particular, AI is used to:
  • generate forecasts,
  • perform data analyses,
  • identify and mitigate security vulnerabilities, and
  • make routine processes more efficient.
The AI systems used operate in accordance with the principles of the GDPR. Any decisions that produce legal effects concerning you or similarly significantly affect you are not made solely by automated processing, but are subject to meaningful human involvement.

8. Cookies

We use cookies on our website. Cookies are small data files that your browser automatically creates and stores on your terminal device when you visit our website. Cookies are used to store information relating to the terminal device used in each case.
When using cookies, a distinction is made between technically necessary cookies and other cookies. Technically necessary cookies are those that are strictly required in order to provide an information society service expressly requested by you.

a) Technically Necessary Cookies

To make the use of our services more convenient for you, we use technically necessary cookies. These may include so-called session cookies (e.g. for language and font selection, shopping cart functionality), consent cookies, and cookies required to ensure server stability and security. The legal basis for the use of these cookies is Article 6(1)(f) GDPR, based on our legitimate interest in ensuring the error-free operation of the website and in providing our services in an optimised manner.

b) Other Cookies

Other cookies include cookies used for statistical purposes as well as for analysis and marketing purposes.
These cookies are used only on the basis of your consent pursuant to Article 6(1)(a) GDPR.

You may withdraw your consent to the use of cookies at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

To do so, you may adjust your cookie settings on our website, disable the use of cookies in your browser settings (which may, however, restrict the functionality of the online services), or set an opt-out for the respective service in individual cases.

Within this Privacy Policy, we inform you for each service of the specific legal basis on which the relevant data is processed.

9. Cookie Banner / Consent Management

To obtain consent for the cookies we use, we employ the cookie banner provided by LearnWorlds (CY) Ltd, Gladstonos 120, Foloune Building, 2nd Floor, B1, Limassol, 3032, Cyprus.

This service itself sets a so-called consent cookie in order to query and process the respective consent status. This consent cookie is technically necessary and is therefore used on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR in conjunction with Section 25(1) TDDDG.

For the use of certain services provided by the Google/Alphabet group, we apply Google Consent Mode v2 (Basic Mode). Further details on this consent mode can be found on Google’s developer documentation pages.
https://developers.google.com/tag-platform/security/guides/consent?hl=de&consentmode=advanced.

The use of Consent Mode is technically necessary to ensure the lawful and functional integration of certain services and is therefore carried out on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR.

10. Collection and Storage of Personal Data and the Nature and Purpose of Their Use

a) External Hosting

Our website is hosted by LearnWorlds Ltd., 20 Karaiskaki Street, Limassol, 3032, Cyprus. For this reason, all personal data collected on our website is stored on the servers of our hosting provider, unless a third-party external service is integrated.
This may include, in particular, IP addresses, email addresses, communication data, or similar information. Details of the specific personal data concerned are provided below in the descriptions of the individual functions and services used. Where external third-party services are used, this is expressly stated in the description of the respective service or tool.

The hosting provider processes your data solely on our instructions and only to the extent necessary to provide the services offered on the website. The hosting provider does not process the data for its own purposes. We have concluded a data processing agreement with the hosting provider pursuant to Article 28 GDPR.

b) When Visiting the Website

When you access our website, information is automatically transmitted by the browser used on your terminal device to the server of our website. This information is temporarily stored in so-called log files.
The following information is collected automatically and stored until automated deletion:
  • IP address of the requesting device
  • date and time of access
  • name and URL of the retrieved file
  • website from which access is made (referrer URL)
  • browser used and, where applicable, the operating system of your device, as well as the name of your internet service provider

We process the above data for the following purposes:
  • ensuring a smooth connection to the website,
  • ensuring a convenient use of our website,
  • evaluating system security and stability,
  • error analysis, and
  • further administrative purposes.

Data that allows conclusions to be drawn about your identity, such as the IP address, is deleted no later than seven (7) days after collection. If data is stored beyond this period, it is pseudonymised so that it can no longer be attributed to you.
The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes for data collection listed above. Under no circumstances do we use the collected data to draw conclusions about your person.

c) Shop System

We use the shop system provided by LearnWorlds Ltd., 20 Karaiskaki Street, Limassol, 3032, Cyprus, to offer our goods and services.

The data you provide in the course of using the shop system is therefore also processed by our shop system provider for the purpose of operating the online shop. In addition, the shop system may set further cookies.
For this purpose, we have concluded a data processing agreement and/or the EU Standard Contractual Clauses with the provider.

Further information on data protection at LearnWorlds can be found at:
https://www.learnworlds.com/privacy-policy/

d) Cloudflare

We use a so-called Content Delivery Network (“CDN”) and a web application firewall for protection against DDoS attacks on our website. These services are provided by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA (“Cloudflare”).
In this context, Cloudflare may process IP addresses, information relating to traffic routing, system configuration data, and other information concerning traffic to and from websites.

From a technical perspective, the CDN routes the data transfer between your browser and our server via Cloudflare’s network in order to optimise the loading speed of our website. The web application firewall is intended to prevent fraudulent transactions, unauthorised access to services, and other unlawful activities.

Processing is carried out pursuant to Article 6(1)(f) GDPR on the basis of our legitimate interest in the secure, efficient provision of our website and in improving its stability and functionality.

We have concluded the EU Standard Contractual Clauses (Data Processing Addendum) with Cloudflare.

Further information can be found in Cloudflare’s Privacy Policy at:
https://www.cloudflare.com/privacypolicy/

e) Contractual Relationship

(1) Conclusion of Contract
In the course of establishing a contractual relationship, only those personal data that are strictly necessary for the performance of the contract are processed pursuant to Article 6(1)(b) GDPR. Where you provide additional information on a voluntary basis, such data is processed solely on the basis of your consent pursuant to Article 6(1)(a) GDPR. We use such voluntary information to offer a customer-friendly service and to continuously improve it.
 
(2) Customer Account
You have the option to create a customer account with us. In addition to personal data required for contract performance, your voluntary information and your previous purchases made with us are stored and processed.

You may access this information at any time and obtain an overview of your past purchases. The purpose of this processing is to allow you to log in easily using your credentials for future purchases and to assist you in managing your purchasing activities.
The legal basis for this processing is your consent pursuant to Article 6(1)(a) GDPR.

You may modify or delete the data stored in your customer account at any time or delete the entire account. If you do so, the customer account and all data contained therein will be deleted immediately.

(3) Disclosure of Data When Using Online Payment Service Providers
If you choose to pay using one of the online payment service providers offered during the ordering process, your contact data will be transmitted to the selected provider as part of the order process.

The lawfulness of this data transfer is based on Article 6(1)(b) GDPR for the execution of the selected payment method and on our legitimate interests pursuant to Article 6(1)(f) GDPR in enabling a user-friendly and efficient payment process.

The personal data transmitted to the payment service provider typically includes first and last name, address, telephone number, IP address, email address, and other data required to process the order, as well as transaction-related data such as number of items, item numbers, invoice amount, tax rates, and billing information.

This transmission is necessary to process your order using the selected payment method, in particular to confirm your identity, administer the payment, and manage the customer relationship.

Please note that personal data may also be disclosed by the payment service provider to service providers, subcontractors, or affiliated companies where this is necessary to fulfil contractual obligations arising from your order or where data is processed on their behalf.

Depending on the selected payment method (e.g. invoice or direct debit), the personal data transmitted to the provider may be forwarded to credit reference agencies. This transmission serves identity verification and creditworthiness checks. Information on which credit agencies are involved and which data is generally processed, stored, and disclosed can be found in the respective privacy policies of the providers.

Stripe
Stripe Payments Europe, Ltd, Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, dpo@stripe.com, https://stripe.com/de/privacy

(4) Credit Card Payments
If you choose to pay by credit card, we collect and process the personal data necessary for payment processing and transmit it to the card-issuing institution in order to complete the payment and comply with legal requirements, such as customer authentication pursuant to the EU Payment Services Directive (PSD2).

The transfer of this data takes place for the performance of the contract pursuant to Article 6(1)(b) GDPR and for compliance with our legal obligations pursuant to Article 6(1)(c) GDPR in conjunction with Directive (EU) 2015/2366 (PSD2) and the German Payment Services Supervision Act (ZAG) for fraud prevention and law enforcement.

The technical processing of credit card payments is carried out by Stripe Payments Europe, Ltd, Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, which has been commissioned pursuant to Article 28 GDPR to handle payment transactions, including the implementation of the 3D Secure 2.0 procedure.

Additional recipients of the data are the banks involved in the transaction, namely the card-issuing bank (issuer) and the merchant’s acquiring bank (acquirer).

Stripe’s Privacy Policy is available at:
https://stripe.com/de/privacy

f) Google Sign-In

We offer you the option to register or log in using Google Sign-In. This takes place exclusively on the basis of your explicit consent pursuant to Article 6(1)(a) GDPR.

Google Sign-In is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For registration or login, you will be redirected to Google, where you can log in using your Google credentials.

By linking your Google account with our service, we receive the following data from Google Ireland Limited:
• first and last name,
• user ID,
• email address,
• profile picture.

Further information on Google Sign-In and privacy settings can be found in Google’s privacy notices and terms of use.

g) Apple Sign-In

You also have the option to register or log in using Apple Sign-In, operated by Apple Inc. This takes place exclusively on the basis of your explicit consent pursuant to Article 6(1)(a) GDPR.

You will be redirected to Apple’s website to log in using your Apple credentials. This links your Apple profile with our service.
By linking accounts, we automatically receive the following data from Apple:
• first and last name,
• user ID,
• email address,
• profile picture.

Further information on data protection in connection with Apple can be found at:
https://www.apple.com/legal/privacy/

h) Contact Form

We provide a contact form on our website that allows you to contact us at any time. The provision of a name for personal addressing and a valid email address is required so that we know who the enquiry originates from and can respond to it.

If you submit enquiries via the contact form, your details from the enquiry form, including the contact data provided and your IP address, are processed pursuant to Article 6(1)(b) and (f) GDPR for the purpose of carrying out pre-contractual measures at your request and in pursuit of our legitimate interest in conducting our business operations.

Enquiries and the associated data are deleted no later than three (3) months after receipt, unless they are required for the initiation or continuation of a contractual relationship.

i) Google Fonts

We use Google Fonts on our website to enable the uniform display of fonts. Google Fonts is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The integration of these web fonts is carried out via a server request, usually to a Google server in the United States. In the process, the following information may be transmitted to and stored by Google:
• name and version of the browser used,
• referring website (referrer URL),
• operating system,
• screen resolution,
• IP address of the requesting device,
• language settings of the browser or operating system.

Further information on data protection in relation to Google Fonts can be found at:
https://developers.google.com/fonts/faq/privacy
https://www.google.com/policies/privacy/
The use of Google Fonts serves to improve readability and the visual presentation of our website and is carried out on the basis of your consent pursuant to Article 6(1)(a) GDPR.

j) Google Tag Manager

We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a management tool that allows other tracking and/or analytics tools to be centrally administered and deployed.

When you visit our website, Google Tag Manager processes your IP address, which may also be transferred to the United States. However, Google Tag Manager itself does not create user profiles or carry out independent analyses.

The use of Google Tag Manager is based on your consent pursuant to Article 6(1)(a) GDPR.
We have concluded a data processing agreement with Google.
Google’s Privacy Policy is available at:
https://www.google.com/policies/privacy/

k) Use of Google reCAPTCHA

We use Google reCAPTCHA on our website, in particular in connection with our contact forms, to distinguish whether entries are made by a human or by automated, abusive machine processing. The service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We have a legitimate interest in protecting our web services from abusive automated access and spam.
When reCAPTCHA is used, your IP address and any other data required by Google for the provision of the reCAPTCHA service are transmitted to Google and processed there.

You must accept Google’s terms of use in order to use reCAPTCHA. A corresponding checkbox is provided for this purpose.
IP anonymisation is activated on this website, meaning that your IP address is truncated by Google within EU Member States or other EEA contracting states. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and truncated there.

On our behalf, Google uses this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCAPTCHA is not merged with other Google data. Google’s separate data protection provisions apply to this data.
We have concluded a data processing agreement with Google.

Further information on Google’s data protection practices can be found at:
https://www.google.com/policies/privacy/

Due to the integration of reCAPTCHA, Google Fonts are also dynamically loaded by Google without this being actively triggered by the website operator or visitor. This involves a server request, usually to a Google server in the United States, during which the following data may be transmitted and stored:
• name and version of the browser used,
• referring website (referrer URL),
• operating system,
• screen resolution,
• IP address of the requesting device,
• language settings of the browser or operating system.

The use of Google reCAPTCHA is based on your consent pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time.

11. Analytics and Tracking Tools

We use the analytics and tracking tools listed below on our website. These tools help us to continuously optimise our website and to tailor it to users’ needs.

We use these tools on the basis of your consent pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time by changing your cookie settings. Processing carried out prior to withdrawal remains lawful.

The respective purposes of processing and the categories of data processed can be found in the information provided for each tool. Please note that we have no influence on whether and to what extent the service providers carry out further processing operations.

a) Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analytics uses cookies in this context (see Section 8). The information generated by the cookie about your use of this website, such as:
• name and version of the browser used,
• operating system of your device,
• referring website (referrer URL),
• IP address of the requesting device,
• time of the server request,
is generally transmitted to and stored on a Google server in the United States.

Your IP address is automatically anonymised by Google before it is recorded via EU domains and servers. As a result, your IP address is not logged or stored.

On our behalf, Google uses this information to evaluate your use of our website, to compile reports on website activity, and to provide us with other services related to website and internet usage. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
We have concluded a data processing agreement with Google.

More information on Google Analytics and data protection can be found here:
https://support.google.com/analytics/answer/6004245

b) Google Ads Conversion Tracking

We use Google Ads, an online advertising programme provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In this context, conversion tracking is also used.
Google Ads sets a cookie on your terminal device when you access our website via a Google advertisement. This cookie is not intended to personally identify you.

If you visit our website while the cookie is still active, Google and we can recognise that you clicked on a particular advertisement and were redirected to our website. Each Google Ads customer receives a different cookie, meaning cookies cannot be tracked across the websites of different Ads customers.

The data collected via conversion cookies is used to create conversion statistics for Google Ads customers. We thereby learn the total number of users who clicked on our advertisement and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that would enable us to identify you personally.

When Google Ads is used, your browser automatically establishes a direct connection to Google’s server. If you have a Google account and are logged in, Google may associate your visit with your account. If you do not have a Google account, Google assigns you a unique identifier. We have no influence on what further data Google collects and stores.

We have implemented the Google function “enhanced conversions” on our website. This means data collected by us such as email address, name, address, or telephone number may be captured in conversion tracking tags and transmitted to Google in hashed form, where it may be used to match it with existing customers who have Google accounts.

Further information on enhanced conversions can be found at:
https://ads.google.com/intl/de_de/home/privacy/solutions/enhanced-conversions-for-web/
We have concluded a data processing agreement with Google.

Further information on Google’s data protection practices can be found at:
http://www.google.de/policies/privacy/

c) Meta Conversion Pixel (Meta Pixel)

We use the Meta Conversion Pixel (“Meta Pixel”), an analytics and marketing tool provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).

Using the Meta Pixel, Meta can track users’ behaviour after they have been redirected to our website via a Meta advertisement. This enables us to measure the effectiveness of our Meta ads for statistical and market research purposes (“conversion measurement”), to create and refine target groups (“custom audiences”), and to deliver interest-based advertising. If you are logged into Meta services (e.g. Facebook or Instagram), Meta may attribute visits to your profile and evaluate them across devices.

The Meta Pixel enables the collection of so-called event data (e.g. “PageView”, “ViewContent”, “AddToCart”, “Purchase”, including order value and currency), technical information from HTTP headers (including IP address, user agent, referrer URL), device and browser data, pixel ID, and timestamps.

For certain processing activities of event data within the scope of Meta Business Tools, we and Meta act as joint controllers. The distribution of responsibilities is governed by Meta’s “Controller Addendum” (Article 26 GDPR; available at de-de.facebook.com/legal/controller_addendum) in conjunction with the “Business Tools Terms” (facebook.com/legal/technology_terms). Under these terms, we are responsible in particular for obtain
ing a valid legal basis (consent), the correct implementation of the pixel, and providing transparency information. Meta assumes primary responsibility, among other things, for facilitating data subject rights regarding event data processed by Meta after transmission and for the security of Meta systems.

You may exercise your rights (e.g. access, erasure) either against us or against Meta. As a rule, no data processing agreement pursuant to Article 28 GDPR is concluded for the Meta Pixel; instead, the above joint controller arrangement applies.
For further information, please refer to Meta’s privacy information:
https://www.facebook.com/about/privacy

d) LinkedIn Conversion Tracking

We use the conversion tracking function of LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). This allows us to target you with advertisements after you have visited our website. LinkedIn also provides reporting showing the success of our advertisements and how users generally interact with our website.

If you were logged into LinkedIn before visiting our website, LinkedIn may recognise this within the conversion tracking process and associate you as a visitor with your LinkedIn account.

We have concluded a data processing agreement with LinkedIn.
Further information can be found in LinkedIn’s Privacy Policy:
https://www.linkedin.com/legal/privacy-policy?_l=de_DE

You can also opt out of interest-based advertising via LinkedIn at:
https://www.linkedin.com/psettings/enhanced-advertising

e) TikTok Pixel

We use the TikTok Pixel operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom, which act as joint controllers within the European Economic Area.

The TikTok Pixel is a TikTok advertiser tool. It is a JavaScript code snippet that allows us to view and track the activities of visitors on our website. For this purpose, information about visitors to our website and their devices (so-called event data) is collected and processed.

The purpose of processing this event data includes targeting our ads, improving ad delivery, and personalised advertising. The event data is transmitted to TikTok.

With regard to the collection and transmission of event data, we and TikTok act as joint controllers. We have therefore entered into an agreement with TikTok on joint processing. Under this agreement, we are responsible for providing you with the information required under Articles 13 and 14 GDPR regarding the joint processing. TikTok is responsible for enabling data subjects to exercise their rights pursuant to Articles 15 to 20 GDPR.

You can access the agreement between us and TikTok at:
https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms

For processing operations that occur after the transmission of event data, TikTok acts as the sole controller. Further information on how TikTok processes personal data, including the legal basis relied upon by TikTok and the options for exercising your rights against TikTok, can be found in TikTok’s Privacy Policy:
https://www.tiktok.com/legal/privacy-policy?lang=de-DE

f) LinkedIn Analytics

We use LinkedIn Analytics, a web analytics service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”).

LinkedIn Analytics uses cookies in this context (see Section 8). The information generated by the cookie about your use of this website, such as:
• login data,
• device information,
• IP addresses,
is logged and may be transferred to a LinkedIn server in the United States and stored there.

On our behalf, LinkedIn uses this information to evaluate your use of our website, to compile reports on website activity, and to provide us with other services related to website and internet usage. The IP address transmitted by your browser in the context of LinkedIn Analytics is not merged with other LinkedIn data.

We have concluded a data processing agreement with LinkedIn.
LinkedIn’s Privacy Policy is available at:
https://www.linkedin.com/legal/privacy-policy

12. Image, Audio and Video Embedding

LearnWorlds Video Player:
We embed course videos via the LearnWorlds Video Player provided by LearnWorlds (CY) Ltd, Gladstonos 120, Foloune Building, 2nd Floor, B1, 3032 Limassol, Cyprus. Depending on configuration, videos may be hosted on LearnWorlds infrastructure or via connected video services. Delivery may also take place via content delivery networks.

When you play a video, a connection is established to the servers of LearnWorlds and/or the respective video platform, and information is transmitted regarding which of our pages you have visited. In this context, IP address, date/time, device and browser information, referrer URL, and event data relating to video playback may be processed. If you are logged into your user account, access may be attributed to your profile; you can prevent this by logging out before visiting the website.

For operation, LearnWorlds uses technically necessary cookies or comparable technologies (e.g. to store playback progress and settings).

The purposes of processing are the provision of video playback for our online courses, including stability, security and delivery performance, the determination of course progress, error analysis, and the needs-based display of video content.

Further information is available at:
https://www.learnworlds.com/privacy-policy/

For registered users and course participants, the legal basis is performance of a contract or the implementation of pre-contractual measures pursuant to Article 6(1)(b) GDPR, since video playback is an essential component of the course service. For non-registered users, the legal basis is your consent pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future by changing the cookie settings on our website.
We have concluded

13. Rights of the Data Subject

You have the following rights:

a) Right of Access

Pursuant to Article 15 GDPR, you have the right to request information about the personal data we process concerning you. This right of access includes information about:
• the purposes of processing,
• the categories of personal data concerned,
• the recipients or categories of recipients to whom your personal data has been or will be disclosed,
• the envisaged storage period or, if not possible, the criteria used to determine that period,
• the existence of the right to rectification, erasure, restriction of processing, or objection,
• the existence of a right to lodge a complaint with a supervisory authority,
• the source of your personal data, where the data was not collected from you, and
• the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved.

b) Right to Rectification

Pursuant to Article 16 GDPR, you have the right to obtain the rectification of inaccurate personal data concerning you without undue delay. You also have the right to have incomplete personal data completed.

c) Right to Erasure (“Right to be Forgotten”)

Pursuant to Article 17 GDPR, you have the right to request the erasure of your personal data without undue delay, unless further processing is required for one of the following reasons:
• the personal data is still necessary for the purposes for which it was collected or otherwise processed,
• for exercising the right of freedom of expression and information,
• for compliance with a legal obligation under EU or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
• for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR,
• for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right referred to above would be likely to render impossible or seriously impair the achievement of the objectives of that processing, or
• for the establishment, exercise, or defence of legal claims.

d) Right to Restriction of Processing

Pursuant to Article 18 GDPR, you have the right to request the restriction of processing of your personal data where one of the following applies:
• you contest the accuracy of the personal data,
• the processing is unlawful and you oppose the erasure of the personal data,
• we no longer need the personal data for the purposes of processing, but you require it for the establishment, exercise, or defence of legal claims, or
• you have objected to processing pursuant to Article 21(1) GDPR.

e) Right to Notification

Where you have exercised your right to rectification, erasure, or restriction of processing pursuant to Articles 16, 17, or 18 GDPR, we shall notify all recipients to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients. 

f) Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format.

You also have the right to request the transmission of such data to another controller, provided that the processing is carried out by automated means and is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR.

g) Right to Withdraw Consent

Pursuant to Article 7(3) GDPR, you have the right to withdraw any consent you have given to us at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.
Following withdrawal, we will no longer process personal data based on the withdrawn consent.

h) Right to Lodge a Complaint

Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR.

i) Right to Object

Where your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, on grounds relating to your particular situation or where the objection concerns direct marketing.

In the case of direct marketing, you have an unconditional right to object, which will be implemented without requiring reasons related to your particular situation.

To exercise your right of withdrawal or objection, it is sufficient to send an email to:
contact@tt-smashcity.com

j) Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This does not apply where the decision:
i. is necessary for entering into or performing a contract between you and us,
ii. is authorised by EU or Member State law to which we are subject and such law provides suitable measures to safeguard your rights and freedoms and legitimate interests, or
iii. is based on your explicit consent.

However, such decisions may not be based on special categories of personal data pursuant to Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and appropriate safeguards are in place to protect your rights, freedoms, and legitimate interests.
In the cases referred to in points (i) and (iii), we implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention, to express your point of view, and to contest the decision.

14. Amendments to the Privacy Policy

If we amend this Privacy Policy, the changes will be indicated on the website and registered users will be informed accordingly.

Last updated: 7 January 2026