learning Locks

Create your own Educational Escape Rooms

Privacy Policy

of learninglocks.org

This Application collects some Personal Data from its Users.

This document can be printed for reference by using the print command in the settings of any browser.

1. Owner and Data Controller

Data Controller pursuant to Article 4(7) GDPR

Julia Weber

Owner contact email: admin@learninglocks.org

The data controller is responsible for the processing of personal data on this website.

2. Scope of Processing

This privacy policy informs users about the nature, scope, and purpose of the processing of personal data when visiting this website.

Personal data refers to any information relating to an identified or identifiable natural person within the meaning of Article 4(1) GDPR.

3. Access Data and Server Log Files

When accessing this website, the hosting provider automatically collects and stores information in so-called server log files. These may include:

  • IP address
  • Date and time of the request
  • Accessed page or file
  • Browser type and version
  • Operating system
  • Referrer URL

The processing of this data is based on Article 6(1)(f) GDPR (legitimate interest).
The legitimate interest lies in ensuring the technical functionality, security, and optimisation of the website.

Server log data is not merged with other data sources and is deleted after [retention period, e.g. 7–30 days], unless further retention is required for security reasons.

4. Contact via Email or Contact Forms

If users contact us via email or a contact form, the transmitted data (e.g. name, email address, message content) will be stored for the purpose of processing the request and responding to it.

The legal basis for this processing is Article 6(1)(b) GDPR (pre-contractual measures or contract performance) or Article 6(1)(f) GDPR (legitimate interest in communication).

The data will be deleted once the request has been fully processed and no legal retention obligations apply.

5. Cookies and Local Storage

This website may use cookies or local storage technologies that are technically necessary to ensure basic functionality.

The legal basis for the use of technically necessary cookies is Article 6(1)(f) GDPR.

If additional cookies (e.g. analytics or marketing cookies) are used, this will only occur with the user’s explicit consent pursuant to Article 6(1)(a) GDPR, collected via a cookie consent mechanism.

Users can restrict or disable cookies via their browser settings.

Consent Management

Where processing of personal data is based on consent pursuant to Article 6(1)(a) GDPR, consent is obtained via a cookie and consent banner displayed when users first visit this website.

Users may give or withhold consent separately for different categories of processing (e.g. technically necessary services, analytics, embedded third-party content).
Until consent is granted, consent-dependent services are not activated.

Consent can be withdrawn or modified at any time via the consent banner or the user’s browser settings.

6. Third-Party Services

If third-party services are used on this website (e.g. hosting providers, analytics tools, embedded content), personal data may be transferred to these providers.

Any such processing occurs only on the basis of a data processing agreement pursuant to Article 28 GDPR or on other lawful grounds.

Where data is transferred to third countries outside the EU/EEA, appropriate safeguards pursuant to Articles 44–49 GDPR are ensured (e.g. EU Standard Contractual Clauses).

6.1 Embedded Third-Party Content

This website may include embedded content from third-party providers (e.g. videos, documents, interactive elements, or external media).

When a page containing embedded third-party content is accessed, the respective provider may receive information that the user has visited this website. This may include:

  • IP address
  • Browser and device information
  • Date and time of access
  • Referrer URL

The integration of such content constitutes a data transfer to third parties.

6.2 Legal Basis

The legal basis for embedding third-party content is:

  • Article 6(1)(a) GDPR (consent), where prior consent is required, or
  • Article 6(1)(f) GDPR (legitimate interest), where the embedded content is technically necessary or serves a clear informational purpose.

The legitimate interest lies in providing functional, up-to-date, and pedagogically meaningful content.

Where consent is required, embedded content is only loaded after explicit user consent via a consent mechanism.

6.3 Responsibility of Third-Party Providers

Data processing by third-party providers occurs under their own responsibility within the meaning of Article 4(7) GDPR.

Further information on the purpose and scope of data processing by these providers can be found in their respective privacy policies.

6.4 Data Transfers to Third Countries

Where personal data is transferred to countries outside the EU/EEA (in particular the United States), such transfers take place only if appropriate safeguards pursuant to Articles 44–49 GDPR are in place.

These safeguards may include, in particular:

  • EU Standard Contractual Clauses
  • Adequacy decisions adopted by the European Commission

Nevertheless, it cannot be excluded that authorities in third countries may gain access to transferred data.

Users may request further information on the applicable safeguards by contacting the Data Controller.ntries may gain access to the transmitted data.

6.5 User Control and Consent

Users can prevent data transfers to third-party providers by:

  • not giving consent via the consent banner, where applicable
  • disabling third-party content in their browser settings
  • using privacy-enhancing browser extensions

Please note that disabling third-party content may limit the functionality of this website.

7. Data Subject Rights

Users have the following rights under the GDPR:

  • Right of access (Article 15 GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to erasure (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object to processing (Article 21 GDPR)

Users also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence or place of work.

8. Withdrawal of Consent

Where processing is based on consent pursuant to Article 6(1)(a) GDPR, users may withdraw their consent at any time with effect for the future.
The withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

9. No Automated Decision-Making

This website does not use automated decision-making or profiling within the meaning of Article 22 GDPR.

10. Data Security

Appropriate technical and organisational measures are implemented to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

11. Supervisory Authority

Users have the right to lodge a complaint with a data protection supervisory authority.

For users in the EU, this is generally the authority of their habitual residence or place of work.
The relevant supervisory authority for Germany or the Netherlands can be identified via the respective national data protection authority websites.

12. Updates to This Privacy Policy

This privacy policy may be updated to reflect legal, technical, or organisational changes.

Last updated: [10 Februrary 2026]