Privacy Policy
Version 4.1 — Last update: 20 August 2025
When you visit expath.de (hereinafter referred to as "Website") or use the services offered on it, personal data about you may be processed, i.e. your data may be collected, stored, used, and transmitted. In accordance with Articles 13 and 14 of the EU General Data Protection Regulation (GDPR), this data protection policy informs you about this processing and your related rights.
1. Identity and Contact Details of the Data Controller
Expath Training & Consulting GmbH
Torstr. 117
10119 Berlin
Germany
Email: hello@expath.com
Website: expath.de (formerly expath.com)
2. General Principles of Data Processing
We process personal data of our users only to the extent necessary to provide a functional website and our services. Processing takes place on the basis of consent (Art. 6(1)(a) GDPR), contractual necessity (Art. 6(1)(b) GDPR), legal obligations (Art. 6(1)(c) GDPR), or legitimate interests (Art. 6(1)(f) GDPR).
Personal data will be erased or restricted as soon as the purpose of its storage has been fulfilled, unless longer storage is required by law.
3. Your Rights
Under the GDPR you have the right to:
- request access to your data (Art. 15),
- request rectification (Art. 16),
- request erasure (Art. 17),
- restrict processing (Art. 18),
- data portability (Art. 20),
- object to processing (Art. 21),
- withdraw consent at any time (Art. 7(3)), and
- lodge a complaint with a supervisory authority (Art. 77).
4. Website Hosting and Log Files
Our website is hosted by Hetzner Online GmbH, Germany.
When you access the website, the following data is automatically collected in server log files:
- browser type and version,
- operating system,
- referrer URL,
- hostname of the accessing computer,
- IP address,
- date and time of access.
This data is processed for technical reasons and to ensure system security (Art. 6(1)(f) GDPR). Log files are deleted after 30 days.
5. Cookies and Consent Management
We use Cookiebot to manage user consent in accordance with GDPR and the German TTDSG.
Types of Cookies
- Essential cookies (technical operation, security, language settings, etc.) – Art. 6(1)(f) GDPR; §25(2) TTDSG.
- Analytical cookies (Google Analytics, Matomo, etc.) – only with consent, Art. 6(1)(a) GDPR.
- Marketing cookies (ActiveCampaign tracking after newsletter signup, etc.) – only with consent, Art. 6(1)(a) GDPR.
You can revoke or adjust your consent at any time via the cookie banner.
6. Analytics and Tracking
Google Analytics
We use Google Analytics 4, implemented via Google Tag Manager, with IP anonymization enabled. Google collects information about website usage (e.g. page views, session duration, referrer). This data may be transferred to Google servers in the USA under EU standard contractual clauses.
Legal basis: your consent (Art. 6(1)(a) GDPR; §25(1) TTDSG).
Matomo
We also use Matomo Analytics, self-hosted within the EU. Matomo collects anonymized statistical data such as page visits, referrers, and time spent. IP addresses are truncated.
Legal basis: your consent (Art. 6(1)(a) GDPR).
7. Contact via Email and Forms
All contact forms on this site are provided via Typeform. If you contact us by form or email, the personal data you provide (e.g. name, email address, relocation details, course inquiries) will be stored and used to process your request (Art. 6(1)(b) GDPR).
Sharing with Partners
Expath acts as the first point of contact and may forward your inquiry to the relevant partner:
- Deutschable and All on Board for German classes.
- Start Relocation and Red Tape Translation for relocation, coaching, or translation services.
Expath itself does not handle purchases; these are processed by the respective partner. Data is only shared when necessary to respond to your inquiry.
8. Newsletter and Email Automation
We use ActiveCampaign (ActiveCampaign LLC, Chicago, USA; operated via Deutschable) to manage newsletters and automations. When you subscribe to our newsletter, your email address and consent are recorded.
Only after you subscribe will ActiveCampaign track your interactions, such as opening emails, clicking links, visiting our website, or making a purchase through one of our partners. This information helps us send you relevant content.
Transfers to the USA are safeguarded by EU standard contractual clauses. A Data Processing Agreement (DPA) is in place.
You can unsubscribe at any time via the link in our emails.
9. Video Hosting
Videos on this site are hosted with Vimeo (Vimeo Inc., New York, USA) via the account of our partner Deutschable. When you play a video, Vimeo may collect technical and statistical data (e.g. IP address, browser details, usage behavior). Transfers to the USA are safeguarded by EU standard contractual clauses.
10. Corporate Profiles on Social Networks
We maintain company profiles on the following social networks:
- LinkedIn (LinkedIn Ireland Unlimited Company, Dublin)
- Facebook (Meta Platforms Ireland Ltd., Dublin)
- Instagram (Meta Platforms Ireland Ltd., Dublin)
These profiles are used for communication, community building, and recruiting. When you interact with our profiles (e.g., comment, like, message), your data is processed by the respective platform according to its own privacy policy.
We do not store this data in our own systems unless you contact us directly through email or our website.
11. Changes to this Policy
We reserve the right to update this privacy policy at any time. Changes will be published on this page.