LEGAL

Last updated: April 2026 · This privacy policy is drafted to meet the substantive and linguistic requirements of the GDPR, the TDDDG (German Telecommunications and Digital Services Data Protection Act) and the EU AI Act. Before any legally binding use, we recommend a final review by a qualified law firm.

1. Data controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data-protection laws as well as further data-protection provisions is:

Rahel Modrach
Jump into German
Paul-Lange-Bey-Strasse 45 A, 14476 Potsdam OT Fahrland, Germany
Email: info@jumpintogerman.com
Phone: +49 170 9000209

There is currently no legal obligation for our company to appoint a data protection officer.

2. General information on data processing

We process personal data of our users only insofar as this is necessary to provide a functional website together with our content and services, or where you have given your consent.

The legal bases are in particular Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (b) GDPR (contract and pre-contractual measures) and Art. 6 (1) (f) GDPR (legitimate interest). For storing information on your device and accessing it, Section 25 TDDDG (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz / German Telecommunications and Digital Services Data Protection Act; the successor to the former TTDSG, in force since May 2024) additionally applies.

3. Hosting

This website is operated on servers of a hosting provider located in Germany. When the website is accessed, technically required data are recorded in server log files (in particular IP address, date and time of access, file requested, volume of data transferred, browser type, operating system). The legal basis is Art. 6 (1) (f) GDPR; our legitimate interest is the stable, secure and functional operation of the website. Log files are stored for a maximum of 14 days and then deleted or anonymized. A data-processing agreement pursuant to Art. 28 GDPR is in place with the hosting provider.

4. Cookies and consent management (Real Cookie Banner Pro)

We use the consent management tool Real Cookie Banner Pro from devowl.io GmbH, Tannet 1, 94539 Grafling, Germany, to obtain, log and manage consent for non-essential cookies and similar technologies.

Before non-essential cookies are set or external scripts are triggered, you will be asked for your consent (Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR). Strictly necessary cookies are set without consent on the basis of Section 25 (2) No. 2 TDDDG and Art. 6 (1) (f) GDPR. The services, cookies and storage periods listed in the banner are maintained dynamically and kept up to date in the cookie manager; you can open it at any time via the “Cookie settings” link in the footer to change your settings or withdraw your consent with effect for the future.

Consent records (anonymized IP address, timestamp, browser information, cookie ID, selected options) are stored for up to 36 months in order to fulfill the duty of evidence under Art. 7 (1) GDPR.

5. Web analytics with Google Analytics 4 (via Google Site Kit)

Note (as of 2026-04-28): This tool is currently not active. The following description becomes relevant again once the tool is reactivated.

On the basis of your consent (Art. 6 (1) (a) GDPR, Section 25 (1) TDDDG), we use Google Analytics 4 from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, USA). The integration is implemented through the WordPress plugin Google Site Kit together with Google Consent Mode v2.

No personal data are transmitted to Google before consent has been given. Following consent, pseudonymous usage statistics are collected (e.g. pages visited, time spent, geographical region at city level, device and browser information, traffic source). The IP address is processed in truncated form by Google. The retention period is limited to 14 months.

A transfer of data to the USA cannot be excluded. Google LLC has been certified under the EU-US Data Privacy Framework (DPF) since 10 July 2023; the European Commission’s adequacy decision pursuant to Art. 45 GDPR forms the legal basis for the transfer. In addition, Standard Contractual Clauses (Implementing Decision (EU) 2021/914) are used. As of April 2026, the DPF remains valid following confirmation by the General Court of the European Union (judgment of 3 September 2025, T-553/23); no “Schrems III” proceedings have been initiated to date.

6. Tag management with Google Tag Manager

We use Google Tag Manager from Google Ireland Ltd. solely for the technical management and control of marketing and analytics tags (see Section 7). Google Tag Manager itself does not set any cookies of its own and does not execute consent-requiring tags before consent has been given. A transfer of data to the USA cannot be excluded; the same transfer mechanisms as described in Section 5 apply.

7. Marketing tags (only with consent)

Note (as of 2026-04-28): This tool is currently not active. The following description becomes relevant again once the tool is reactivated.

Where you have given your consent via the cookie banner, we load the following third-party tags via Google Tag Manager. The legal basis in each case is Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG.

• Meta Pixel (Facebook and Instagram) of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland — measurement of advertising-campaign performance and interest-based advertising. Third-country transfer to the USA is possible; Meta Platforms Inc. is DPF-certified.
• LinkedIn Insight Tag of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland — performance measurement and interest-based advertising. Third-country transfer to the USA is possible; LinkedIn Corporation is DPF-certified.
• Google Ads conversion tracking of Google Ireland Ltd. — measurement of advertising-campaign performance.

A transfer of data to the respective US parent companies cannot be excluded. A detailed, up-to-date service list including purpose, retention period and recipients is available in the cookie manager in the footer.

8. Performance: WP Rocket

To accelerate the website, we use the caching plugin WP Rocket of WP Media SAS, 22 Rue du Général Foy, 75008 Paris, France. WP Rocket sets two strictly necessary cookies (e.g. wp_rocket_pending_requests, wpr_optimized) to deliver optimized content. No personal data is transmitted to third parties. The legal basis is Section 25 (2) No. 2 TDDDG and Art. 6 (1) (f) GDPR (legitimate interest in a high-performing website).

9. Security: Solid Security

We use the security plugin Solid Security from StellarWP LLC, 2700 Las Vegas Blvd S, Las Vegas, NV 89109, USA. The plugin logs access attempts to the login area, blocks suspicious requests and detects brute-force attacks. The data processed include IP address, timestamps and login attempts. Processing takes place locally on the server of our German hosting provider; in normal operation, no data are transferred to StellarWP LLC. The legal basis is Art. 6 (1) (f) GDPR; our legitimate interest is the defense against attacks on the website.

10. Contact forms and enquiries

If you submit enquiries via the HR briefing form, the general contact form or the lead-magnet download (“Language Needs Check”), the information you provide (in particular name, email, company, request) will be stored by us for the purpose of handling the enquiry and for the case of follow-up questions for up to 24 months. The legal basis is Art. 6 (1) (b) GDPR (initiation of a contractual relationship) or Art. 6 (1) (a) GDPR (consent for the lead-magnet download). The data will be deleted as soon as they are no longer required for the purpose for which they were collected, unless statutory retention obligations apply.

11. Newsletter and lead-magnet delivery with Brevo

Note (as of 2026-04-28): This tool is currently not active. The following description becomes relevant again once the tool is reactivated.

For sending the lead magnet and our newsletter, we use the provider Brevo (Sendinblue SAS, 7 Rue de Madrid, 75008 Paris, France). Brevo processes the transmitted data on our behalf on the basis of a data-processing agreement pursuant to Art. 28 GDPR. The servers are located in the European Union.

Sign-up uses the double opt-in procedure: after entering your email address, you will receive a confirmation email containing a link that you must click in order to confirm. The IP address as well as the times of registration and confirmation are stored as proof. The legal basis is Art. 6 (1) (a) GDPR. You may withdraw your consent at any time with effect for the future, for example via the unsubscribe link in every email or by message to info@jumpintogerman.com.

Where Brevo uses machine-learning functions to optimize sending times or for recommendation algorithms, this is done exclusively on our behalf, without automated individual decisions with legal effect within the meaning of Art. 22 GDPR and without profile-building evaluation of your content.

12. Appointment booking with Microsoft Bookings

For scheduling discovery calls, we use Microsoft Bookings, a service of Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. The data submitted (in particular name, email address, requested appointment, optional notes) are processed in the controller’s Microsoft 365 account for the purpose of organizing the appointment. The legal basis is Art. 6 (1) (b) GDPR (pre-contractual measures).

A transfer of data to the USA cannot be excluded. Microsoft Corporation is certified under the EU-US Data Privacy Framework; in addition, Standard Contractual Clauses (Implementing Decision (EU) 2021/914) are used.

13. Multilingualism (Polylang)

To provide our website in several languages, we use the plugin Polylang from WP SYNTEX SAS, France. Polylang sets one strictly necessary cookie (pll_language) to store the language you have selected. No personal data are transmitted to third parties. The legal basis is Section 25 (2) No. 2 TDDDG and Art. 6 (1) (f) GDPR.

14. Information on the use of artificial intelligence (EU AI Act)

In line with Article 50 of Regulation (EU) 2024/1689 (KI-Verordnung / EU AI Act), we inform you about the use of AI systems in connection with this website:

• Some of the visual content was created with the generative AI tool Adobe Firefly. The images carry Content Credentials following the C2PA standard, which identify them as AI-generated.
• There is no direct interaction with an AI system (e.g. chatbot or AI agent) on this website. Should a chatbot be deployed in the future, this will be made transparent at the interface itself.
• Marketing and analytics tools we use (e.g. Brevo, Google Analytics 4) may make limited use of algorithmically optimized functions. Automated individual decisions with legal effect within the meaning of Art. 22 GDPR do not take place.

15. Rights of data subjects

You have the right at any time to:

• access the data stored about you (Art. 15 GDPR),
• rectify inaccurate data (Art. 16 GDPR),
• erasure of your data (Art. 17 GDPR),
• restriction of processing (Art. 18 GDPR),
• data portability (Art. 20 GDPR), and
• object to processing (Art. 21 GDPR).

Where processing is based on consent, you have the right to withdraw it at any time with effect for the future (Art. 7 (3) GDPR). The lawfulness of processing carried out on the basis of consent up to its withdrawal remains unaffected.

You also have the right to lodge a complaint with a data-protection supervisory authority (Art. 77 GDPR). The competent authority in particular is:

Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg
Stahnsdorfer Damm 77, 14532 Kleinmachnow
Phone: +49 33203 356-0
Email: poststelle@lda.brandenburg.de

16. Transfers to third countries

Where personal data are transferred to service providers based or processing data outside the European Economic Area (EEA) — in particular Google LLC, Meta Platforms Inc., LinkedIn Corporation and Microsoft Corporation in the USA — this takes place on the basis of one of the following safeguards:

• your explicit consent (Art. 49 (1) (a) GDPR),
• the recipient’s EU-US Data Privacy Framework certification (European Commission adequacy decision of 10 July 2023, Art. 45 GDPR; substantively confirmed by the General Court of the EU on 3 September 2025),
• the Standard Contractual Clauses adopted by the European Commission (Implementing Decision (EU) 2021/914, Art. 46 (2) (c) GDPR).

Where necessary, additional technical and organizational measures are agreed with recipients. A detailed, service-specific overview is available in the cookie manager.

17. Data security

During your visit to the website, we use up-to-date TLS encryption (HTTPS). We also take appropriate technical and organizational measures pursuant to Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously reviewed and adjusted in line with technological developments.

18. Updates and changes to this privacy policy

This privacy policy was last updated in April 2026. As our website and services evolve, and as a result of changes to legal or regulatory requirements — for example new versions of the AI Act, the EU Data Act, or follow-up decisions on the EU-US Data Privacy Framework — it may become necessary to amend this policy. The most recent version of this privacy policy can be accessed on this page at any time.