Privacy Policy

Last Updated: September 18, 2025

1. Introduction

Welcome to Energetic Youth ("we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website energetic-youth.com (the "Site") and use our online workshops and digital courses (the "Services").

Data Controller: Voctag UG (haftungsbeschränkt)
Simon-Dach-Straße 31
10245 Berlin, Germany
Email: support@energetic-youth.com
Company Registration: HRB 10470

Please read this privacy policy carefully. By accessing or using our Services, you agree to this privacy policy. If you disagree with any part of this privacy policy, please do not access the Site or use our Services.

2. Information We Collect

2.1 Information You Provide to Us

Account Information: When you register for an account, purchase courses, or contact us, we collect:

  • Name and contact information (email address, phone number)

  • Billing address and payment information

  • Username and password

  • Professional or educational background (if provided)

  • Course preferences and interests

Payment Information: We use third-party payment processors (Stripe and PayPal) to handle payment transactions. We do not store your credit card numbers or banking details on our servers.

Communications: When you contact us through our support channels or forms (powered by Tally), we collect the information you provide in your messages.

Course Participation: We collect information about your course progress, completion rates, quiz scores, and any content you submit as part of your learning experience.

2.2 Information Collected Automatically

Usage Data: We automatically collect information about how you interact with our Services, including:

  • Pages viewed and features used

  • Time spent on pages

  • Click patterns and navigation paths

  • Course engagement metrics

  • Device and browser information

Technical Data: When you visit our Site, we automatically collect:

  • IP address (anonymized)

  • Browser type and version

  • Operating system

  • Device identifiers

  • Time zone settings

  • Language preferences

  • Screen resolution

Cookies and Tracking Technologies: We use cookies and similar tracking technologies to enhance your experience. See Section 8 for detailed information about our cookie practices.

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Contract Performance (Art. 6(1)(b) GDPR): To provide you with our Services, process your orders, and manage your account.

Legitimate Interests (Art. 6(1)(f) GDPR): To:

  • Improve and optimize our Services

  • Ensure network and information security

  • Prevent fraud and abuse

  • Analyze usage patterns and trends

  • Send you service-related communications

Consent (Art. 6(1)(a) GDPR): For:

  • Marketing communications (you can withdraw consent anytime)

  • Non-essential cookies and tracking technologies

  • Processing of special categories of data (if applicable)

Legal Obligations (Art. 6(1)(c) GDPR): To comply with applicable laws, including tax and accounting requirements.

4. How We Use Your Information

We use the collected information for:

Service Delivery:

  • Creating and managing your account

  • Providing access to courses and workshops

  • Processing payments and refunds

  • Delivering customer support

  • Sending service-related notifications

Improvement and Personalization:

  • Personalizing your learning experience

  • Developing new features and courses

  • Analyzing usage patterns to improve our Services

  • Conducting research and analysis

Communication:

  • Responding to your inquiries

  • Sending course updates and reminders

  • Providing technical support

  • Sending marketing communications (with your consent)

Legal and Security:

  • Complying with legal obligations

  • Enforcing our terms and policies

  • Protecting against fraud and abuse

  • Ensuring platform security

5. Information Sharing and Disclosure

We share your information only in the following situations:

5.1 Service Providers

We share data with third-party service providers who assist us in operating our business:

Infrastructure and Hosting:

  • Supabase (database and authentication) - EU region hosting

  • Bunny CDN (content delivery) - EU-based operations

  • Cloudflare (security and performance) - Global infrastructure

Content Management:

  • Storyblok (CMS) - EU-based with DPA

Analytics and Marketing:

  • Google Analytics 4 (website analytics) - With IP anonymization

  • Facebook Pixel (advertising)

  • HubSpot (CRM and marketing) - With Standard Contractual Clauses

  • Customer.io (email marketing) - EU data residency

Payment Processing:

  • Stripe (payment processing) - PCI compliant

  • PayPal (payment processing) - Independent data controller

Other Tools:

  • Tally (form management) - GDPR compliant

  • Dub.co (link management) - Limited use with safeguards

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information where required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, prevent fraud, or ensure user safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5.4 Aggregated Information

We may share aggregated, anonymized information that cannot identify you personally for research, marketing, or other purposes.

6. International Data Transfers

As a German company serving international users, we may transfer your data outside the European Economic Area (EEA). We ensure appropriate safeguards through:

EU-US Data Privacy Framework: For transfers to US-based services certified under the framework (Cloudflare, Stripe, HubSpot).

Standard Contractual Clauses: For service providers not covered by adequacy decisions, we use EU-approved standard contractual clauses.

Technical Measures: We implement additional technical safeguards including:

  • Encryption in transit and at rest

  • Pseudonymization where possible

  • Access controls and monitoring

We conduct Transfer Impact Assessments for all international data transfers to ensure adequate protection levels.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account Data: Active as long as you maintain an account with us.

Financial Records: Tax-related documents retained for 10 years per German law (§ 147 AO), other commercial records for 6-8 years (§ 257 HGB).

Marketing Data: Until you unsubscribe or withdraw consent.

Technical Logs: Maximum 90 days for security and debugging purposes.

After retention periods expire, we securely delete or anonymize your data using industry-standard methods.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

Essential Cookies: Required for Site functionality, including authentication and security features. These cannot be disabled.

Analytics Cookies: Help us understand how visitors interact with our Site (Google Analytics 4, with consent).

Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness (Facebook Pixel, Google Ads, with consent).

Preference Cookies: Remember your settings and choices for a better experience.

8.2 Cookie Consent

We request your consent before placing non-essential cookies. You can manage your preferences through our cookie consent banner or browser settings. We honor Global Privacy Control (GPC) signals.

8.3 Third-Party Cookies

Some third-party services may set their own cookies. Please refer to their privacy policies:

  • Google: https://policies.google.com/privacy

  • Meta/Facebook: https://www.facebook.com/privacy/policy

  • Cloudflare: https://www.cloudflare.com/privacypolicy/

9. Your Privacy Rights

9.1 Rights for EEA Residents (GDPR)

If you are located in the European Economic Area, you have the following rights:

Access: Request a copy of your personal data we hold.

Rectification: Request correction of inaccurate or incomplete data.

Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal obligations.

Restriction: Request limited processing of your data in certain circumstances.

Data Portability: Receive your data in a structured, machine-readable format.

Objection: Object to processing based on legitimate interests or for direct marketing.

Withdraw Consent: Withdraw previously given consent at any time.

Automated Decision-Making: Right not to be subject to solely automated decisions with legal effects.

9.2 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights:

Right to Know: Request disclosure of personal information collected, used, disclosed, or sold.

Right to Delete: Request deletion of personal information, subject to exceptions.

Right to Correct: Request correction of inaccurate personal information.

Right to Opt-Out: Opt-out of the sale or sharing of personal information (we do not sell your data).

Right to Limit Use: Limit use and disclosure of sensitive personal information.

Right to Non-Discrimination: Not receive discriminatory treatment for exercising privacy rights.

9.3 Rights for Residents of Other US States

If you reside in Colorado, Connecticut, Utah, Virginia, or other states with privacy laws, you may have similar rights including access, deletion, correction, and opt-out rights. Contact us for state-specific information.

9.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: support@energetic-youth.com
Mail: Voctag UG, Simon-Dach-Straße 31, 10245 Berlin, Germany

We will respond to your request within 30 days (GDPR) or 45 days (CCPA), with possible extensions as permitted by law. We may request information to verify your identity before processing your request.

10. Children's Privacy

Our Services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you are under 16, please do not provide any personal information through our Services.

If we learn we have collected personal information from a child under 16 without parental consent, we will delete that information promptly. If you believe we might have information from or about a child under 16, please contact us immediately.

For users aged 16-18, we recommend parental involvement in decisions about sharing personal information online.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Technical Safeguards:

  • Encryption in transit (TLS/SSL) and at rest

  • Secure password requirements and multi-factor authentication

  • Regular security audits and vulnerability assessments

  • Firewalls and intrusion detection systems

  • Access controls and authentication protocols

Organizational Measures:

  • Limited access on a need-to-know basis

  • Employee confidentiality agreements

  • Regular privacy and security training

  • Incident response procedures

  • Vendor security assessments

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but commit to notifying you of any breaches as required by law.

12. Marketing Communications

With your consent, we may send you marketing emails about our courses, workshops, and related educational content. You can opt-out anytime by:

  • Clicking the "unsubscribe" link in any marketing email

  • Updating your preferences in your account settings

  • Contacting us at support@energetic-youth.com

Even if you opt-out of marketing, we may still send service-related communications necessary for your account.

13. Third-Party Links

Our Site may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

14. Do Not Track Signals

Our Site responds to Global Privacy Control (GPC) signals as a valid opt-out request under applicable privacy laws. For other Do Not Track signals, there is no universal standard, and we do not currently respond to such signals.

15. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the new privacy policy on this page

  • Updating the "Last Updated" date

  • Sending an email notification for significant changes

Your continued use of our Services after changes indicates acceptance of the updated policy.

16. Contact Information

For questions about this privacy policy or our privacy practices, please contact:

Data Protection Contact:
Voctag UG (haftungsbeschränkt)
Attn: Data Protection Officer
Simon-Dach-Straße 31
10245 Berlin, Germany
Email: support@energetic-youth.com
Phone: +49 0151/41407983

17. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law.

Lead Supervisory Authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin, Germany
Email: mailbox@datenschutz-berlin.de
Phone: +49 30 13889-0

For US Residents:
You may also contact your state's Attorney General's office. California residents may contact the California Privacy Protection Agency at https://cppa.ca.gov/

18. Accessibility

We are committed to ensuring this privacy policy is accessible to all users. If you need this information in an alternative format, please contact us at support@energetic-youth.com.

19. Jurisdiction and Applicable Law

This privacy policy is governed by German and EU law for EEA residents, and by applicable state law for US residents. Any disputes shall be resolved through the competent courts in Berlin, Germany, subject to applicable consumer protection laws.

20. Definitions

Personal Data/Information: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data, including collection, storage, use, or disclosure.

Data Controller: The entity that determines the purposes and means of processing personal data (Voctag UG).

Data Processor: An entity that processes personal data on behalf of the controller.

Consent: Freely given, specific, informed, and unambiguous indication of your agreement to the processing of your personal data.

Effective Date: September 18, 2025

This privacy policy was last reviewed and updated on September 18, 2025.