GDPR Compliance

Last updated: October 22, 2025

GDPR Compliance at LernMission

LernMission is fully committed to complying with the General Data Protection Regulation (GDPR) and German Bundesdatenschutzgesetz (BDSG). As an educational and social impact initiative, we take your privacy seriously and ensure all data processing is lawful, fair, and transparent.

Your Data Rights in the EU

As a user in Germany or the European Union, you have the following rights under GDPR:

1. Right to Access (Art. 15 GDPR)

You can request a copy of all personal data we hold about you, including:

  • Your full name and contact information (WhatsApp, Email)
  • Area of interest and learning preferences
  • Earned badges, credits, and certificates
  • Learning activity history and mentor connections
  • Impact contribution records

How to exercise: Send “Data Request” via WhatsApp or use our contact form

2. Right to Rectification (Art. 16 GDPR)

If your data is incorrect or incomplete, you can request corrections.

Examples:

  • Update your area of interest
  • Change your WhatsApp number or email
  • Correct your name on certificates

3. Right to Erasure / “Right to be Forgotten” (Art. 17 GDPR)

You can request deletion of your personal data at any time.

How to exercise: Send “Delete My Data” via WhatsApp, and we’ll process within 30 days

4. Right to Data Portability (Art. 20 GDPR)

You can receive your data in a machine-readable format (JSON/CSV) to transfer to another service.

You gave us consent to contact you via WhatsApp. You can withdraw this consent anytime.

How to exercise: Simply send “Unsubscribe” or “Stop” via WhatsApp

6. Right to Object (Art. 21 GDPR)

You can object to certain types of data processing, such as analytics or profiling.

We process your data based on:

  1. Consent (Art. 6(1)(a) GDPR)

    • WhatsApp communications (you explicitly agreed via checkbox)
    • Email communications (if provided)
    • Participation in specific learning programs

  2. Legitimate Interest (Art. 6(1)(f) GDPR)

    • Improving educational content quality and matching
    • Platform security and fraud prevention
    • Measuring social impact of our educational programs
    • Analytics to enhance learning outcomes

  3. Performance of Contract (Art. 6(1)(b) GDPR)

    • Delivering learning challenges and courses you signed up for
    • Issuing certificates and badges
    • Facilitating mentor connections

WhatsApp & GDPR

Why We Use WhatsApp

WhatsApp is our primary communication channel because it’s:

  • ✅ Widely used in Germany
  • ✅ End-to-end encrypted
  • ✅ Familiar and easy to use

GDPR Compliance for WhatsApp

  • We ask explicit consent before contacting you (checkbox on signup form)
  • You can opt out anytime by sending “Stop” or “Unsubscribe”
  • We only send educational content and learning challenges, not advertising or promotional material
  • We use WhatsApp for:
    • Learning challenge delivery
    • Mentor group invitations
    • Community updates and achievements
    • Social impact reports
  • WhatsApp is owned by Meta (EU-US Data Privacy Framework compliant)

Data Transfer

WhatsApp data may be transferred to Meta servers outside the EU. This is covered by:

  • Standard Contractual Clauses (SCCs)
  • EU-US Data Privacy Framework
  • Your explicit consent

Data Security

We protect your data with:

  • 🔒 SSL/TLS Encryption: All web traffic encrypted
  • 🔒 Secure Storage: Data stored on GDPR-compliant servers in EU
  • 🔒 Access Controls: Only authorized team members can access data
  • 🔒 Regular Audits: Security reviews every 6 months
  • 🔒 WhatsApp Encryption: End-to-end encrypted messages

Data Sharing

We do NOT share your data with:

  • ❌ Advertisers
  • ❌ Data brokers
  • ❌ Social media platforms (except WhatsApp for communication)
  • ❌ Third-party marketers

We may share data with:

  • WhatsApp/Meta: To send you messages (with your consent)
  • Hosting Provider: To store website data (EU-based servers)
  • Legal Authorities: Only if legally required

Children’s Privacy

FutureBridge is for users aged 16 and above (GDPR Art. 8). We do not knowingly collect data from children under 16. If a parent discovers their child has provided data, please contact us immediately for deletion.

Cookies

We use minimal cookies:

  • Essential Cookies: Session management, security (no consent needed)
  • Preference Cookies: Language selection, theme choice
  • No Advertising Cookies
  • No Third-Party Tracking Cookies

You can disable cookies in your browser, but some features may not work.

Data Breach Notification

In case of a data breach affecting your personal data:

  • We’ll notify you within 72 hours (GDPR requirement)
  • We’ll inform the German Data Protection Authority (BfDI)
  • We’ll explain what happened and what we’re doing about it

International Data Transfers

  • Primary Storage: EU-based servers (Germany preferred)
  • WhatsApp: May involve Meta servers in USA (with adequate safeguards)
  • Backup: EU-only data centers

All transfers comply with GDPR Chapter V requirements.

Automated Decision-Making

We do NOT use:

  • ❌ Automated decision-making
  • ❌ Profiling that significantly affects you
  • ❌ AI-based decisions without human review

Your learning group assignments are based on your explicitly chosen interest category.

Changes to This Policy

We’ll notify you of any changes via:

  • Email (if provided)
  • WhatsApp announcement
  • Notice on our website

Major changes require renewed consent.

Supervisory Authority

If you’re unhappy with our data practices, you can complain to:

Germany:

Contact Our Data Protection Officer

WhatsApp: Contact via WhatsApp
Contact Form: Submit inquiry
Response Time: Within 30 days (GDPR requirement)

LernMission is committed to GDPR compliance. This policy was drafted in accordance with EU Regulation 2016/679 (GDPR) and German BDSG.

LernMission is an independent, non-profit educational initiative. We prioritize learning and social impact over commercial interests.