How we collect, process, and protect your personal data — in full accordance with the General Data Protection Regulation (GDPR).
Last updated: March 2026
The party responsible for the processing of personal data (the controller) within the meaning of the General Data Protection Regulation (GDPR) is:
Steinert MigrationGuide GmbH Hoferstr. 9 B, 71636 Ludwigsburg, Germany E-Mail: wecare@migration-check.com
We process personal data only where a valid legal basis exists under Article 6 GDPR. Applicable bases include:
You have given us clear consent to process your personal data for a specific purpose.
Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
Processing is necessary for compliance with a legal obligation to which we are subject.
Processing is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such interests are overridden by your fundamental rights and freedoms.
Our web infrastructure is provided by two European hosting providers. All servers are located within the European Union and are subject to GDPR.
Our web servers are operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Hetzner processes connection logs (IP address, request data, timestamps) as a processor on our behalf under a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR. Privacy policy: https://www.hetzner.com/legal/privacy-policy
Our databases are hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. IONOS processes data as a processor under a DPA. Database access is restricted and encrypted in transit. Privacy policy: https://www.ionos.de/terms-gtc/datenschutzerklaerung/
We integrate the following third-party services to provide our product. Each is subject to a Data Processing Agreement and processes only the data strictly necessary for its function.
Brevo (Sendinblue SAS, 7 rue de Madrid, 75008 Paris, France) is our transactional email provider. We transfer your email address and name to Brevo solely to deliver sign-in confirmations and service notifications. Brevo processes this data under a DPA as a processor (Art. 6(1)(b) GDPR). Privacy policy: https://www.brevo.com/legal/privacypolicy/
If you book a consultation, we use Calendly (Calendly LLC, Atlanta, GA, USA). Calendly processes your name, email, and selected time slot. Data transfers to the USA are covered by the EU-US Data Privacy Framework (DPF) adequacy decision (July 2023) and Standard Contractual Clauses (SCCs). Privacy policy: https://calendly.com/privacy
For video consultations, we may use Zoom Video Communications, Inc. (San Jose, CA, USA). Zoom processes connection data and, where consented, meeting recordings. Data transfers to the USA are covered by the EU-US Data Privacy Framework (DPF) adequacy decision and Standard Contractual Clauses (SCCs). Privacy policy: https://zoom.us/privacy
We offer WhatsApp (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland) as an optional contact channel. If you choose to contact us via WhatsApp, Meta will process your messages and associated metadata. This channel is entirely opt-in and not required to use our service. Privacy policy: https://www.whatsapp.com/legal/privacy-policy
Paid services are processed through FastSpring (Bright Market, LLC, 801 Garden St., Santa Barbara, CA 93101, USA), acting as our merchant of record. FastSpring collects and processes all payment data directly and is independently responsible for PCI-DSS compliance. We do not store credit card numbers or full payment details. Privacy policy: https://fastspring.com/privacy/
Credit and debit cards, PayPal, Klarna (Sofortüberweisung), giropay, and bank wire transfer.
FastSpring transfers to the USA are covered by Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework (DPF). Transaction records are retained by FastSpring for the duration required by applicable law.
As a data subject, you have the following rights under Chapter III of the GDPR. To exercise any of these rights, contact us at wecare@migration-check.com. We will respond within 30 days.
You have the right to obtain confirmation of whether we process personal data about you and, where applicable, access to that data and supplementary information.
You have the right to request correction of inaccurate personal data and completion of incomplete data without undue delay.
You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and no other legal basis exists.
Where processing is based on consent or a contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
You have the right to object at any time to processing based on legitimate interests (Art. 6(1)(f) GDPR), including profiling. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
You have the right to lodge a complaint with a supervisory authority. The competent authority for Baden-Württemberg is: Landesbeauftragter für den Datenschutz und die Informationsfreiheit (LfDI BW), Lautenschlagerstraße 20, 70173 Stuttgart, poststelle@lfdi.bwl.de. Website: https://www.baden-wuerttemberg.datenschutz.de/
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law.
Commercial and tax records are retained for 10 years pursuant to §§ 147 AO, 257 HGB. Account and usage data is deleted upon account closure or upon request. Log data (access logs, error logs) is deleted after 90 days. Consent records are retained for a minimum of 3 years to demonstrate compliance.
Upon expiry of retention periods, data is securely deleted or anonymised.
We may update this privacy policy from time to time to reflect changes in our data processing practices, legal requirements, or new services. Where changes are material, we will notify registered users by email or via a prominent notice on our website. The date of the most recent revision is indicated at the top of this page. Continued use of our services after the effective date constitutes acceptance of the updated policy.
For any questions regarding the processing of your personal data or to exercise your rights, contact our data protection team at wecare@migration-check.com. We respond within 30 days.