Privacy Policy

Last Updated: February 3, 2026

Effective Date: February 3, 2026

At OpenCourseWorld ("we," "us," or "our"), we are committed to protecting your privacy and handling your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services.

By using our website at https://opencourseworld.com, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

1. Information We Collect

• Name and contact information (email address, phone number)
• Account registration details
• Payment and billing information
• Course enrollment and progress data
• Communications with our support team
• Survey responses and feedback
• Newsletter subscription information

1.1 Personal Information You Provide

When you interact with our website or services, you may voluntarily provide us with certain personally identifiable information, including but not limited to:

• IP address and geographic location
• Browser type and version
• Operating system
• Pages viewed and time spent on pages
• Referring website addresses
• Cookies and similar tracking technologies (see our Cookie Policy for details)
• Device identifiers and characteristics

1.2 Information Automatically Collected

When you visit our website, we automatically collect certain information about your device and browsing activity:

2. How We Use Your Information

We use the information we collect for various purposes, including:

• Providing and maintaining our educational services
• Processing course enrollments and payments
• Personalizing your learning experience
• Communicating with you about courses, updates, and promotional offers
• Responding to your inquiries and providing customer support
• Analyzing usage patterns to improve our website and services
• Detecting and preventing fraud and security threats
• Complying with legal obligations
• Sending administrative information and updates
• Conducting research and analytics to enhance our offerings

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

• Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., newsletter subscription, cookies)
• Contract: Processing is necessary to fulfill our contractual obligations to you (e.g., providing purchased courses)
• Legal Obligation: Processing is necessary to comply with legal requirements
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention and service improvement, provided these interests do not override your rights

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: We work with trusted third-party service providers who assist us in operating our website, conducting business, or serving our users (e.g., payment processors, email service providers, hosting providers). These parties are contractually obligated to protect your data and use it only for specified purposes.
• Legal Requirements: We may disclose your information when required by law, legal process, or governmental request, or to protect our rights, property, or safety.
• Business Transfers: If OpenCourseWorld is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.
• With Your Consent: We may share your information with your explicit consent for specific purposes not covered above.

5. International Data Transfers

OpenCourseWorld is based in Germany. If you access our services from outside the European Economic Area (EEA), your information may be transferred to and processed in Germany or other countries.

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms.

6. Data Retention

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention schedule.

• Account information: Retained while your account is active and for up to 2 years after account closure
• Transaction records: Retained for 10 years to comply with tax and accounting regulations
• Marketing communications: Retained until you unsubscribe or request deletion
• Analytics data: Typically anonymized and retained for up to 3 years
• Legal hold data: Retained as required by law or ongoing legal proceedings

7. Your Rights Under GDPR

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

• Right of Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data under certain circumstances
• Right to Restriction of Processing: You can request that we limit how we use your data
• Right to Data Portability: You can request to receive your data in a structured, commonly used format
• Right to Object: You can object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time
• Right to Lodge a Complaint: You can file a complaint with your local data protection authority

8. Data Security

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

• Encryption of data in transit and at rest using industry-standard protocols
• Secure socket layer (SSL) technology for all data transmissions
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection and privacy
• Incident response procedures
• Regular backups and disaster recovery plans

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

You can control cookie preferences through your browser settings and our cookie consent banner displayed on your first visit.

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information from our systems.

11. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to registered users (for significant changes)
• Displaying a prominent notice on our website

13. Data Protection Officer

For questions about this Privacy Policy or our data practices, you can contact our Data Protection Officer at:

Email: [email protected]
Address: OpenCourseWorld Data Protection Officer, Friedrichstraße 41, 01067 Dresden, Germany

14. Supervisory Authority

If you are located in the EU/EEA and have concerns about our data practices that we have not adequately addressed, you have the right to lodge a complaint with your local data protection supervisory authority. For Germany, this is:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn, Germany
Website: www.bfdi.bund.de