Data protection

Privacy policy

  1. Information on the collection of personal data 

1.1 In the following we inform you about the collection of personal data when using our website in connection with the participation in online tutoring by heytimi GmbH i.Gr. Personal data are all data that can be related to you personally, for example name, address, e-mail addresses, order information, user behavior. 

1.2 Responsible for the following data collection and processing is heytimi GmbH i.Gr., Auenstraße 28, 80469 Munich, phone number 089 38037999, e-mail Contact point for customer concerns is our data protection officer, Mr. RA Alexander Quick

. In addition, data subjects can send a possible objection to

1.3 When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. As otherwise, we delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations. 

  1. Collection of personal data

2.1 If you visit our website for the purpose of booking online tutoring, we collect the following data required for the performance of the contract and for pre-contractual measures as part of a registration process (legal basis is Article 6 (1) sentence 1 lit. b DSGVO):

- inventory data such as surname, first name, sex, address, place of residence and date of birth, school subject, type of school

- Contact information such as email address or phone number

- Date and time of the request.

2.2 The purpose of this data collection is to process your application and to send you further contract-relevant information on online tutoring. In addition, we process your personal data to protect our legitimate interests and after careful consideration of the interests of the data subject pursuant to Article 6 (1) sentence 1 lit. f DSGVO for the assertion of legal claims, including debt collection and defense in legal disputes, for data analysis and the preparation of statistics to improve the online tutoring service, for the administration, further development and marketing of online tutoring, for purposes of IT security and for authentication and fraud prevention.

2.3 In addition to the data mentioned in section 2.1, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the body that sets the cookie (in this case by us). Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall. 

2.4 Use of Cookies: 

2.4.1 This website uses the following types of cookies, the scope and functionality of which are explained below: 

- Transient cookies (see 2.4.2) 

- Persistent cookies (see 2.4.3). 

2.4.2 Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser. 

2.4.3 Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time. 

2.4.4 The basis for the use of cookies - insofar as they are not required for the operation of our website or for statistics and analyses (legal basis is Article 6 (1) sentence 1 lit. b DSGVO or Article 6 (1) sentence 1 lit. f DSGVO) - is your consent (legal basis is Article 6 (1) sentence 1 lit. a DSGVO). You can set your browser to set or block cookies. Furthermore, you can set that all cookies are deleted at the end of the session or make deletions individually manually. Please note that in the event that some cookies are blocked or deleted, the functionalities of our website will only be available to you to a limited extent or no longer. In particular, in this case you will not be able to access your personal profile or receive content tailored to you personally.

2.5 When using our websites for information purposes only, without registration, we only collect the personal data that your browser transmits to our server.

  1. Collection of personal data for e-mail contact

If you contact us (for example, by contact form or email), we store your information for processing the request and in the event that follow-up questions arise. This is also our legitimate interest pursuant to Article 6 (1) sentence 1 lit. f DSGVO. We only store and use further personal data if you consent to this or if this is legally permissible without special consent.

  1. Disclosure of personal data to third parties

4.1 In principle, we only use your personal data within our company for the fulfilment of contracts and pre-contractual measures (legal basis is Article 6 (1) sentence 1 lit. b DSGVO).

4.2 In addition, in certain cases we are legally obliged to make personal data available to German and international authorities, Article 6 (1) sentence 1 lit. c DSGVO.

  1. your rights 

5.1 You have the following rights in relation to personal data relating to you:

- Right of access to categories of data processed, purposes of processing, possible recipients of the data, planned storage period (Article 15 GDPR); 

- Right to rectify or complete inaccurate or incomplete data (Article 16 GDPR); 

- Right to revoke the consent given at any time with effect for the future (Article 7 (3) DSGVO);

- Right to object to data processing that is to be carried out on the basis of a legitimate interest, on grounds relating to your particular situation (Article 21(1) DSGVO); 

- Right to erasure of data in certain cases (Article 17 GDPR);

- Right to restriction of processing, insofar as deletion is not possible or the obligation to delete is disputed (Article 18 DSGVO); 

- Right to data portability (Article 20 GDPR). 

5.2 You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us (Article 77 (1) DSGVO). The competent supervisory authority in data protection matters is the state data protection commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link:

  1. Duration of storage in accordance with section 1.3 of this data protection notice

Stored data will be deleted as soon as the contractual relationship has been terminated and all related matters have been settled, unless otherwise required by law. After conclusion of the contract, only the data that serves the anonymous evaluation for the improvement of the offer and, with corresponding consent, the notification of individual offers, innovations and marketing measures will be stored permanently.

  1. Plugins and tools

7.1 Our website uses plugins of the website YouTube operated by Google. The operator of the website is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) sentence 1 lit. f DSGVO. Further information on the handling of user data can be found in YouTube's privacy policy at:

  1. Payment provider

8.1 On our website we offer, among other things, payment via Apple Pay. The provider of this payment service is Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. If you select payment via Apple Pay, payment processing is carried out via the "Apple Pay" function of your terminal device running iOS, watchOS or macOS by charging a payment card deposited with "Apple Pay". Apple Pay uses security functions that are integrated into the hardware and software of your device to protect your transactions. For the release of a payment, the entry of a code previously defined by you as well as the verification by means of the "Face ID" or "Touch ID" function of your terminal device is therefore required. For the purposes of payment processing, the information you provide during the checkout process, along with information about your order, will be shared with Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm the success of the payment.

Insofar as personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b DSGVO.

Apple retains anonymised transaction data, including the approximate amount of the purchase, the approximate date and time, and whether the transaction was completed successfully. Anonymization completely eliminates the possibility of any personal reference. Apple uses the anonymised data to improve Apple Pay and other Apple products and services. When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay", and uncheck "Allow payments on Mac".

For more information about Apple Pay privacy, please visit the following web address:

8.2 On our website, we also offer payment via Google Pay. The provider of this payment service is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. If you select payment via Google Pay, payment processing is carried out via the "Google Pay" application of your mobile end device running at least Android 4.4 ("KitKat") and having an NFC function by charging a payment card deposited with Google Pay or a payment system verified there (e.g. PayPal). For the release of a payment via Google Pay in the amount of more than €25, the prior unlocking of your mobile device by the respective verification measure set up (such as facial recognition, password, fingerprint or pattern) is required. For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the source website, with which a completed payment is verified. This transaction number does not contain any information about the real payment data of your payment means deposited in Google Pay, but is created and transmitted as a one-time valid numeric token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the payment means deposited with Google Pay.

Insofar as personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b DSGVO.

Google reserves the right to collect, store and analyse certain transaction-specific information for each transaction made through Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photos that you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description for the reason for the transaction and, if applicable, the offer associated with the transaction. According to Google, this processing is carried out exclusively in accordance with Art. 6(1)(f) DSGVO on the basis of the legitimate interest in proper billing, verification of transaction data and optimisation and functional maintenance of the Google Pay service. Google also reserves the right to merge the processed transaction data with further information collected and stored by Google when using other Google services. The terms of use of Google Pay can be found here: Further information on data protection at Google Pay can be found at the following Internet address:

8.3 On our website we also offer the payment via SEPA direct debit. Hereby the heytimi GmbH i.Gr. is authorized to collect payments from the given account via direct debit. At the same time the account holder instructs his credit institute to honour the direct debits drawn on his account by the heytimi GmbH i.Gr.

8.4 Finally, you have the option of choosing to pay by credit card(MasterCard or VISA). The MasterCard provider is MasterCard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium. MasterCard Europe is a subsidiary of MasterCard Incorporated, the holding company of MasterCard. MasterCard Incorporated is a private corporation incorporated under the laws of the United States and reports to the U.S. Securities and Exchange Commission (SEC).

The VISA provider is Visa Europe Management Services Limited, German Branch, Neue Mainzer Strasse 66-68, 60311 Frankfurt. When you pay via MasterCard or VISA, we will collect your payment data (such as card number, card sequence number, verification number, card type, card expiry date, amount, date, time) and pass them on to your merchant bank MasterCard or VISA (acquirer) as well as the bank from which you receive your credit card (issuer). The processing and forwarding of payment data is based on your consent in accordance with Art. 6 Para.1 lit. a DSGVO, for the implementation of pre-contractual measures and fulfilment of the contract in accordance with Art. 6 Para.1 lit. b DSGVO as well as for the protection of our legitimate interests or those of a third party in accordance with Art. 6 Para.1 lit. f DSGVO. The purpose of the collection and transfer of the data are as follows: Enabling payment processing, Verification and execution of your payment by the acquirer to us, Prevention of card misuse and limiting the risk of non-payment, Secure transfer of your data in accordance with legal requirements and the regulations of the credit card organization Settlement of the fees we owe to your bank. For more information on MasterCard and Visa data protection, please click here: and

  1. Cookies

9.1 Analytical cookies

These cookies help us improve our understanding of user behavior. Analytics cookies enable the compilation of usage and identification data by the original provider or third-party providers into pseudonymous usage profiles. For example, we use analytics cookies to track the number of unique visitors to a website or service, to collect statistical data about the performance of our products, and to analyze visitor usage patterns and visitor interactions based on anonymous and pseudonymous information. This information cannot be traced back to an individual. The legal basis for these cookies is Article 6 (1) p. 1 lit. a DSGVO.



Storage period

Involved as

Google Inc.

web analytics

180 days

9.2 Marketing Cookies/Referral

These cookies and similar technologies are used to enable the display of personalised and therefore relevant marketing content. Marketing cookies are used to offer interesting web content and to measure the effectiveness of our campaigns. This is done not only on the websites of heytimi GmbH i.Gr., but also on the websites of other advertising partners (third-party providers). This is also called retargeting and is used to create a pseudonymised interest profile and to activate relevant advertising on other websites. This information cannot be traced back to an individual. Marketing and retargeting cookies help us serve you advertising content that is potentially relevant to you. If you suppress marketing cookies, you will continue to see the same number of ads, but they may be less relevant to your interests. The legal basis for these cookies is Article 6 (1) p. 1 lit. a DSGVO.



Storage period

Involved as

Google Inc.

web analytics

180 days

  1. Storage and printing

You can save and print this privacy policy at any time. (Link)

Status of the data protection information 26.01.2020