HZL Consulting GmbH and its subsidiaries and affiliates (“HZL Consulting,” “we,” “us,” or “our”) thank you for visiting the online and mobile resources we operate and publish. We use the words “you” and “your” to refer to you, the reader and visitor to our online and mobile resources, who is in all cases over the age of 13. This Privacy Statement (“this statement,” “this privacy statement,” or “our statement”) explains: what personal information we collect and from whom, how and why we use it, with whom we share it and why, and how we work to protect it. “Online and mobile resources” means the websites and internet-based features we own and operate (including creative-course.com and related domains), as well as apps or other digital tools we publish to let you access our content, services, and communications. 1. What We Collect and From Whom We may collect personal information from the following groups: Visitors to, and users of, our websites, apps, and other online and mobile resources Our customers and prospective customers Current members of our workforce and job applicants Vendors, service providers, and business partners “Personal information” generally means information that identifies you or can be reasonably linked to you (for example, your name, address, telephone number, email address, payment details, or certain online identifiers). Certain privacy laws (such as the California Consumer Privacy Act, “CCPA,” and the EU General Data Protection Regulation, “GDPR”) define personal information more broadly. Where those laws apply, our use of “personal information” includes any additional elements required under those laws. The specific categories of information, and how we use them, can vary depending on your relationship to us (customer, website visitor, job applicant, vendor, etc.). Because one person may fall into multiple categories, we describe the main cases separately below. Workforce and Applicants We collect and retain the professional and employment-related information you would expect an employer to maintain about its workforce and job applicants. We provide detailed notices about our workforce and applicant data in internal HR documents or via secure portals accessible only to our workforce and applicants (and, in some cases, managed by third-party providers). In those cases, the third party may be legally responsible for providing certain privacy notices. Vendors and Business Partners Like most companies, we purchase goods and services, lease equipment and office space, and attend industry events. In doing so, we collect limited business contact details from vendors and partners (such as names, roles, email addresses, and business phone numbers). We use and share this information to manage and perform our contracts, evaluate potential relationships, and share information about our products and services, as described in more detail in our contracts or vendor portals. Most of this Privacy Statement focuses on visitors, users of our online and mobile resources, and our customers. 2. Types of Information We Collect Online When you use our online and mobile resources, we obtain and store two broad types of information: Non-personal information collected automatically (for example, device type or browser); and Personal information you voluntarily provide or that is collected automatically and can be reasonably linked to you. By accessing or using our online and mobile resources, or by purchasing our products or services, you acknowledge and agree that your personal information may be collected, used, and disclosed as described in this Privacy Statement. A. Information You Voluntarily Provide If you choose to participate in certain activities through our online and mobile resources, you may be asked to provide personal information. This may include: Identifiers (e.g., your name, email address, billing/shipping address, phone number) Professional information (e.g., your role, company, industry) Payment information (e.g., credit card or other payment details, which may be processed by a third-party payment processor) We do not sell, rent, or trade voluntarily submitted personal information to third-party data brokers or standalone marketing list companies. If you prefer that we do not collect this information, please do not provide it and do not participate in features that request it. You may still access portions of our websites that are available to the general public, though some functionality may be limited. Some ways you may voluntarily provide personal information include: Emails and Online Forms When you email us or submit a form (such as a contact form or support request), we retain your email address and any additional personal information you include. We use this to: respond to your inquiry, fulfill your request, and send you information about products, services, updates, or events we believe may interest you. Communications may be sent via email, phone, and/or text message where allowed by law and where you have provided appropriate contact details. Creating an Account When you register for an account, you provide information such as your name and email address. We use this information to: create and manage your account, authenticate your access, and communicate with you about your account, services, and related content. Registering for Events or Programs If you register for webinars, events, programs, or services that we host directly, we may collect identifiers (e.g., name, email address, business name) as well as payment details, if a fee is required. We use this data to: enroll you in the event or program, process payments (often via a third-party provider), and communicate with you before, during, and after the event. Becoming a Customer / Subscriber If you purchase products or services (including subscriptions), we use the information you provide to: perform our contractual obligations, deliver the purchased products and services, manage your account and billing, and communicate about updates, features, and relevant content. Social Media & Community Features Some of our online resources may include community or social features (e.g., posting comments, uploading content, or joining groups). Anything you choose to post—including your username and other personal information—may be publicly visible and is not covered by the confidential protections in this Privacy Statement. Please use caution when posting personal information in public forums. B. Information Automatically Collected When you visit our online and mobile resources, we automatically collect certain information via your browser, device, and various tracking technologies (such as “cookies” and similar tools). A cookie is a small text file placed on your device when you visit a website. Cookies and similar technologies allow us to: recognize your device, remember your preferences, and understand how you use our services. We also allow certain third-party vendors to use cookies or similar technologies on our sites over time, for purposes such as analytics and, where permitted, advertising. Analytics (e.g., Google Analytics) We use third-party analytics services, including Google Analytics, to help us understand how users interact with our online and mobile resources and to improve user experience. These providers may collect information such as: IP address and general location, browser and operating system, pages visited and time spent, links clicked and referring/exit pages. For information about how Google uses data, visit google.com/policies/privacy/partners. To learn about opting out of Google Analytics, visit tools.google.com/dlpage/gaoptout. Types of Automatically Collected Data Examples of internet and device information we may collect include: Domain name and IP address Browser type and operating system Date, time, and duration of visits Pages visited, documents downloaded, and graphics viewed Referring URLs and exit links General location (based on IP address or, where enabled, device location services) If you access our online resources from a mobile device, your mobile provider may transmit device-specific identifiers and, if location services are enabled, approximate geolocation. You can usually disable location services in your device settings if you do not want to provide location data. We use automatically collected and device information to: administer and improve our online and mobile resources, understand usage patterns, enhance functionality (for example, by remembering your settings), and make your experience more efficient. We retain personal information in accordance with applicable law and our internal data retention policies, and only as long as necessary to fulfill the purposes described in this statement (or as required by law). 3. External Sites, Apps, Links, and Social Media We maintain a presence on third-party social media platforms such as LinkedIn, Facebook, Instagram, YouTube, and others. Our websites and apps may: link to third-party sites and apps, or include features that integrate with those platforms (for example, sharing content, embedded videos, or widgets). We are not responsible for the content or privacy practices of any third-party websites, apps, or social platforms. Those resources are controlled by other entities and have their own privacy policies and terms of use. If you interact with these third-party services, we encourage you to review their privacy policies and direct any questions about their data practices to them. 4. When and With Whom We Share Personal Information We use non-personal information (e.g., aggregated statistics) to administer and improve our online and mobile resources and to make business decisions about our programs, products, and services. We use personal information to respond to your requests, deliver products and services, operate our business, and comply with legal obligations. We do not sell your personal information to third-party data brokers. We may share personal information in the following circumstances: Affiliates We may share your information within our corporate family (e.g., subsidiaries and affiliates of HZL Consulting GmbH). These entities use your information in accordance with this Privacy Statement, including to send information about their own products, services, or initiatives that may be relevant to you. Vendors and Business Partners We may share personal information with carefully selected vendors, service providers, and business partners, including: hosting and IT providers, payment processors, marketing and analytics service providers, CRM systems, and software tools you choose to connect (e.g., sales funnel or automation platforms). We disclose only the information reasonably necessary for them to perform services on our behalf or support your selected integrations. We generally require such parties, by contract, to: use personal information only as needed to fulfill the specified business purpose, safeguard the data appropriately, and not share or export the information except as directed or permitted by us and applicable law. While we use reasonable efforts to contractually protect your information, we cannot guarantee perfect compliance by every vendor or partner at all times. Legally Required Disclosures We may disclose personal information when required or permitted by law, such as: in response to subpoenas, court orders, or other legal processes; to comply with lawful requests from government or regulatory authorities; or to protect our legal rights and obligations. To Prevent Harm We may disclose personal information when we believe, in good faith, that doing so is reasonably necessary to: protect the rights, property, or safety of HZL Consulting, our users, or others; investigate, prevent, or respond to suspected illegal or harmful activities. Business Transfers If HZL Consulting or any of its affiliates undergoes a corporate transaction (such as a merger, acquisition, reorganization, or sale of assets), personal information may be transferred as part of that transaction. We will handle any such transfers in accordance with applicable law and this Privacy Statement (or another privacy notice that replaces it). 5. Your Rights and Choices You are not required to provide personal information to use many portions of our online resources. You may also choose to opt out of certain communications or activities. Marketing & Communications If we use your information to send newsletters, product updates, or promotional messages via email, SMS, or other channels, you may opt out by: following the “unsubscribe” or opt-out instructions in the message (for example, replying “STOP” to a text message), or contacting us at support@hzl-consulting.com . We will take reasonable steps to remove you from relevant lists, but please note that it may take some time to process your request, and you may still receive certain communications (e.g., transactional or administrative messages) even after opting out of marketing communications. You may also request access, correction, or deletion of your personal information by contacting us (see Contacting Us below). We will respond in accordance with applicable law. “Do Not Track” Some browsers offer a “Do Not Track” (DNT) feature. At this time, we do not respond to DNT signals. You can, however, adjust cookie settings in your browser and use other tools (such as opt-out mechanisms for analytics providers). 6. Children’s Privacy Our online and mobile resources are not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 (or under 18 where stricter laws apply) without verifiable parental consent, we will delete that information as soon as reasonably possible. If you believe a child has provided personal information through our online resources, please contact us at support@hzl-consulting.com so we can investigate and take appropriate action. We encourage parents and guardians to speak with their children about safe and responsible use of the internet. 7. How We Protect Personal Information We take reasonable and appropriate measures, consistent with applicable law and industry standards, to safeguard personal information from unauthorized access, disclosure, alteration, and destruction. HZL Consulting has implemented a Security Program that includes technical, organizational, and administrative safeguards designed to protect personal information, such as: access controls and authentication, network and application security measures, data backup and recovery procedures, and internal policies, training, and incident response protocols. However, no system can be guaranteed 100% secure. We cannot promise or guarantee that your information will never be accessed or used in an unauthorized manner, either while in transit or at rest. Except for any non-disclaimable duties under applicable law, we disclaim liability for unauthorized access, theft, or loss of data beyond our reasonable control. If we learn of a security incident affecting your personal information, we will follow our incident response procedures and comply with any breach notification obligations that apply. We also require (by contract where feasible) that our vendors notify us promptly of any incident affecting personal information they process on our behalf. 8. California Consumer Privacy Act (CCPA) When we collect personal information from California residents, we may be subject to the CCPA and those residents may have certain rights. Personal Information Collected from California Residents In the last 12 months, we may have collected the following categories of personal information from California residents: Identifiers: such as name, postal address, IP address, email address, and similar identifiers Customer Records: such as name, address, telephone number, payment information (e.g., credit card details processed via a secure third party) Commercial Information: such as products or services purchased, subscription details, and related transaction history Internet / Electronic Activity: such as browsing history, search history, and interactions with our website or apps Geolocation Data: such as general location derived from IP address or device (when enabled) Audio/Visual/Electronic Data: such as recordings of customer service calls (if disclosed at time of collection) or content you choose to upload We may disclose these categories of information for business purposes consistent with this Privacy Statement (for example, to service providers or as required by law). We do not sell, and in the last 12 months have not sold, personal information as “sale” is defined under the CCPA. CCPA Rights If you are a California resident, you may have the right (subject to limitations and verification): to know what categories of personal information we collect, use, and disclose; to request access to specific pieces of personal information we hold about you; to request deletion of your personal information (with certain exceptions); and to not be discriminated against for exercising your CCPA rights. You may exercise these rights up to the limits allowed by law (typically up to two times per 12-month period). To exercise your rights, contact us at: Email: support@hzl-consulting.com Phone: +49 40 74306736 We may ask you to complete a request form and will take reasonable steps to verify your identity before acting on your request. We will respond within the timeframes required by the CCPA. 9. EU/EEA, UK, and Other GDPR-Style Jurisdictions We may collect personal information from data subjects in jurisdictions where the GDPR, UK-GDPR, or similar data protection laws apply (collectively, “GDPR Jurisdictions”). For visitors and users in these jurisdictions, we may rely on one or more of the following legal bases for processing: Legitimate interests: such as operating and improving our website, providing requested services, preventing fraud, and securing our systems; Contract performance: where processing is necessary to perform a contract with you (or take steps at your request before entering into a contract); Consent: for specific processing activities where we request and you provide consent; and Legal obligations: where processing is required to comply with a law to which we are subject. We do not sell personal information and do not use it for automated decision-making that produces legal or similarly significant effects on you. Cross-Border Transfers If we transfer personal information from GDPR Jurisdictions to countries that may not have been deemed to provide an “adequate” level of data protection, we do so using appropriate safeguards (for example, standard contractual clauses or other legally permitted mechanisms). Rights of Data Subjects (GDPR/UK-GDPR) If you are in a GDPR Jurisdiction, you may have the right, subject to conditions and exemptions, to: request access to your personal information; request correction or deletion; object to or request restriction of processing; request a portable copy of your data; and lodge a complaint with your local data protection authority. To exercise these rights, contact us at support@hzl-consulting.com. We may need to verify your identity before fulfilling your request and will respond in accordance with applicable law. 10. Changes to This Privacy Statement This Privacy Statement was originally drafted on January 18, 2022 and has been updated as of October 17, 2024. The English-language version of this statement controls, regardless of any translation. We may update this Privacy Statement from time to time. When we do, we will post the updated version on our website with a revised “Last Updated” date. Your continued use of our online and mobile resources after any changes are posted constitutes your acceptance of the updated statement. 11. Contacting Us If you have questions about this Privacy Statement or our privacy practices, please contact us at: HZL Consulting GmbH Dorotheenstr. 54 22301 Hamburg GERMANY Email: support@hzl-consulting.com Phone: +49 40 74306736 12. How We May Communicate With You (Marketing & Consent) By using our services, requesting information, or submitting forms on our websites, you may choose to provide your contact information (such as email address and phone number) and consent to being contacted by HZL Consulting and, where applicable, its affiliates and service providers. Subject to applicable law and your preferences, you agree that we may contact you: by email, by phone or SMS/text (including to your mobile number), and using automated or pre-recorded messages, where permitted. These communications may relate to: your existing or potential business relationship with us, our products, programs, or services, and special offers, events, or updates we believe may interest you. Message and data rates may apply. You are solely responsible for any third-party charges incurred (for example, from your mobile or internet provider). Nothing in this section limits any rights you have under CCPA, GDPR/UK-GDPR, or other applicable laws. You may withdraw your marketing consent at any time by: following the “unsubscribe” or opt-out instructions in a communication (for example, replying “STOP” to a text), or contacting us at support@hzl-consulting.com with the email address and/or phone number you wish to remove. If you do not agree with the terms of this Privacy Statement or our Terms & Conditions, please do not submit forms on our websites, create an account, or otherwise provide personal information, and discontinue use of our online and mobile resources.