Privacy Policy

We treat your data with care

Privacy Policy

We appreciate your visit to our website and your interest in the International Software Architecture Qualification Board (iSAQB®). The protection of personal data is important to us. This Privacy Policy explains which personal data we process when you use our website and online services, for which purposes we process such data, and which rights you have.

1. Controllers

For the processing of personal data in connection with the operation of the website www.isaqb.org, the joint controllers are:

International Software Architecture Qualification Board e. V.

Donnersbergweg 4

67059 Ludwigshafen am Rhein

Germany

E-mail: info@isaqb.org

and

iSAQB GmbH

Feuerbachstr. 6

14471 Potsdam

Germany

E-mail: info@isaqb.org

to the extent that the processing relates to the operation, presentation, security, technical development and use of the website.

iSAQB GmbH performs essential operational tasks for iSAQB e. V. in connection with the website, communication with interested parties and partners, and the operation of the CPSA certification and accreditation environment.

For other operational processing activities, in particular in connection with training provider accreditations, certification bodies, training calendar, partner communication, contract management, invoicing, event organization and general business communication, iSAQB GmbH is generally the controller, unless otherwise stated in the respective processing context.

Irrespective of this, you may exercise your data protection rights against either controller.

2. Data Protection Officer

Our company Data Protection Officer is:

Tess Parthum

E-mail: datenschutz@isaqb.org

If you have any questions about data protection or wish to exercise your rights, you may contact our Data Protection Officer at any time.

3. General information on data processing

We process personal data only where there is a legal basis for doing so. Processing is carried out in particular on the basis of:

Where we use cookies or similar technologies that access information on your device or store information on your device, we also comply with Section 25 of the German Telecommunications Digital Services Data Protection Act (TDDDG). Cookies and similar technologies that are not technically necessary are used only with your consent.

4. Accessing the website and server log files

When you access our website, the web server automatically processes technical access data. This may include, in particular:

This processing is carried out to provide the website technically, ensure system security, analyze errors, and detect misuse or attacks on our systems.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and stable operation of the website.

Server log files are stored for 7 days and then deleted, unless longer storage is required to investigate security incidents or to enforce legal claims.

5. Hosting

Our website is hosted by the following hosting service provider:

Hetzner Online GmbH

Industriestr. 25

91710 Gunzenhausen

Germany

Phone: +49 (0)9831 505-0

Fax: +49 (0)9831 505-3

E-mail: info@hetzner.com

Hetzner processes personal data, in particular technical access data, on our behalf to the extent necessary for the operation and security of the website.

We have concluded a data processing agreement with Hetzner pursuant to Art. 28 GDPR.

The legal basis for the use of Hetzner is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, high-performance and reliable operation of the website.

6. Cookies and consent management

Our website uses cookies and similar technologies. Cookies are small text files stored on your device. Similar technologies may include pixels, tags, local storage technologies or comparable methods.

We distinguish between:

Technically necessary cookies and technologies

These are necessary for the website to function, for security features to be provided, or for your data protection preferences to be stored. The legal basis is Art. 6(1)(f) GDPR. Access to your device is based on Section 25(2) TDDDG.

Analytics cookies and similar technologies

We use these only if you have given your prior consent. The legal basis is Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

We use a consent management tool to manage your consent. The consent management tool stores whether and for which purposes you have given or refused consent. This means we do not have to ask for your decision again each time you visit the website.

The legal basis is Art. 6(1)(c) GDPR in connection with our obligation to be able to demonstrate consent, as well as Art. 6(1)(f) GDPR.

You may change or withdraw your consent at any time with effect for the future via the cookie or privacy settings on our website.

7. Contacting us by form or e-mail

If you contact us via a contact form or by e-mail, we process the data you provide. This may include, in particular:

We use this data to process your request and for any follow-up questions.

The legal basis is Art. 6(1)(b) GDPR if your request is related to a contract or pre-contractual measures. In all other cases, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the appropriate handling of incoming inquiries. Where consent is requested, the legal basis is Art. 6(1)(a) GDPR.

The data will be deleted once the inquiry has been fully processed and no statutory retention obligations or legitimate interests in further storage exist.

8. Newsletter

If you subscribe to our newsletter, we process your e-mail address and, where applicable, additional information provided voluntarily.

Registration generally takes place using the double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your subscription. This helps us ensure that the subscription was actually made by the owner of the e-mail address provided.

For the registration and dispatch of the newsletter, we process in particular:

The legal basis for sending the newsletter is your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future, for example via the unsubscribe link included in every newsletter.

9. Newsletter dispatch via Brevo

We use Brevo for sending and technically managing our newsletter. The provider is:

Brevo GmbH

Köpenicker Straße 126

10179 Berlin

Germany

Brevo processes the data required for newsletter dispatch on our behalf. This includes, in particular, e-mail addresses, registration and confirmation data, and technical information relating to newsletter dispatch.

We have concluded a data processing agreement with Brevo pursuant to Art. 28 GDPR.

Brevo may provide us with statistical information about whether newsletters were opened and which links were clicked. We use this analysis to improve the content and technical quality of the newsletter. Personal analysis is carried out only where valid consent has been obtained.

The legal basis for sending and analyzing the newsletter is Art. 6(1)(a) GDPR. To the extent that processing is necessary to document consent, it is based on Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR.

We store your newsletter data for as long as you are subscribed to the newsletter. After you unsubscribe, your data will be deleted from the active mailing list unless statutory retention obligations apply. Data required to prove a previously granted consent may be stored for an appropriate period.

10. Google Analytics

We use Google Analytics on our website, a web analytics service provided by:

Google Ireland Limited

Gordon House

Barrow Street

Dublin 4

Ireland

Google Analytics helps us understand how our website is used. In particular, the following data may be processed:

Google Analytics uses cookies and similar technologies. It is used only if you have given your prior consent.

The legal basis is Art. 6(1)(a) GDPR and Section 25(1) TDDDG. You may withdraw your consent at any time with effect for the future via our cookie or privacy settings.

We use Google Analytics with IP anonymization enabled. This means that your IP address is generally shortened within the European Union or the European Economic Area before it is transmitted to Google.

We have concluded the required data protection agreements with Google.

Google may also transfer personal data to the USA. Google LLC is certified under the EU-U.S. Data Privacy Framework. For data transfers to the USA, the European Commission’s adequacy decision may therefore be relied upon to the extent that the certification covers the specific processing activity. Standard contractual clauses may be used in addition.

The retention period for data processed in Google Analytics is 14 months.

11. Google reCAPTCHA

We use Google reCAPTCHA on our website, a service provided by:

Google Ireland Limited

Gordon House

Barrow Street

Dublin 4

Ireland

reCAPTCHA is used to protect forms and other input options on our website against abusive automated use, spam and attacks.

For this purpose, reCAPTCHA may process various technical information, such as:

reCAPTCHA is used to protect our website and IT systems. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in protection against spam, misuse and automated attacks.

To the extent that reCAPTCHA uses cookies or similar technologies that are not technically necessary, we obtain your prior consent pursuant to Section 25(1) TDDDG and Art. 6(1)(a) GDPR.

Google may also transfer personal data to the USA. Google LLC is certified under the EU-U.S. Data Privacy Framework. For data transfers to the USA, the European Commission’s adequacy decision may therefore be relied upon to the extent that the certification covers the specific processing activity. Standard contractual clauses may be used in addition.

12. Training calendar and training provider data

On our website we publish information about accredited training providers, certification bodies, academic partners and training dates.

Where personal data is processed or published in this context, such as names, professional contact details or contact persons, this is done for the presentation and implementation of the iSAQB certification and accreditation program.

The legal basis is Art. 6(1)(b) GDPR to the extent that publication is necessary for the performance of a contractual relationship. In addition, Art. 6(1)(f) GDPR may serve as the legal basis. Our legitimate interest lies in the transparent presentation of accredited partners, training offerings and contact persons.

Where data is published on the basis of consent, the legal basis is Art. 6(1)(a) GDPR.

13. Protected area / login

Where we provide a protected area or login on our website for partners, training providers or other authorized users, we process the data required to set up and use the access. This may include:

The processing is carried out to provide the protected area, manage permissions, ensure system security and carry out the relevant contractual or cooperation relationship.

The legal basis is Art. 6(1)(b) GDPR to the extent that the processing is necessary for the performance of a contract or pre-contractual measures. Otherwise, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure operation of the protected area and the management of authorized access.

14. External links and social media profiles

Our website contains links to external websites and social media profiles, such as LinkedIn, YouTube, GitHub, Mastodon, Bluesky, Instagram or Facebook.

When you click such a link, you leave our website. Only then will personal data be processed by the respective external provider. The respective provider is generally responsible for this processing.

We have no influence over which data external providers process after you click the link. Please refer to the privacy notices of the respective provider.

15. Recipients of personal data

Personal data may be disclosed to service providers and partners where this is necessary for the purposes described above. This may include in particular:

Where service providers process personal data on our behalf, we conclude data processing agreements pursuant to Art. 28 GDPR.

16. Transfers to third countries

Some of the service providers we use may process personal data outside the European Union or the European Economic Area, in particular in the USA.

A transfer takes place only where there is a data protection basis for doing so. This may include, in particular:

17. Retention period

We store personal data only for as long as is necessary for the respective purposes or as long as statutory retention obligations apply.

Unless a specific retention period is stated, we delete personal data when the purpose of processing no longer applies, when you withdraw consent, or when you effectively object to the processing, provided there are no legal obligations or legitimate reasons for further storage.

18. Your rights

Under the GDPR, you have in particular the following rights:

If you wish to exercise any of these rights, please contact:

datenschutz@isaqb.org

19. Right to object under Art. 21 GDPR

Where we process personal data on the basis of Art. 6(1)(f) GDPR, you have the right to object to this processing at any time on grounds relating to your particular situation.

Where we process personal data for direct marketing purposes, you have the right to object to such processing at any time. In this case, we will no longer process your personal data for direct marketing purposes.

20. Withdrawal of consent

You may withdraw consent you have given at any time with effect for the future.

The withdrawal does not affect the lawfulness of processing carried out on the basis of consent before the withdrawal.

Consent for cookies, analytics tools and similar technologies can be withdrawn or changed via our cookie or privacy settings.

21. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority.

For iSAQB GmbH, the competent authority is in particular:

Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg

Stahnsdorfer Damm 77

14532 Kleinmachnow

E-mail: Poststelle@LDA.Brandenburg.de

For iSAQB e. V., the competent authority is in particular:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz

Hintere Bleiche 34

55116 Mainz

E-mail: poststelle@datenschutz.rlp.de

You may also contact any other competent data protection supervisory authority.

22. Updates to this Privacy Policy

We reserve the right to update this Privacy Policy if our website, our processing activities or legal requirements change.

The current version of this Privacy Policy applies to each subsequent visit to this website.

Status: May 2026

Stay Up-to-Date with the iSAQB® Newsletter!