Privacy Policy

General Information

Protecting your personal data is important to us. We process personal data confidentially and in accordance with the applicable data protection laws, in particular the General Data Protection Regulation (GDPR).

This Privacy Policy explains what personal data we collect, how we use it, which services may be involved, and what rights you have in relation to your data.

 

1. Data Controller

The controller responsible for data processing on this website is:

HYPspacedesign GmbH
Winterhuder Weg 29
22085 Hamburg
Germany

Email: privacy@humanreverseengineering.org

 

2. Data We Process When You Visit This Website

When you access this website, technical data is automatically processed by our hosting system. This may include:

IP address
Date and time of access
Browser type and version
Operating system
Pages visited
Referrer URL
Device information
Server log data

This data is processed to provide the website, ensure technical stability, maintain security, and detect errors or misuse.

The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in the secure and reliable operation of this website.

 

3. Personal Data You Provide Voluntarily

We process personal data when you actively provide it to us, for example when you contact us by email, book an appointment, purchase a service, or use an external service connected to our offering.

This may include:

Name
Email address
Phone number, if provided
Message content
Booking details
Appointment information
Payment and order information
Communication and session-related information

We process this data only for the purpose for which it was provided, such as responding to your inquiry, coordinating appointments, providing booked services, or fulfilling legal obligations.

The legal basis may be Article 6(1)(b) GDPR, where processing is necessary for pre-contractual or contractual purposes, Article 6(1)(f) GDPR, where we have a legitimate interest in communication and service delivery, or Article 6(1)(c) GDPR, where processing is required by law.

 

4. Cookies and Consent Management

This website uses cookies and similar technologies. Some cookies are technically necessary for the operation of the website. Others may be used only if you have given your consent.

We use Real Cookie Banner to manage cookie and consent settings. The provider is devowl.io GmbH, Tannet 12, 94539 Grafling, Germany.

Real Cookie Banner stores your consent decisions so that they can be documented and applied during future visits. This may include the time of consent, selected preferences, technical browser information, and an anonymous identifier.

The legal basis for technically necessary consent management is Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. Where consent is required for specific services, the legal basis is Article 6(1)(a) GDPR.

You can change or withdraw your consent at any time through the privacy settings on this website.
here.

 

5. Web Analytics

We use Matomo to analyze the use of this website and to improve our content, structure, and user experience.

Matomo is an open-source web analytics system. We use it in a privacy-oriented configuration. Analytics data is used to understand general website usage, such as page views, visits, and user interaction patterns.

Depending on your consent settings, Matomo may use cookies. Where Matomo is used without cookies or with anonymized data, processing is based on Article 6(1)(f) GDPR. Our legitimate interest lies in improving and maintaining the quality of our website. Where cookies or comparable technologies require consent, processing is based on Article 6(1)(a) GDPR.

You may change or withdraw your consent at any time through the privacy settings here.

 

6. Appointment Scheduling

We use Calendly for online appointment scheduling. Calendly is provided by Calendly LLC, 271 17th St NW, Ste 1000, Atlanta, GA 30363, USA.

When you book an appointment through Calendly, personal data is processed. This may include:

Name
Email address
Phone number, if provided
Selected date and time
Time zone
Information entered into the booking form
Technical data related to the booking process

Calendly is used to provide a structured and reliable booking process for our services. The legal basis is Article 6(1)(b) GDPR where the booking is connected to a service you request or purchase, and Article 6(1)(f) GDPR where we have a legitimate interest in efficient appointment scheduling.

Calendly may process data in the United States and may use subcontractors. Where required, appropriate safeguards such as Standard Contractual Clauses are used.

Further information is available in Calendly’s privacy notice.

 

7. Payment and Checkout

For certain paid services, such as 1:1 Live Calls, we may use Digistore24 for checkout and payment processing.

When you click a booking or purchase button on this website, such as “Book Your Call,” you may be redirected to a checkout page operated by Digistore24. The checkout process, payment processing, invoicing, tax handling, and related customer data processing are carried out by Digistore24. Depending on your location and the specific checkout page, the responsible Digistore24 entity will be named during the checkout process.

Data processed by Digistore24 may include:

Name
Email address
Billing address
Payment data
Order details
Tax-related information
Technical checkout data

Digistore24 generally acts as reseller and may become your contractual partner for the purchase. We receive from Digistore24 only the information necessary to process and provide the purchased service, such as order confirmation, contact details, and booking-related information.

The legal basis for our processing of order-related data is Article 6(1)(b) GDPR and Article 6(1)(c) GDPR where legal retention obligations apply.

Further data processing by Digistore24 is governed by Digistore24’s own privacy policy and checkout terms.

 

8. Online Live Calls

We use Zoom to conduct 1:1 Live Calls. Zoom is provided by Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA.

When you participate in a Zoom call, personal data may be processed. This may include:

Name
Email address
IP address
Device and connection data
Meeting metadata, such as time, duration, and participants
Audio and video data, if you enable microphone or camera
Chat content, if you use the chat function

We use Zoom to provide online calls and communicate with participants. The legal basis is Article 6(1)(b) GDPR where the call is part of a booked service, and Article 6(1)(f) GDPR where we have a legitimate interest in providing secure and reliable online communication.

We do not record calls unless this has been clearly agreed in advance.

Zoom may process data outside the European Economic Area. Where required, appropriate safeguards such as Standard Contractual Clauses are used.

Further information is available in Zoom’s privacy statement.

 

9. Community Platform

We provide access to the Human Reverse Engineering community through the external platform Skool.

If you join or use the community, registration, login, profile data, posts, comments, messages, and other community interactions are processed by Skool according to Skool’s own privacy policy and platform terms.

As community administrators, we may have access to information visible to us, such as your profile, membership status, posts, comments, participation activity, and information provided during the membership request process.

As part of the membership request, we may ask you to provide an email address. This may be used to communicate with you about community access, important updates, activities, and occasional announcements related to Human Reverse Engineering.

We use community-related information only to operate, moderate, protect, and develop the Human Reverse Engineering community.

The legal basis is Article 6(1)(b) GDPR where community access is part of a service, Article 6(1)(f) GDPR where we have a legitimate interest in managing and protecting the community, and Article 6(1)(a) GDPR where communication is based on your consent.

 

10. Data Sharing and External Service Providers

We share personal data only where necessary for the operation of this website, the provision of our services, communication with you, appointment scheduling, payment processing, community access, or compliance with legal obligations.

This may include:

Hosting providers
Cookie and consent management providers
Appointment scheduling providers
Payment and checkout providers
Video conferencing providers
Community platform providers
Tax, legal, or administrative service providers
Public authorities, where legally required

We do not sell personal data.

Where service providers process data on our behalf, we use appropriate contractual arrangements where required by law.

 

11. International Data Transfers

Some external services used by us may process personal data outside the European Economic Area, including in the United States.

Where such transfers occur, they are based on appropriate safeguards under GDPR, such as Standard Contractual Clauses, adequacy decisions, or other legally recognized mechanisms.

 

12. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

Communication data is retained as long as necessary to respond to your inquiry or manage the relevant relationship. Contractual, payment, and invoice-related data may be retained for the statutory retention periods. Technical log data is retained only as long as necessary for security, functionality, and troubleshooting.

 

13. Your Rights

Under the GDPR, you have the following rights in relation to your personal data:

Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability
Right to object to processing
Right to withdraw consent at any time
Right to lodge a complaint with a supervisory authority

If you wish to exercise your rights, you can contact us at:

privacy@humanreverseengineering.org

You also have the right to lodge a complaint with a data protection supervisory authority.

 

14. Withdrawal of Consent

Where data processing is based on your consent, you may withdraw that consent at any time. The withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

You can adjust cookie-related consent through the privacy settings on this website.

 

15. No Automated Decision-Making

We do not use personal data for automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

 

16. Changes to This Privacy Policy

We may update this Privacy Policy when our website, services, legal requirements, or external providers change.

Last updated: May 17, 2026