/ academy
Privacy policy
Last updated on March 15th, 2026.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our online learning platform at academy.lauromueller.com ("Platform"). We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the German Bundesdatenschutzgesetz ("BDSG"), and the Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz ("TDDDG").
We encourage you to read this Privacy Policy carefully. By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy.
1. DATA CONTROLLER
The data controller responsible for the processing of your personal data is:
Lauro Fialho Müller
Trading as: LM Academy
Schönhauser Allee 163 10435 Berlin Germany
Schönhauser Allee 163 10435 Berlin Germany
Email: academy[at]lauromueller.com
If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us at the email address above.
2. WHAT PERSONAL DATA WE COLLECT
We collect and process the following categories of personal data:
a) Data you provide to us directly
When you create an Account, place an Order, or otherwise interact with the Platform, you may provide us with:
– Name (first and last name)
– Email address
– Password (stored in encrypted form only)
– Billing address
– Country of residence
– Professional information (e.g. job title), if voluntarily provided
– Any additional information you choose to enter in your user profile or in communications with us
b) Payment data
When you purchase a course or Subscription, your payment is processed by our third-party payment service provider (currently Stripe). We do not receive, store, or process your full credit card number or bank account details. We may receive from Stripe a truncated card number (last four digits), card type, billing country, and transaction confirmation for our records.
c) Data collected automatically
When you visit or use the Platform, certain data is collected automatically by our systems and by our platform provider (LearnWorlds):
– IP address
– Browser type and version
– Operating system and device type
– Date and time of access
– Pages visited and actions taken on the Platform (e.g. courses viewed, lessons completed, time spent)
– Referring URL (the website from which you arrived at the Platform)
– Language preferences
d) Cookie data
We use cookies and similar technologies on the Platform. For details, see Section 6 below.
e) Communication data
If you contact us by email or through a contact form, we process the content of your message, your email address, and any other information you provide.
f) Learning activity data
When you use the Platform, we collect data about your learning progress, including lessons viewed, quizzes completed, assignments submitted, certificates earned, and course completion status.
3. PURPOSES AND LEGAL BASES FOR PROCESSING
We process your personal data only where we have a lawful basis to do so under Art. 6(1) GDPR. The table below sets out the purposes of our processing and the corresponding legal basis:
Contract performance — Art. 6(1)(b) GDPR
– Creating and managing your Account
– Processing your Orders and granting access to purchased courses
– Providing the educational Services you have purchased
– Tracking your learning progress within courses
– Processing payments (via our payment service provider)
– Communicating with you about your Account, Orders, or technical issues
– Providing customer support
Legitimate interests — Art. 6(1)(f) GDPR
– Ensuring the security and integrity of the Platform (e.g. fraud prevention, detecting unauthorised access)
– Analysing anonymised or aggregated usage data to improve our courses and Platform
– Enforcing our Terms and Conditions
– Administering and operating the Platform (including troubleshooting, data analysis, and system maintenance)
Our legitimate interest in these cases is the operation, improvement, and security of our business and Platform. We have assessed that these interests are not overridden by your rights and freedoms.
Consent — Art. 6(1)(a) GDPR
– Sending you marketing emails or newsletters (you may withdraw consent at any time — see Section 8)
– Setting non-essential cookies on your device (see Section 6)
Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Legal obligation — Art. 6(1)(c) GDPR
– Retaining invoicing and transaction records as required by German tax law (Abgabenordnung — retention period of 10 years)
– Responding to lawful requests from public authorities
4. DATA SHARING AND RECIPIENTS
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.
c) Email and communications
d) Analytics
f) Business transfers
We share your personal data only with the following categories of recipients, and only to the extent necessary for the purposes described in this Privacy Policy:
a) Platform provider — LearnWorlds
The Platform is operated using LearnWorlds (LearnWorlds (CY) Ltd, Cyprus). LearnWorlds acts as a data processor on our behalf and processes your Account data, learning activity data, and technical data in order to provide the Platform. LearnWorlds hosts data on Google Cloud Platform infrastructure. We have entered into a Data Processing Agreement (DPA) with LearnWorlds in accordance with Art. 28 GDPR.
b) Payment service provider — Stripe
Payment processing is handled by Stripe (Stripe, Inc., USA / Stripe Payments Europe, Ltd., Ireland). Stripe acts as an independent data controller for certain payment data and as a data processor on our behalf for transaction processing. Stripe is certified under the EU-U.S. Data Privacy Framework. For details, see Stripe's privacy policy: https://stripe.com/privacy
c) Email and communications
If you subscribe to our newsletter or if we send you transactional emails, these are delivered through Beehiiv or LearnWorlds.
d) Analytics
We use Google Analytics and LearnWorlds built-in analytics to understand how the Platform is used. Google Analytics uses cookies to collect anonymised usage data. We have enabled IP anonymisation. Google acts as a data processor on our behalf. See: https://policies.google.com/privacy
e) Legal and regulatory
We may disclose your personal data if required to do so by law, court order, or regulatory authority, or where disclosure is necessary to protect our legal rights, enforce our Terms and Conditions, or investigate suspected fraud or security breaches.
f) Business transfers
In the event that our business is sold, merged, or restructured, your personal data may be transferred to the successor entity. We will notify you in advance of any such transfer and give you the opportunity to request deletion of your data before the transfer takes place.
5. INTERNATIONAL DATA TRANSFERS
Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). This occurs in particular because our platform provider (LearnWorlds) and payment provider (Stripe) use infrastructure and subprocessors located in the United States and other countries.
Where personal data is transferred outside the EEA, we ensure that adequate safeguards are in place, including:
– EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR;
– Adequacy decisions by the European Commission, including the EU-U.S. Data Privacy Framework (where applicable); or
– Other legally recognised transfer mechanisms.
You may request a copy of the applicable safeguards by contacting us at academy[at]lauromueller.com.
6. COOKIES AND SIMILAR TECHNOLOGIES
The Platform uses cookies and similar technologies. Cookies are small text files stored on your device when you visit the Platform.
a) Strictly necessary cookies
b) Analytics and performance cookies
c) Marketing cookies
Managing your cookie preferences
a) Strictly necessary cookies
These cookies are required for the basic operation of the Platform (e.g. session management, authentication, security). They cannot be disabled. The legal basis is Art. 6(1)(b) and (f) GDPR in conjunction with § 25(2) TDDDG.
b) Analytics and performance cookies
These cookies collect anonymised information about how visitors use the Platform (e.g. pages visited, time on site). They help us improve the Platform. These cookies are set only with your prior consent pursuant to § 25(1) TDDDG and Art. 6(1)(a) GDPR.
c) Marketing cookies
These cookies are used to deliver relevant advertising or to track the effectiveness of marketing campaigns. They are set only with your prior consent pursuant to § 25(1) TDDDG and Art. 6(1)(a) GDPR.
Managing your cookie preferences
When you first visit the Platform, a cookie consent banner will allow you to accept or reject non-essential cookies. You can change your preferences at any time through the cookie settings available on the Platform. You can also configure your browser to block or delete cookies, though this may affect your ability to use certain features of the Platform.
7. DATA RETENTION
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
– Account and profile data: For the duration of your Account. If you delete your Account, your personal data will be erased or anonymised within 30 days, unless retention is required by law.
– Order and transaction data: For 10 years after the end of the calendar year in which the transaction occurred, as required by German tax law (§§ 147 AO, 257 HGB).
– Learning progress data: For the duration of your Account. Upon Account deletion, learning data is anonymised or deleted.
– Communication data (emails, support requests): For up to 3 years after the last communication, or longer if required for the establishment, exercise, or defence of legal claims.
– Server log files: Automatically deleted after 30 days. [CONFIRM: Check with LearnWorlds what their actual log retention period is.]
– Marketing consent records: For the duration of the consent and for 3 years after withdrawal (for the purpose of demonstrating that consent was validly obtained).
After the applicable retention period, personal data is securely deleted or irreversibly anonymised.
8. YOUR RIGHTS AS A DATA SUBJECT
Under the GDPR, you have the following rights in relation to your personal data:
– Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether we process your personal data and, if so, to request a copy of that data together with information about the processing.
– Right to rectification (Art. 16 GDPR): You have the right to request correction of inaccurate personal data and completion of incomplete personal data.
– Right to erasure (Art. 17 GDPR): You have the right to request deletion of your personal data where, among other grounds, the data is no longer necessary for the purposes for which it was collected, you withdraw consent, or you object to the processing. This right does not apply where we are legally required to retain the data (e.g. tax records).
– Right to restriction of processing (Art. 18 GDPR): You have the right to request restriction of processing in certain circumstances, for example while we verify the accuracy of your data following a dispute.
– Right to data portability (Art. 20 GDPR): You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where the processing is based on consent or contract and is carried out by automated means.
– Right to object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, to processing based on our legitimate interests (Art. 6(1)(f) GDPR). We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms. Where personal data is processed for direct marketing purposes, you have the right to object at any time, and we will cease processing your data for that purpose without exception.
– Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
– Right not to be subject to automated decision-making (Art. 22 GDPR): We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.
How to exercise your rights:
You may exercise any of the above rights by contacting us at academy[at]lauromueller.com. If your Account includes self-service data management features (such as the ability to download your data or delete your Account), you may also use those features directly.
We will respond to your request without undue delay and in any event within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.
We may ask you to verify your identity before processing your request, to ensure that personal data is not disclosed to an unauthorised person.
Exercising your rights is free of charge. However, where requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request, in accordance with Art. 12(5) GDPR.
9. RIGHT TO LODGE A COMPLAINT
If you believe that we have not complied with our obligations under applicable data protection law, you have the right to lodge a complaint with a supervisory authority.
You also have the right to lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.
The supervisory authority responsible for our place of business is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin, Germany
Website: https://www.datenschutz-berlin.de
Email: mailbox[at]datenschutz-berlin.de
You also have the right to lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.
We would appreciate the opportunity to address your concerns before you contact a supervisory authority. Please reach out to us at academy[at]lauromueller.com first.
10. DATA SECURITY
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration, in accordance with Art. 32 GDPR.
These measures include:
– Encryption of data in transit (TLS/SSL) and at rest
– Isolated database architecture (each school on LearnWorlds operates with its own isolated database)
– Regular security updates and vulnerability scanning
– Access controls and authentication mechanisms
– Regular data backups
– No storage of full payment card details on our systems (handled by PCI DSS Level 1 compliant providers)
While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining an appropriate level of protection.
11. CHILDREN'S DATA
The Platform is not directed at children under the age of 16 (or the applicable minimum age for data processing consent in your country). We do not knowingly collect personal data from children under this age. If you believe that we have inadvertently collected data from a child, please contact us at academy[at]lauromueller.com and we will take steps to delete the data promptly.
Users between the ages of 16 and 18 may use the Platform in accordance with our Terms and Conditions (which require parental or guardian supervision for users under 18 for the purpose of purchasing Services).
12. LINKS TO THIRD-PARTY WEBSITES
The Platform may contain links to third-party websites or services (e.g. external tools, documentation, or resources referenced in course content). We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any personal data to them.
13. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our processing activities, in the law, or in our Platform. Where changes are material, we will notify you by email to the address associated with your Account at least 14 days before the changes take effect. The date of the most recent update is indicated at the top of this Privacy Policy.
Your continued use of the Platform after the updated Privacy Policy takes effect constitutes your acknowledgement of the changes. If you do not agree to the updated Privacy Policy, you may close your Account in accordance with our Terms and Conditions.
14. CONTACT
If you have any questions about this Privacy Policy, about your personal data, or if you wish to exercise any of your rights as described in Section 8, please contact us:
Lauro Fialho Müller
Trading as: LM Academy
Schönhauser Allee 163 10435 Berlin Germany
Schönhauser Allee 163 10435 Berlin Germany
Email: academy[at]lauromueller.com
Who we are
LM Academy provides up-to-date, cutting-edge IT courses and hands-on labs in the areas of AI, Cloud, Platform Engineering, SRE, and DevOps. Its ultimate goal is to help IT professionals stay relevant.
Featured links
Connect with us
Copyright © 2026