Privacy Policy

Last updated: April 2026

Scope

This privacy policy applies to the following websites and services of the controller:

• www.leadnet.de — Company website with contact form
• www.gots.de — URL shortener service
• quiz.gots.de — Quiz platform
• www.aws-cloud.training — Cloud quiz and training platform with admin area

Where individual sections apply only to specific domains, this is indicated accordingly.

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection provisions is:

Leadnet … more than expected
Frank Bormann
Im Mittelfelde 11
31157 Sarstedt
Germany

Phone: +49 5066 9968636
Email: datenschutz@leadnet.de
Website: www.leadnet.de

2. General Information on Data Processing

We process personal data of our users only insofar as this is necessary to provide a functional website and our content and services. The processing of personal data regularly takes place only with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of data is permitted by law.

3. Legal Bases

Insofar as we obtain consent for the processing of personal data, Art. 6 (1) (a) GDPR serves as the legal basis.

For the processing of personal data necessary for the performance of a contract, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures (e.g. enquiries via the contact form).

Insofar as the processing of personal data is necessary for compliance with a legal obligation, Art. 6 (1) (c) GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) (f) GDPR serves as the legal basis.

4. SSL/TLS Encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection by the browser address bar changing from "http://" to "https://" and by the lock icon in your browser bar. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5. Hosting

This website is hosted by Amazon Web Services EMEA SARL (AWS), 38 Avenue John F. Kennedy, L-1855 Luxembourg. The servers are located in Frankfurt am Main, Germany (AWS Region eu-central-1). The personal data collected on this website is stored on AWS servers in Germany.

The use of AWS is in the interest of a secure, fast and efficient provision of our online offering (Art. 6 (1) (f) GDPR). AWS processes data on our behalf and is contractually obliged to comply with the data protection provisions of the GDPR. A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with AWS (AWS Data Processing Addendum). Data is processed exclusively within the EU.

Depending on the service, the following AWS services are used:

• leadnet.de: Amazon EC2/S3 for web hosting and data storage
• gots.de: Amazon CloudFront (CDN), Amazon S3, Amazon API Gateway, AWS Lambda, Amazon DynamoDB
• quiz.gots.de: Amazon CloudFront (CDN), Amazon S3, Amazon API Gateway, AWS Lambda
• aws-cloud.training: Amazon CloudFront (CDN), Amazon S3, Amazon API Gateway, AWS Lambda, Amazon DynamoDB

6. Server Log Files

The hosting provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits. These are:

• Page visited on our domain
• Date and time of the server request
• Browser type and version
• Operating system used
• Referrer URL (previously visited page)
• IP address of the accessing device
• Amount of data transferred

This data is not merged with other data sources. The collection of this data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website — for this purpose, server log files must be collected.

Server log files are stored for a maximum of 7 days and then automatically deleted. This data is not merged with other data sources.

7. Contact Form

If you send us enquiries via the contact form, your details from the form including the data you provide (name, email address, company, selected topic, message) will be stored by us for the purpose of processing the enquiry and in case of follow-up questions.

Legal basis: Processing is based on Art. 6 (1) (b) GDPR (pre-contractual measures) or Art. 6 (1) (a) GDPR (your consent by submitting the form and accepting the privacy policy).

Storage duration: The data transmitted via the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory statutory provisions — in particular retention periods — remain unaffected.

Spam protection: To protect against automated enquiries, we use a mathematical captcha, a honeypot field and a time check. These measures are processed entirely locally on our server. No data is transmitted to external services (such as Google reCAPTCHA).

Rate limiting: To prevent abuse, the sender's IP address is temporarily stored server-side to limit the number of requests per time period. This data is automatically deleted after 10 minutes.

8. URL Shortener (gots.de)

The URL shortener at gots.de allows URLs to be shortened without registration or provision of personal data.

Data processed:

• Entered URL — Purpose: URL shortening — Storage duration: 7 days (automatic deletion via TTL)
• Generated short ID — Purpose: Mapping to original URL — Storage duration: 7 days (automatic deletion via TTL)
• IP address — Purpose: Rate limiting — Storage duration: only during the request, no permanent storage

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in providing the service).

Cookies and tracking: gots.de uses no cookies, no local storage and no tracking tools. No user tracking takes place whatsoever.

9. Quiz Platform (quiz.gots.de)

The quiz platform at quiz.gots.de allows participation in cloud knowledge quizzes without registration or provision of personal data.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in providing the service).

Cookies and tracking: quiz.gots.de uses no cookies and no tracking tools.

10. Training Platform (aws-cloud.training)

10.1 Quiz Participation

When participating in a quiz via aws-cloud.training, the following data is collected and processed:

• The player name (pseudonym) you choose
• Your answers to the quiz questions
• Your score and response times
• The session code used to join the quiz

This data is used exclusively for conducting the quiz game and displaying the leaderboard. The data is stored on the server after the quiz session ends and can be deleted by the administrator. You are not required to use your real name as a player name.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in conducting the training offering).

10.2 Admin Area

Access to the administration area requires login with a username and password. Session cookies are set for authentication purposes. These cookies are protected with the HttpOnly, Secure and SameSite flags and are deleted when the session expires.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the secure management of the platform). These technically necessary cookies are exempt from the consent requirement pursuant to § 25 TDDDG.

10.3 Cookies

aws-cloud.training uses only technically necessary cookies for authentication in the admin area. No tracking cookies or third-party cookies are used. Session cookies are automatically deleted when the browser is closed or when the session duration expires.

11. Local Browser Storage (Session Storage)

Our contact form on leadnet.de uses the session storage function of your browser to store a CSRF token (protection against cross-site request forgery) and a counter for rate limiting. This data is stored exclusively locally in your browser, is not transmitted to our server, and is automatically deleted when you close the browser tab.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the security of the website). This technically necessary storage is exempt from the consent requirement pursuant to § 25 TDDDG (formerly TTDSG).

12. Email Contact

If you contact us by email, your details including the contact data you provide will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. This data will not be passed on without your consent.

Email processing: For email communication, we use Microsoft 365 (Exchange Online) from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Email data is stored and processed exclusively in the European Union (EU/EFTA). A data processing agreement (Data Processing Addendum) with Microsoft is part of the terms of use.

Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest in responding to your enquiry).

13. Your Rights as a Data Subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

• Right of access (Art. 15 GDPR): You may request information about whether and which personal data we process about you.
• Right to rectification (Art. 16 GDPR): You have the right to request the rectification of inaccurate data or the completion of incomplete data.
• Right to erasure (Art. 17 GDPR): You may request the erasure of your personal data, provided no statutory retention obligations apply.
• Right to restriction of processing (Art. 18 GDPR): Under certain conditions, you have the right to request the restriction of the processing of your data.
• Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.
• Right to object (Art. 21 GDPR): You may object at any time to the processing of your personal data, insofar as the processing is based on Art. 6 (1) (e) or (f) GDPR.
• Right to withdraw consent (Art. 7 (3) GDPR): You have the right to withdraw consent given at any time with effect for the future.

To exercise your rights, please contact: datenschutz@leadnet.de

14. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

The supervisory authority responsible for us is:

Die Landesbeauftragte für den Datenschutz Niedersachsen
(State Commissioner for Data Protection of Lower Saxony)
Prinzenstraße 5
30159 Hannover
Phone: +49 511 120-4500
Email: poststelle@lfd.niedersachsen.de
Website: www.lfd.niedersachsen.de

15. No Disclosure to Third Parties

Your personal data will not be transmitted to third parties for purposes other than those listed below. We will only share your personal data with third parties if:

• You have given your express consent (Art. 6 (1) (a) GDPR),
• Disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data (Art. 6 (1) (f) GDPR),
• There is a legal obligation for disclosure (Art. 6 (1) (c) GDPR),
• This is legally permissible and necessary pursuant to Art. 6 (1) (b) GDPR for the performance of contractual relationships with you.

16. External Links

Our website may contain links to external websites. We have no influence on the compliance of their operators with data protection regulations. Please inform yourself about their privacy practices on the respective websites.

17. Changes to this Privacy Policy

We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will apply to your next visit.