This privacy policy explains how we collect, use, and protect your personal data when you visit our website or interact with us. We process your data in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection laws.

The controller responsible for data processing on this website is:

QM Academy – Volker Sameske Volker Sameske, Sole Proprietorship c/o IP-Management #1652 Ludwig-Erhard-Str. 18 20459 Hamburg, Germany Email: info@qm-academy.com

We collect personal data that you actively provide to us. This may include, for example: - Name - Email address - Phone number - Company name and contact details - Job title or role - Information about your company (e.g., size, industry, current challenges) - Responses to questionnaires, assessments, surveys or forms - Content of your message or request - Any other information you voluntarily submit You may provide this data when you: - Use our contact form - Fill out questionnaires, surveys or assessments - Request information or a consultation - Book a meeting - Subscribe to updates or resources - Communicate with us by email, phone or other channels We collect this information only when you choose to provide it to us. 3.2. Automatically collected data When you visit our website, our IT systems automatically collect technical data necessary for the secure operation of the site. This may include: - IP address - Browser type and version - Operating system - Date and time of access - Referrer URL - Pages viewed - Device information - Basic diagnostic or log data We do not use automated decision-making or profiling.

4. Purpose and Legal Basis of Processing 4.1. To respond to contact requests and provide our services We process the data you provide to answer your enquiries, schedule appointments, prepare consultations and deliver our services. Legal basis: - Art. 6 (1) lit. b GDPR (contract initiation or performance) - Art. 6 (1) lit. f GDPR (legitimate interest in effective communication) 4.2. To process questionnaires, assessments and form submissions When you complete questionnaires, assessments or forms, we process this data to analyse your situation and prepare tailored responses or recommendations. Legal basis: - Art. 6 (1) lit. b GDPR - Art. 6 (1) lit. f GDPR 4.3. To send information or emails you request If you explicitly request information, subscribe to updates or download resources, we process your data to send these communications. We may use email or marketing automation tools to manage subscriptions and send relevant content. Legal basis: - Art. 6 (1) lit. a GDPR (consent) - Art. 6 (1) lit. f GDPR (legitimate interest in communicating with business contacts) You may withdraw your consent at any time. 4.4. To ensure website functionality and security Technical data is processed to operate the website securely and efficiently. Legal basis: - Art. 6 (1) lit. f GDPR (legitimate interest in secure website operation)

4.5. To analyse website usage (analytics and pixels) If we use analytics tools or marketing pixels (e.g., for measuring performance or improving content), these services process technical and behavioural data. Such tools may process: - Page views - Interactions - Browser information - IP address - Referrer URL - Conversion events (e.g., form submissions) Where required, we ask for your consent via a cookie banner. Legal basis: - Art. 6 (1) lit. a GDPR (consent) - Art. 6 (1) lit. f GDPR (legitimate interest in improving and marketing our services) 4.6. To operate forms, scheduling tools, and automation systems We may use processors to collect form submissions, schedule appointments, automate workflows or manage communications. These processors may handle the data you provide solely to perform the services requested. If data is transferred outside the EU/EEA, such transfers are protected by legally required safeguards (e.g., Standard Contractual Clauses). Legal basis: - Art. 6 (1) lit. b GDPR - Art. 6 (1) lit. f GDPR (legitimate interest in efficient business processes)

We do not sell or trade your data. We only share data with third parties when necessary for: - Hosting and technical service providers - Secure email communication - Legal compliance obligations All service providers are bound by GDPR-compliant contracts. Data is only transferred outside the EU if adequate safeguards (e.g., EU Standard Contractual Clauses) exist.

We store your personal data only as long as necessary for the purposes mentioned above or as required by law.

Contact requests are deleted when they are no longer needed unless legal retention periods apply.

As a data subject, you have the following rights under the GDPR: - Right of access (Art. 15 GDPR) - Right to rectification (Art. 16 GDPR) - Right to erasure (Art. 17 GDPR) - Right to restriction of processing (Art. 18 GDPR) - Right to data portability (Art. 20 GDPR) - Right to object (Art. 21 GDPR) - Right to withdraw consent at any time (Art. 7 GDPR) - Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

You have the right to lodge a complaint with any data protection supervisory authority, in particular in the EU Member State of your habitual residence, your place of work or the place of the alleged infringement.

We implement technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, alteration or destruction. Please note that data transmission on the internet (e.g., communication by email) may have security gaps.

9. Cookies and Similar Technologies Our website uses cookies and similar technologies. Cookies are small text files stored on your device that help us provide certain functionalities, ensure security, analyse website usage, and—if you consent—measure the effectiveness of our marketing activities. We use the following types of cookies: 9.1. Essential (technical) cookies These cookies are necessary for the basic operation of the website (e.g., security, navigation, form functionality). They cannot be deactivated. Legal basis: - Art. 6 (1) lit. f GDPR (legitimate interest in operating the website) 9.2. Analytics and marketing cookies If you give your consent, we use analytics and/or marketing tools such as tracking pixels to analyse user behaviour, measure conversions, or improve our marketing efforts. These may include technologies such as the Meta Pixel or comparable analytics tools. These tools may collect data such as: - Page views - Interactions - Browser information - IP address - Referrer URL - Conversion events (e.g., form submissions) Legal basis: - Art. 6 (1) lit. a GDPR (consent) You can withdraw your consent at any time via the cookie settings. 9.3. Third-country data transfers If service providers used for analytics or marketing process data outside the EU/EEA (e.g., in the USA), this may involve a transfer of personal data to third countries. Such transfers are based on appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions. 9.4. Cookie banner and consent management Upon your first visit, a cookie banner will ask for your consent to use non-essential cookies. We only activate analytics or marketing tools after you actively provide consent. You may change or revoke your cookie preferences at any time via the cookie settings on this website.

10. Hosting Our website is hosted by OnePage GmbH, a company based in Germany (Frankfurt am Main). When you visit our website, OnePage automatically processes technical data such as IP addresses, browser information, device details, and timestamps in order to provide secure and stable hosting services. OnePage acts as our data processor in accordance with Art. 28 GDPR. A GDPR-compliant Data Processing Agreement (DPA) is in place. As part of the hosting infrastructure, OnePage may use sub-processors that provide server, security or cloud services. If such sub-processors are located outside the EU/EEA, OnePage ensures the required level of data protection through legally recognised safeguards (e.g., Standard Contractual Clauses). The processing of hosting-related technical data takes place based on: - Art. 6 (1) lit. f GDPR (legitimate interest in the secure and efficient operation of our website)

If personal data is transferred outside the EU/EEA, this is done only on the basis of:

- Adequacy decisions, or - Standard Contractual Clauses (SCCs), or - Other legally recognised safeguards.

We may update this privacy policy from time to time to reflect legal, technical or organisational changes. The latest version is always available on this website.

For questions about this privacy policy or to exercise your rights, please contact:

QM Academy – Volker Sameske Email: info@qm-academy.com Address: Ludwig-Erhard-Str. 18, 20459 Hamburg, Germany