Privacy Policy

Last Updated: 24.03.2025

1. Introduction

CausalCampus (“we,” “us,” or “our”) operates https://causalcampus.com (the “Platform”), a service designed to help users understand their mental load, cognitive biases, and decision-making patterns. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and German data protection laws (e.g., BDSG).

By using the Platform, you agree to the collection and use of your data as described in this policy. We may update this policy periodically; changes will be reflected on this page.

2. Data We Collect

When you use CausalCampus, we may collect different types of data to improve our services and provide personalized insights.

2.1 Personal Data

We collect personal data that you voluntarily provide when using our Platform, including:

• Email address (for account creation and communication).
• Age and demographic details (optional, used for research and personalized insights).
• Responses to mental load assessments and cognitive bias tests (used to generate insights).

2.2 Technical Data

To enhance user experience and security, we collect technical data, including:

• IP address and general location (for security and analytics).
• Device type, operating system, and browser information (to optimize platform functionality).
• Usage patterns, such as pages visited, time spent on content, and interaction with features.

2.3 Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience:

• Functional cookies – Remember your preferences and settings.
• Analytics cookies – Help us analyze usage trends and improve services.

Users can manage cookie preferences through their browser settings.

3. How We Use Your Data

We process your data for the following purposes:

3.1 Providing and Personalizing Services

• To deliver and customize the mental load assessment tool and cognitive bias insights.
• To analyze your responses and provide personalized feedback.

3.2 Improving Platform Functionality

• To track user behavior and enhance Platform performance.
• To develop new features and improve user experience based on analytics.

3.3 Communication & Marketing (With Consent)

• To send important updates about the Platform.
• To share educational content and mental load management strategies.
• To send promotional materials if the user has opted in (users can withdraw consent at any time).

3.4 Legal Compliance & Security

• To comply with legal obligations (e.g., tax, audit, or regulatory requirements).
• To protect against fraud, unauthorized access, or violations of these Terms.

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on the following legal grounds:

4.1 Consent

We process data based on your explicit consent when:

• Sending newsletters, educational content, or marketing emails.
• Using non-essential cookies for analytics or personalization.

You may withdraw consent at any time through your account settings or by contacting us.

4.2 Contractual Necessity

We process your data when it is necessary to fulfill a contract, such as, including but not limited to delivering mental load assessment results, cognitive bias insights and providing account-related services, such as login access.

4.3 Legitimate Interests

We process data for legitimate business interests, including:

• Analytics to understand user behavior and improve the Platform.
• Security measures to prevent fraud and unauthorized access.
• Service enhancements to develop new features and optimize functionality.

Users can object to processing based on legitimate interests if their rights override our interests.

4.4 Legal Obligations

We may retain and process certain data to comply with legal requirements, such as, including but not limited to tax, accounting, audit regulations and regulatory compliance with data protection laws.

5. Data Sharing & Third Parties

5.1 Service Providers

To maintain and improve our services, we share data with GDPR-compliant service providers, such as hosting platforms, analytics tools, and security services. These third parties process data under Data Processing Agreements (DPAs) to ensure compliance with data protection regulations.

5.2 Legal Requirements

We may disclose user data if required by German or EU law, such as in response to legal investigations, regulatory requirements, or court orders. Any such disclosure will be made in accordance with applicable data protection laws.

5.3 No Sale of Data

CausalCampus does not sell, rent, or lease user data to third parties for marketing, advertising, or commercial purposes. User information is only shared as necessary to operate the Platform securely and effectively.

6. International Data Transfers

CausalCampus may transfer and process user data in countries outside the European Union (EU) or European Economic Area (EEA), including locations where our cloud storage providers and service partners operate.

To ensure compliance with GDPR and protect your data, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission or rely on adequacy decisions for countries deemed to offer an equivalent level of data protection.

If required, we take additional measures to enhance data security and privacy when transferring data internationally. Users can contact us for further details on specific safeguards in place.

7. Data Retention

CausalCampus retains user data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal requirements, and ensure service integrity.

7.1 Account Data

Personal data associated with user accounts is retained until the account is deleted. Users may delete their accounts at any time through the Platform settings or by contacting us. Once deleted, data will be removed in accordance with our retention policy.

7.2 Test Responses

Responses to mental load assessments and cognitive bias tests are stored for up to two years. After this period, data is anonymized unless users have given explicit consent for it to be retained for research purposes.

7.3 Legal & Regulatory Compliance

Certain data may be retained for longer periods when required by German law, such as tax or financial records, which must be kept for up to 10 years. After the retention period expires, data is securely deleted or anonymized to prevent identification.

As a data subject, you have several rights under the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and German data protection laws (BDSG). CausalCampus is committed to upholding these rights and ensuring transparency in data processing.

8. Your Rights under GDPR

8.1 Right to Access (Article 15 GDPR)

You have the right to request a copy of the personal data we hold about you, along with details on how it is processed. We will provide this information in a structured, machine-readable format.

8.2 Right to Rectification (Article 16 GDPR)

If your personal data is inaccurate or incomplete (e.g., email address, test responses), you may request correction through your account settings or by contacting us.

8.3 Right to Erasure (“Right to Be Forgotten”) (Article 17 GDPR)

You may request the deletion of your data if:

• It is no longer necessary for the purposes it was collected.
  
• You withdraw consent and no other legal basis applies.
  
• The data was unlawfully processed.

Exceptions: We may retain certain data if required by law, such as tax records.

8.4 Right to Restrict Processing (Article 18 GDPR)

You may request that we temporarily stop processing your data if:

• You contest its accuracy.
  
• You object to processing while we assess legitimate interest claims.

During this restriction period, we may store your data but not process it further without your consent.

8.5 Right to Data Portability (Article 20 GDPR)

You have the right to request a copy of your data in a portable format (e.g., CSV) for transfer to another service. This applies to data processed based on consent or contractual necessity.

8.6 Right to Object (Article 21 GDPR)

If we process your data based on legitimate interests (e.g., analytics, marketing), you may object at any time. We will stop processing unless we demonstrate compelling legitimate grounds that override your rights.

8.7 Right to Withdraw Consent (Article 7(3) GDPR)

If you have given consent for processing (e.g., for newsletters), you may withdraw it at any time through your account settings or by contacting us. Withdrawal does not affect the lawfulness of prior processing.

8.8 Right to Lodge a Complaint (Article 77 GDPR)

If you believe we have violated GDPR or BDSG, you may file a complaint with:

• Our Data Protection Officer (DPO) at contact@causalcampus.com.
  
• The German Federal Commissioner for Data Protection and Freedom of Information (BfDI).

8.9 How to Exercise These Rights

To exercise your rights, contact us at contact@causalcampus.com. We will respond within 30 days and may require identity verification to prevent fraud.

9. Cookies Policy

9.1 Purpose of Cookies

CausalCampus uses cookies to enhance Platform functionality, improve user experience, and analyze usage patterns. Cookies help us optimize test experiences, remember user preferences, and gather anonymized analytics data.

9.2 Types of Cookies We Use

• Essential Cookies: Required for basic Platform functionality (e.g., login, security).
• Functional Cookies: Store user preferences (e.g., language settings).
• Analytics Cookies: Help us track user behavior to improve services (e.g., time spent on pages, test completion rates).

9.3 Third-Party Cookies

We use third-party services like Google Analytics to collect anonymized data for insights into how users interact with the Platform. These third-party cookies do not store personally identifiable information.

9.4 Controlling Cookies

You can adjust cookie settings via:

• Your browser settings (blocking or deleting cookies).
• Our cookie consent banner, which allows you to manage cookie preferences upon visiting the site.

Disabling certain cookies may affect Platform functionality.

10. Automated Decision-Making & Profiling

10.1 How We Use Automated Processing

CausalCampus’s mental load assessment tool provides personalized insights based on your responses. This involves limited automated processing, such as analyzing patterns in cognitive biases to generate tailored recommendations. However, no fully automated decisions are made that have a significant legal or similar effect on users.

10.2 Your Rights Under GDPR (Article 22)

As a user, you have the right to:

• Request Human Intervention: If you believe an automated decision has impacted you unfairly, you may request a human review.
• Contest Algorithmic Results: You may challenge automated insights and ask for clarification.
• Express Your Viewpoint: You have the right to provide feedback on automated decisions affecting you.

To exercise these rights, contact us at contact@causalcampus.com.

11. Children’s Privacy

11.1 Age Restriction

CausalCampus’s services are not intended for individuals under the age of 16. We do not knowingly collect or process personal data from children under this age.

11.2 Data Deletion

If we discover that we have collected data from a user under 16, we will delete it immediately.

11.3 Parental Requests

Parents or guardians who believe their child has provided personal data may contact us at contact@causalcampus.com to request data deletion or further assistance.

12. Security Measures

12.1 How We Protect Your Data

CausalCampus implements industry-standard security measures to safeguard your personal data against unauthorized access, loss, or misuse. These measures include:

• Encryption: All data transfers are secured using SSL/TLS encryption to protect information in transit.
• Access Controls: Only authorized personnel have access to user data, following the principle of least privilege.
• Regular Security Audits: We conduct periodic security assessments to identify and address vulnerabilities.
• Data Minimization: We collect only the necessary data and anonymize or pseudonymize it where possible.
• Staff Training: Our employees receive ongoing security training to ensure compliance with best practices and data protection regulations.

12.2 No Absolute Security Guarantee

While we take all reasonable precautions, no system is 100% secure. In the event of a data breach, we will notify affected users and relevant authorities as required under GDPR Article 33.

For security-related inquiries, contact us at contact@causalcampus.com.

13. Data Protection Officer (DPO)

Our DPO oversees GDPR compliance:
Name: Dr. Nina Weber
Email: contact@causalcampus.com
Address: Lepsiusstr. 14, 12163 Berlin, Germany

14. Data Breach Notification

14.1 Our Obligation to Notify

In the event of a personal data breach that poses a risk to your rights and freedoms (e.g., unauthorized access to test results or personal data), CausalCampus will take the following steps:

• Regulatory Notification: We will report the breach to the German Data Protection Authority (BfDI) within 72 hours, as required under GDPR Article 33.
• User Notification: If the breach is likely to result in a high risk to your privacy (e.g., identity theft, financial loss), we will promptly inform affected users via email or a Platform notification, in compliance with GDPR Article 34.

14.2 What Information We Will Provide

Our notification will include:

• A summary of the breach (what happened and when).
• The type of data affected (e.g., personal details, test responses).
• Any potential risks and recommended actions for users (e.g., changing passwords).
• The measures taken to mitigate the issue and prevent future incidents.

For any concerns related to data security, you can contact contact@causalcampus.com.

15. Updates to This Policy

15.1 Notification of Changes

We may update this Privacy Policy from time to time. If there are significant changes affecting how we process your personal data, we will notify you via email or Platform alerts before the changes take effect.

15.2 Minor Updates

Minor updates, such as clarifications or typographical corrections, will be reflected in the policy without direct user notification. The “Last Updated” date at the top of this page will indicate when the most recent changes were made.

15.3 Reviewing Updates

We encourage users to periodically review this policy to stay informed about how we protect their data.

16. Governing Law

16.1 Applicable Laws

This Privacy Policy is governed by German law and the General Data Protection Regulation (GDPR).

16.2 Dispute Resolution

Any disputes related to this policy will be resolved in the courts of Berlin, Germany, unless mandatory consumer protection laws provide otherwise.

16.3 Alternative Dispute Resolution

Before pursuing legal action, we encourage users to contact us first at contact@causalcampus.com to seek an amicable resolution.

17. Contact & Complaints

For questions or complaints:
Email: contact@causalcampus.com
Address: Lepsiusstr. 14, 12163 Berlin, Germany

You may also lodge complaints with the German Data Protection Authority (BfDI).