DE|EN
Back to home
Legal Information

Privacy Policy

This policy explains what personal data SIDO-SCHOOL LLC collects, why we collect it, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR).

Last updated: 30 April 2026

1. Data Controller

SIDO-SCHOOL LLC

3503 Ocean Drive, Suite A
Vero Beach, FL 32963
United States of America

Email: info@sido-school.com

SIDO-SCHOOL LLC is the controller for the processing of your personal data within the meaning of Art. 4 (7) GDPR. For complete provider information including managers and registration details, see our Imprint.

2. Data We Collect

2.1 Information You Provide Directly

When you book a free consultation or contact us, we collect the data you enter into the booking form — typically your name, email address, phone number (optional), the prospective student's age, the timeframe you're considering, and any message you send us. Submitting the form is voluntary; without this data we cannot reply or schedule a call.

2.2 Chat Widget

If you use the chat widget on our site, the messages you type are sent to our servers and forwarded to Anthropic (see Section 4) to generate a response. Conversation content may include any personal information you choose to include in your messages. We do not require you to identify yourself in the chat. Your messages are processed in real time and are not stored beyond what's needed to answer you, except where short-term logs are kept for security and abuse prevention.

2.3 Information Collected Automatically

When you visit our site, our hosting provider's web server automatically logs technical information needed to deliver the site and protect against abuse:

  • IP address (anonymised or shortened where possible)
  • Date and time of the request
  • Page or resource requested
  • HTTP status code and response size
  • Referring URL (if any)
  • Browser and operating system identifier (user agent)

These access logs are kept for a short period (typically up to 14 days) and are not combined with other data to create user profiles.

2.4 Cookies and Local Storage

Our public site uses only strictly necessary cookies and local-storage entries — for instance to remember your booking-flow state during a session. We do not currently use third-party tracking, advertising, or analytics cookies. See Section 10 for details.

3. Purposes & Legal Basis

We process your personal data only where one of the legal bases listed in Art. 6 (1) GDPR applies:

Pre-contractual measures & performance of contract — Art. 6 (1) (b) GDPR

To respond to your booking request, schedule a consultation, send appointment confirmations, and — if you become a client — to coordinate the program, host-family placement, schools, and visa documentation.

Legitimate interests — Art. 6 (1) (f) GDPR

To deliver and secure our website (server logs, abuse prevention), to operate the chat widget, and to respond to general inquiries that don't yet relate to a contract. Our legitimate interest is the proper, secure operation of our service and effective communication with prospective families.

Consent — Art. 6 (1) (a) GDPR

Where we ask you for consent (for example before processing optional data, or before any future newsletter sign-up), processing is based on that consent and you can withdraw it at any time with effect for the future.

Legal obligation — Art. 6 (1) (c) GDPR

To the extent we are required to retain certain records under tax, commercial, or other applicable laws.

4. Service Providers (Processors)

We use a small number of carefully selected service providers to operate our site. Each acts as a processor on our behalf under Art. 28 GDPR, with a written data processing agreement in place.

netcup GmbH Germany

Role: Hosting of the website, application server, and the PostgreSQL database that stores booking requests and consultation slots.
Address: Daimlerstraße 25, 76185 Karlsruhe, Germany.
Data location: Germany / EU.

Resend (Resend Inc.) USA

Role: Sending transactional emails (booking confirmations to you, internal notifications to our team).
Address: 2261 Market Street #5039, San Francisco, CA 94114, USA.
Data shared: recipient email address, name, message body of the relevant transactional email.

Anthropic (Anthropic, PBC) USA

Role: AI processing for the chat widget. Your messages are forwarded to the Anthropic API to generate replies.
Address: 548 Market St., PMB 90375, San Francisco, CA 94104, USA.
Data shared: the content of your chat messages.
Important: please don't share unnecessary personal information in the chat. The widget is intended for general questions about our programs.

5. International Data Transfers

SIDO-SCHOOL LLC is established in the United States, and two of our processors (Resend, Anthropic) are also based there. Where personal data is transferred to the US or other third countries outside the EU/EEA, the transfer is safeguarded by:

  • The Standard Contractual Clauses (SCCs) issued by the European Commission under Art. 46 (2) GDPR, where the recipient is not certified under an adequacy decision; and / or
  • The EU–US Data Privacy Framework, where the recipient is certified under it.

You can request a copy of the relevant safeguards at any time using the contact details in Section 12.

6. Retention

We keep personal data only as long as necessary for the purpose it was collected for, plus any retention period required by law:

  • Booking inquiries that don't lead to a contract: deleted no later than 12 months after the last contact, unless you ask us to delete them sooner.
  • Booking and program records of clients: kept for the duration of the program plus statutory retention periods (typically up to 10 years for tax-relevant records).
  • Web server logs: typically up to 14 days, then deleted or anonymised.
  • Chat messages: short-term only; not retained beyond what's needed to operate the conversation and prevent abuse.

7. Information About Minors

Our service is offered to parents and legal guardians who are organising a study-abroad experience for their child. We expect the booking and any related communication to come from a parent or guardian, not from a minor directly.

If a minor under 16 (or the higher age set by your local law under Art. 8 GDPR) wants to contact us, please ask a parent or guardian to do so on their behalf, or together with you. If we become aware that we have processed personal data of a minor without the necessary consent of a parent or guardian, we will delete it without undue delay.

Of course we do process data about the prospective student (age, school year, interests) — that data is provided by the parent or guardian as part of arranging the program, and it's used solely to plan and deliver the program.

8. Security

We protect your data with appropriate technical and organisational measures, including TLS encryption for all traffic between your browser and our servers, encrypted database connections, hardened HTTP headers, rate limiting on the public API, role-based access for administrative functions, and regular backups of the database. We restrict access to personal data to staff who need it to perform their work.

9. Your Rights

Under the GDPR, you have the following rights with respect to your personal data:

  • Right of access (Art. 15) — to know what data we hold about you and to obtain a copy.
  • Right to rectification (Art. 16) — to correct inaccurate or incomplete data.
  • Right to erasure (Art. 17) — to have data deleted where the conditions are met.
  • Right to restriction of processing (Art. 18) — to limit how we use your data in certain situations.
  • Right to data portability (Art. 20) — to receive your data in a structured, machine-readable format and have it transmitted to another controller.
  • Right to object (Art. 21) — to object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent (Art. 7 (3)) — at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us using the details in Section 12. We will respond within one month, in line with Art. 12 GDPR.

Right to lodge a complaint

You also have the right to lodge a complaint with a supervisory authority — typically the data-protection authority in the EU member state where you live or work. In Germany, you can find a list of authorities at www.bfdi.bund.de.

10. Cookies

Our public website uses only strictly necessary cookies and local-storage entries:

  • Session-related entries to remember your progress through the booking flow during a visit.
  • Optional preferences (e.g. accepted notices), only if you choose to set them.

We do not currently set marketing, advertising, or third-party analytics cookies. If we add anything that does require consent in the future, we will ask for it through a clear cookie banner before any non-essential cookie is set.

11. Updates to This Policy

We may update this Privacy Policy when our service evolves or when legal requirements change. The current version is always available at this URL, and the "Last updated" date at the top tells you when it was last revised. For material changes that affect you, we will additionally inform you by email where appropriate.

12. Contact

If you have any questions about this policy, want to exercise your rights, or believe your data has been handled improperly, please contact us:

Email:
info@sido-school.com
Postal:
SIDO-SCHOOL LLC
3503 Ocean Drive, Suite A
Vero Beach, FL 32963, USA