Personal data are not obtained when conducting and processing the phishing simulation. 

Therefore, none of the behavioral data (e.g. clicks on links in the simulated phishing emails) are not allocated to personal data but instead assigned randomly generated codes and stored with these codes. The system conducts this anonymization process automatically (privacy by design).