Privacy Policy

1. Who we are and how to contact us

DevOps Academy is an EU cooperation project website. The website is coordinated for communications and web operations by Coding Girls and WomenTech Global Foundation, with all partners jointly determining purposes and means of processing for this website. WomenTech acts as the central contact point for privacy queries and will coordinate with the relevant partner as needed.

Joint Controllers under Article 26 GDPR:
AMARISLUSA, LDA, ECOLE, ODISEE, Coding Girls and WomenTech Global Foundation, bit Schulungscenter GmbH, Premium Research SL.
Central contact for privacy requests: use the contact details in the website footer or the contact form.
Supervisory authority: you may lodge a complaint with your local EU data protection authority.

2. Scope

This policy covers processing of personal data on the DevOps Academy website, including sign-up forms and, in the next phase, the e-learning platform.

3. What data we collect

• Identifiers and contact data: name, email, phone, country, organisation.

• Communications: messages sent via contact forms and emails.

• Newsletter and “Get notified” sign-ups: email address and preferences.

• Usage and device data: IP address, timestamps, pages viewed, referrer, approximate location, user agent, cookie identifiers.

• Cookies and similar technologies: see Section 6 and the Cookie table below.

• Account and learning data (future e-learning): account details, course enrollments, progress, quiz results, certificates, forum posts, support history.
  We do not target or knowingly collect children’s data.

4. How we collect data

• Data you provide via forms, registrations, or emails.

• Data collected automatically through cookies and analytics when you browse the site.

• Data created in the e-learning platform during training delivery in the next phase.

5. Why we process your data and legal bases

• Operate the website and respond to requests. Legal basis: contract or legitimate interests.

• Run newsletters and project updates. Legal basis: consent. You can withdraw consent at any time.

• Measure and improve the site with analytics. Legal basis: consent for non-essential cookies.

• Prepare and deliver training and the e-learning experience. Legal basis: contract, legitimate interests, or consent where applicable.

• Security, fraud prevention, and legal compliance. Legal basis: legitimate interests and legal obligations.

6. Cookies and analytics

We use essential cookies that are necessary for the site to function. We also use Google Analytics 4 to understand website traffic and usage, only with your consent through the cookie banner.

How we configure Google Analytics 4

• IP addresses are not stored.

• Regional data controls, data minimisation, and a limited retention window are enabled.

• Google Signals and Ads features are off unless you consent to marketing cookies.

• We use Consent Mode to respect your choices. If you decline analytics, Analytics will not read or write analytics cookies.

You can change your cookie preferences at any time via the “Cookie settings” link in the footer.

7. Sharing and recipients

We share data only as necessary with:

• Consortium partners listed in Section 1 for dissemination, quality, training delivery, and project reporting.

• Service providers acting as processors, for example: hosting, content delivery, analytics, email delivery, customer support, survey tools, and cloud storage.

• Public authorities when required by law.
  Processors are bound by contracts to implement appropriate security and to act only on our instructions.

8. International transfers

Some providers may process data outside the EEA. Where this occurs, we rely on appropriate safeguards, including adequacy decisions, Standard Contractual Clauses, and complementary measures.

9. Retention

We keep data only as long as needed for the purposes described, or as required by law. Unless stated otherwise:

• Contact and support requests: up to 12 months after closure.

• Newsletter and update lists: until you unsubscribe, or after 24 months of inactivity.

• Analytics data: 14 months from last visit.

• Website logs and security records: up to 12 months.

• Account and learning records: for the duration of participation, then up to 24 months after last activity.

• Certificates: up to 5 years for validation purposes.

10. Security

We apply industry-standard measures, including encryption in transit, access controls, least privilege, periodic reviews, secure development practices in Drupal, backups, and incident response procedures.

11. Your rights

Subject to the GDPR, you may request: access, rectification, erasure, restriction, objection, and data portability. You may withdraw consent at any time where processing is based on consent. You may lodge a complaint with a supervisory authority. To exercise your rights, contact us via the central contact point in Section 1. We will coordinate with the relevant joint controller and respond within one month.

12. Joint controller arrangement

The partners jointly determine purposes and means for the website. WomenTech acts as the single contact point for data subjects for website-related requests and will coordinate responses with the partner responsible for the relevant activity. This does not limit your right to contact any joint controller directly.

13. Children’s data

The services are designed for adults. We do not knowingly collect data from children. If you believe a child has provided personal data, contact us and we will delete it.

14. Updates to this policy

We will update this policy when our services or providers change, for example if we add new analytics or launch the e-learning platform. We will notify you on the website and, where appropriate, by email.

Cookie list for Google Analytics 4

Add this table to your Cookie Policy page. Adjust if your banner vendor uses different names.