Privacy Policy

Privacy Policy

Introduction

We are very delighted that you have shown interest in Data Crossroads Academy (“we,” “us,” or “our”).
The protection of personal data is of particular importance to us.

The use of the Data Crossroads Academy website is generally possible without providing personal data. However, where you wish to use specific services—such as registering for courses or memberships, subscribing to newsletters, downloading gated content, completing surveys, or participating in events—the processing of personal data becomes necessary.

Personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Dutch and EU data protection laws.
Although our services are accessible worldwide, our data protection practices are governed by EU regulations.

If you choose not to provide certain personal data, you may still browse public areas of the website, but you may not be able to access certain features, services, or content that require registration.

Definitions

This Privacy Policy is based on the terminology used in the GDPR. For clarity, the following definitions apply:

a) Personal data

Any information relating to an identified or identifiable natural person (“data subject”), such as name, email address, IP address, or online identifier. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data subject

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

c) Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Data Crossroads Academy does not perform profiling with legal or similarly significant effects.

f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

j) Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller Information

Controller under GDPR:
Data Crossroads
Rondeel 32
1083 ME Amsterdam
The Netherlands

Email: academy@datacrossroads.nl
Website: https://www.datacrossroads.nl

We are not required to appoint a Data Protection Officer under Article 37 GDPR.

Scope of This Policy

This Privacy Policy applies to:

  • Visitors to the Data Crossroads Academy website
  • Registered users and students
  • Members and subscribers
  • Newsletter subscribers
  • Event participants
  • Users completing surveys or downloading content

It does not apply to third-party websites linked from our site.

Viewing Website Content Without Registration

You may browse public website content without registration.
Registration is required to:

  • Enroll in courses or bundles
  • Access memberships
  • Receive certificates
  • Subscribe to newsletters
  • Download gated content
  • Participate in surveys or forms requiring feedback delivery

Collection of General Data and Information (Server Logs)

When accessing our website, general data and information are automatically collected and stored in server log files. These may include:

  • Browser type and version
  • Operating system
  • Referrer URL
  • Sub-pages accessed
  • Date and time of access
  • IP address
  • Internet service provider

This data is processed for:

  • Correct delivery and optimization of website content
  • Ensuring system security and stability
  • Preventing misuse and investigating cyber-attacks

No conclusions are drawn about individual users. Server log data is stored separately from other personal data.

Registration, Accounts, Courses, Memberships, and Certificates

Registration on Our Website

You have the possibility to register on our website by providing personal data such as your name, email address, and billing address.
The personal data transmitted to us is determined by the respective input forms used during registration.

The personal data entered by you is collected and stored exclusively for internal use by the controller and for the purposes described in this Privacy Policy.

When registering, we also store:

  • the IP address assigned by your Internet service provider (ISP), and
  • the date and time of registration.

The storage of this data is necessary to prevent misuse of our services, ensure platform security, and, where required, investigate unlawful activities. These data are not transferred to third parties unless required by law or for criminal prosecution or legal defense.

Registered users may review, update, or request deletion of their personal data at any time, subject to statutory retention obligations.

Courses, Memberships, and Certificates

Personal data is processed to:

  • Create and manage user accounts
  • Grant access to courses, bundles, and memberships
  • Track participation and completion
  • Issue certificates

Certificates issued by Data Crossroads Academy:

  • confirm participation or completion only,
  • are not formally accredited,
  • do not replace professional consulting services,
    as further described in the Terms & Conditions

Newsletters, Free Content, and Communications

Users may subscribe to newsletters or download free materials by providing an email address.

  • Newsletter subscriptions use a double opt-in process
  • IP address, date, and time of subscription are stored for legal verification
  • You may unsubscribe at any time via links in emails

Transactional and service-related emails (e.g., account access, course availability, membership status, certificates) are sent regardless of marketing preferences and cannot be unsubscribed from.

Contact Forms, Surveys, and Questionnaires

When contacting us via forms or email, personal data is processed solely to respond to your inquiry.

Surveys and questionnaires may be offered:

  • Participation may be anonymous unless stated otherwise
  • If results are requested by email, newsletter consent rules apply
  • Responses may be aggregated or anonymized for analysis

Blog Comments and Community Features

Where blog comments or similar features are enabled:

  • Comments and chosen pseudonyms may be publicly visible
  • IP addresses are stored for security and legal protection
  • Unlawful or inappropriate content may be removed

Purposes of Processing

Personal data is processed to:

  • Deliver educational services and digital products
  • Manage accounts, courses, and memberships
  • Issue certificates
  • Communicate about services, updates, and events
  • Improve website performance and user experience
  • Ensure security and prevent misuse
  • Comply with legal and financial obligations

Lawful Bases for Processing (GDPR Article 6)

Processing is based on:

  • Contractual necessity – courses, memberships, certificates
  • Consent – newsletters and optional communications
  • Legal obligation – accounting and tax records
  • Legitimate interest – security, service improvement

Consent may be withdrawn at any time where applicable.

Data Retention

Personal data is retained only as long as necessary:

  • Account data: while the account remains active
  • Course and certificate records: for educational continuity
  • Billing data: according to statutory retention periods
  • Marketing data: until consent is withdrawn

Data is securely deleted or anonymized thereafter.

Data Security

We implement technical and organizational measures including:

  • HTTPS and SSL encryption
  • Restricted system access
  • Secure hosting environments
  • Regular monitoring for vulnerabilities

Absolute security cannot be guaranteed.

Payments and Financial Data

Payments are processed by third-party payment providers.
We do not store full payment card details on our servers.

Third-Party Processors

We may use trusted processors for:

  • Website hosting
  • Learning management systems
  • Email delivery
  • Payment processing
  • Analytics in aggregated or anonymized form

All processors act under GDPR-compliant Data Processing Agreements.

International Data Transfers

Personal data may be processed outside the EU by service providers.
Appropriate safeguards are applied to ensure GDPR-level protection.

Cookies and Similar Technologies

Data Crossroads Academy uses cookies and similar technologies only where strictly necessary for the operation, security, and basic functionality of the website.

The cookies we use fall into the following categories:

  • Essential cookies
    These cookies are required for core website functionality, including secure access, session management, and account authentication. Without these cookies, certain parts of the website (such as logged-in areas, course access, or memberships) cannot function properly.
  • Security and technical cookies
    These cookies help protect the website, prevent misuse, and ensure platform stability.

We do not use cookies for:

  • behavioral advertising,
  • cross-site tracking,
  • retargeting,
  • profiling,
  • or marketing purposes.

Because only essential cookies are used, prior consent is not required under EU law.

You may control or delete cookies at any time through your browser settings. Please note that disabling cookies may affect the functionality of certain features of the website.

Use of Google Analytics

Data Crossroads Academy uses Google Analytics, a web analytics service provided by Google LLC, to understand how visitors use the website and to improve website performance, content, and user experience.

Google Analytics processes information such as:

  • pages visited,
  • time spent on pages,
  • referring websites,
  • approximate geographic location,
  • device, browser, and operating system information.

We use Google Analytics exclusively for statistical and analytical purposes and not for advertising, profiling, or retargeting.

Privacy safeguards applied

To ensure compliance with GDPR and EU data protection requirements:

  • Google Analytics is used with IP anonymization enabled
  • No advertising features (such as Google Signals or Ads integration) are activated
  • Data collected is evaluated in aggregated form only
  • We do not combine Google Analytics data with other personal data
  • Google acts as a data processor under a Data Processing Agreement
Legal basis

The use of Google Analytics is based on our legitimate interest in understanding how our website is used and improving its functionality and content, in accordance with Article 6(1)(f) GDPR.

Where required by applicable law, additional consent mechanisms may be applied.

Data transfers

Google Analytics data may be processed on servers outside the European Union.
Appropriate safeguards, including contractual protections, are applied to ensure an adequate level of data protection.

Opt-out options

You can prevent the collection of data by Google Analytics by:

Automated Decision-Making

We do not use automated decision-making or profiling producing legal or similarly significant effects.

Disclosure of Data and Business Transfers

We do not sell or rent personal data.

Personal data may be disclosed:

  • to processors acting on our behalf,
  • where required by law, or
  • to protect our legal rights or security.

In the event of a merger, acquisition, or transfer of assets, personal data may be transferred as part of that transaction, subject to applicable data protection laws.

Rights of the Data Subject

You have the right to:

  • Access personal data
  • Rectify inaccurate data
  • Request erasure
  • Restrict or object to processing
  • Data portability
  • Withdraw consent

Requests may be sent to: academy@datacrossroads.nl

Supervisory Authority

You may lodge a complaint with:

Autoriteit Persoonsgegevens
https://autoriteitpersoonsgegevens.nl

Data Breaches

If a personal data breach is likely to result in high risk to your rights and freedoms, affected users will be notified without undue delay in accordance with GDPR.

Children’s Data

Our services are not directed at children under 16.
We do not knowingly collect personal data from children.

Links to Third-Party Websites

Our website may contain links to third-party websites or services.
We are not responsible for their privacy practices and encourage you to review their policies.

Changes to This Policy

This Privacy Policy may be updated from time to time.
The current version will always be published on this page.

Last updated: January 2026