Privacy Policy
November 12, 2019 2026-04-29 16:26Privacy Policy
Last updated: April 29, 2026
1. Introduction
Welcome to sysadmin.courses (“we”, “our”, “us”). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Lithuanian data protection laws.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have regarding your data.
2. Data Controller
The data controller responsible for your personal data is:
sysadmin.courses Contact email: [email protected] Website: https://sysadmin.courses
3. What Data We Collect
3.1 Account and Registration Data
- Full name
- Email address
- Username and encrypted password
- Preferred interface language
3.2 Purchase and Payment Data
When placing an order, we collect: name, billing address, shipping address (used to estimate costs before the order is placed), email address, phone number, and payment details. We do not store full card numbers — payments are processed by third-party providers. We also store order history, purchased courses, and your course reviews and comments.
3.3 Learning Activity Data
- Course progress and completion status
- Quiz results and scores
- Time spent on course materials
3.4 Recently Viewed Data
We store information about courses you have recently viewed so you can easily return to them.
3.5 Technical Data
- IP address (used for security, tax calculation, and cost estimation)
- Browser type and version (user-agent)
- Device type and operating system
- Pages visited and clickstream data
- Cookies and session identifiers
3.6 Comment Data
When you leave a comment on the site, we collect the data in the comment form, as well as your IP address and browser user-agent string for spam detection purposes. An anonymized string created from your email address (a “hash”) may be provided to the Gravatar service to check whether you use it. After approval, your profile picture is visible publicly next to your comment. Gravatar’s privacy policy: https://automattic.com/privacy/
3.7 Media Files
If you are a registered user and upload images to the site, avoid uploading images with embedded EXIF metadata, as they may contain GPS location data. Visitors can extract this information by downloading the images.
3.8 Communication Data
- Messages sent to our support email
- Email communication history (transactional emails)
4. Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Account creation and course delivery | Performance of a contract (Art. 6(1)(b) GDPR) |
| Payment processing | Performance of a contract (Art. 6(1)(b) GDPR) |
| Sending transactional emails | Performance of a contract (Art. 6(1)(b) GDPR) |
| Security monitoring and fraud prevention | Legitimate interests (Art. 6(1)(f) GDPR) |
| Analytics and site improvement | Legitimate interests (Art. 6(1)(f) GDPR) |
| Marketing emails (if opted in) | Consent (Art. 6(1)(a) GDPR) |
| Legal compliance | Legal obligation (Art. 6(1)(c) GDPR) |
5. How We Use Your Data
We use your personal data to:
- Create and manage your user account
- Deliver purchased courses and track your learning progress
- Process payments, issue invoices, and prevent fraud
- Send order confirmations and course-related notifications
- Auto-fill checkout forms for repeat purchases
- Provide customer support and process refunds
- Determine interface language and currency
- Ensure the security of our platform and prevent abuse
- Improve our website and course content
- Comply with legal and accounting obligations
- Send marketing messages (only with your consent)
6. Embedded Content from Other Websites
Content on this site may include embedded content (e.g. videos, images, articles). Embedded content from other sites behaves in exactly the same way as if the visitor had visited that other site directly. These sites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction if you have an account and are logged in to that site.
7. Third-Party Service Providers
We share your data with trusted third parties only to the extent necessary to operate our platform:
| Service | Purpose | Data Shared |
|---|---|---|
| Brevo (Sendinblue) | Transactional email delivery | Email address, name |
| Cloudflare | CDN, DDoS protection, security | IP address, request data |
| Hetzner Online GmbH | VPS hosting | All data stored on server |
| Payment processor | Secure payment handling | Billing details, order total |
| Gravatar (Automattic) | Comment avatars | Email address hash |
| Spam detection service | Automated comment checking | Comment text, IP address |
| WPML | Multilingual content and multicurrency | Language preferences, basket data |
| WPML Advanced Translation Editor | Translation management | Email and name of translation managers and assigned translators, all content strings |
Note on WPML: The WPML plugin uses cookies to identify the visitor’s current language, last visited language, and the language of logged-in users. When using multicurrency features, WPML also uses cookies to retain basket data when switching between languages and domains, to identify the language and currency of each customer’s order, and to extend WooCommerce reports with currency information. The WPML Translation Management plugin sends the email address and name of each translation manager and assigned translator, as well as the content itself and all site strings, to the Advanced Translation Editor and selected translation services. During maintenance, WPML may share technical site data via its Installer — no personal user data is transmitted.
All third-party providers are contractually required to process your data only as instructed by us and in accordance with GDPR.
Additionally: if you request a password reset, your IP address will be included in the password reset email.
8. Team Access to Data
Members of our team have access to information you provide us. Administrators have access to:
- Order details: names of purchased courses, purchase time, billing address
- Customer details: name, email address, payment details, and contact information
This access is necessary to fulfil orders, process refunds, and provide support.
9. International Data Transfers
Our hosting infrastructure is located within the European Economic Area (EEA). If any data is transferred outside the EEA (e.g. through third-party service providers), we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs).
10. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | While account is active + 3 years after deletion |
| Purchase and invoice data | 10 years (Lithuanian accounting law) |
| Course progress data | While account is active |
| Comments and their metadata | Indefinitely (to enable automatic approval of follow-up comments) |
| Security logs | 90 days |
| Support communications | 2 years |
After the applicable retention period, data is securely deleted or anonymized.
11. Cookies
We use the following cookies:
WordPress functional cookies:
- When leaving a comment — name, email, and website are saved in a cookie for 1 year for convenience on future comments
- On login — a temporary technical cookie is set to check browser cookie support (deleted on browser close, contains no personal data)
- Login cookies are stored for 2 days; screen preference cookies for 1 year
- If you select “Remember Me”, login data is retained for 2 weeks; on logout, login cookies are deleted
- When editing or publishing content, an additional cookie is set containing only the post ID — expires after 1 day
WPML cookies:
- Current visitor language
- Last visited language
- Language of the logged-in user
- When using multicurrency — basket data and order currency when switching between languages and domains
WooCommerce cookies:
- Cart contents during the current session
Analytics cookies:
- Help us understand how visitors use the site (anonymized where possible)
You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent some features from working correctly.
12. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of access — Request a copy of the personal data we hold about you, including a data export file
- Right to rectification — Request correction of inaccurate or incomplete data; account holders can edit their profile data at any time
- Right to erasure — Request deletion of your personal data (“right to be forgotten”); this does not include data we are required to retain by law or for security purposes
- Right to restriction — Request that we limit processing of your data
- Right to data portability — Receive your data in a structured, machine-readable format
- Right to object — Object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent — Where processing is based on consent, withdraw it at any time
- Right to lodge a complaint — File a complaint with your national supervisory authority
To exercise any of these rights, contact us at: [email protected]
We will respond within 30 days of receiving your request.
13. Data Security
We implement appropriate technical and organizational security measures to protect your personal data:
- Encrypted data transmission (HTTPS/TLS)
- Web Application Firewall (WAF) and DDoS protection via Cloudflare
- Firewall rules and intrusion detection on our server
- Encrypted passwords (bcrypt hashing)
- Regular automated server backups
- Restricted access to production systems
Despite our best efforts, no system is completely secure. If you suspect a security issue, please contact us immediately at [email protected].
14. Privacy of Minors
Our platform is accessible to users aged 12 and above. For users between the ages of 12 and 15 (inclusive), the consent of a parent or legal guardian is required for registration and the processing of personal data, in accordance with Article 8 of the GDPR.
By registering an account for a child or permitting a child to register independently, the parent or legal guardian confirms their consent to this Privacy Policy.
We do not knowingly collect personal data from children under the age of 12. If you believe a child under 12 has provided us with their data, please contact us and we will delete it immediately.
15. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify registered users by email. The “Last updated” date at the top of this page reflects the most recent revision.
Continued use of our platform after changes take effect constitutes acceptance of the revised policy.
16. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data:
📧 [email protected] 🌐 https://sysadmin.courses
