Privacy Policy

Privacy Policy

stock-full-hd-05

Last updated: April 29, 2026

1. Introduction

Welcome to sysadmin.courses (“we”, “our”, “us”). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Lithuanian data protection laws.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have regarding your data.


2. Data Controller

The data controller responsible for your personal data is:

sysadmin.courses Contact email: [email protected] Website: https://sysadmin.courses


3. What Data We Collect

3.1 Account and Registration Data

  • Full name
  • Email address
  • Username and encrypted password
  • Preferred interface language

3.2 Purchase and Payment Data

When placing an order, we collect: name, billing address, shipping address (used to estimate costs before the order is placed), email address, phone number, and payment details. We do not store full card numbers — payments are processed by third-party providers. We also store order history, purchased courses, and your course reviews and comments.

3.3 Learning Activity Data

  • Course progress and completion status
  • Quiz results and scores
  • Time spent on course materials

3.4 Recently Viewed Data

We store information about courses you have recently viewed so you can easily return to them.

3.5 Technical Data

  • IP address (used for security, tax calculation, and cost estimation)
  • Browser type and version (user-agent)
  • Device type and operating system
  • Pages visited and clickstream data
  • Cookies and session identifiers

3.6 Comment Data

When you leave a comment on the site, we collect the data in the comment form, as well as your IP address and browser user-agent string for spam detection purposes. An anonymized string created from your email address (a “hash”) may be provided to the Gravatar service to check whether you use it. After approval, your profile picture is visible publicly next to your comment. Gravatar’s privacy policy: https://automattic.com/privacy/

3.7 Media Files

If you are a registered user and upload images to the site, avoid uploading images with embedded EXIF metadata, as they may contain GPS location data. Visitors can extract this information by downloading the images.

3.8 Communication Data

  • Messages sent to our support email
  • Email communication history (transactional emails)

4. Legal Basis for Processing

PurposeLegal Basis
Account creation and course deliveryPerformance of a contract (Art. 6(1)(b) GDPR)
Payment processingPerformance of a contract (Art. 6(1)(b) GDPR)
Sending transactional emailsPerformance of a contract (Art. 6(1)(b) GDPR)
Security monitoring and fraud preventionLegitimate interests (Art. 6(1)(f) GDPR)
Analytics and site improvementLegitimate interests (Art. 6(1)(f) GDPR)
Marketing emails (if opted in)Consent (Art. 6(1)(a) GDPR)
Legal complianceLegal obligation (Art. 6(1)(c) GDPR)

5. How We Use Your Data

We use your personal data to:

  • Create and manage your user account
  • Deliver purchased courses and track your learning progress
  • Process payments, issue invoices, and prevent fraud
  • Send order confirmations and course-related notifications
  • Auto-fill checkout forms for repeat purchases
  • Provide customer support and process refunds
  • Determine interface language and currency
  • Ensure the security of our platform and prevent abuse
  • Improve our website and course content
  • Comply with legal and accounting obligations
  • Send marketing messages (only with your consent)

6. Embedded Content from Other Websites

Content on this site may include embedded content (e.g. videos, images, articles). Embedded content from other sites behaves in exactly the same way as if the visitor had visited that other site directly. These sites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction if you have an account and are logged in to that site.


7. Third-Party Service Providers

We share your data with trusted third parties only to the extent necessary to operate our platform:

ServicePurposeData Shared
Brevo (Sendinblue)Transactional email deliveryEmail address, name
CloudflareCDN, DDoS protection, securityIP address, request data
Hetzner Online GmbHVPS hostingAll data stored on server
Payment processorSecure payment handlingBilling details, order total
Gravatar (Automattic)Comment avatarsEmail address hash
Spam detection serviceAutomated comment checkingComment text, IP address
WPMLMultilingual content and multicurrencyLanguage preferences, basket data
WPML Advanced Translation EditorTranslation managementEmail and name of translation managers and assigned translators, all content strings

Note on WPML: The WPML plugin uses cookies to identify the visitor’s current language, last visited language, and the language of logged-in users. When using multicurrency features, WPML also uses cookies to retain basket data when switching between languages and domains, to identify the language and currency of each customer’s order, and to extend WooCommerce reports with currency information. The WPML Translation Management plugin sends the email address and name of each translation manager and assigned translator, as well as the content itself and all site strings, to the Advanced Translation Editor and selected translation services. During maintenance, WPML may share technical site data via its Installer — no personal user data is transmitted.

All third-party providers are contractually required to process your data only as instructed by us and in accordance with GDPR.

Additionally: if you request a password reset, your IP address will be included in the password reset email.


8. Team Access to Data

Members of our team have access to information you provide us. Administrators have access to:

  • Order details: names of purchased courses, purchase time, billing address
  • Customer details: name, email address, payment details, and contact information

This access is necessary to fulfil orders, process refunds, and provide support.


9. International Data Transfers

Our hosting infrastructure is located within the European Economic Area (EEA). If any data is transferred outside the EEA (e.g. through third-party service providers), we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs).


10. Data Retention

Data CategoryRetention Period
Account dataWhile account is active + 3 years after deletion
Purchase and invoice data10 years (Lithuanian accounting law)
Course progress dataWhile account is active
Comments and their metadataIndefinitely (to enable automatic approval of follow-up comments)
Security logs90 days
Support communications2 years

After the applicable retention period, data is securely deleted or anonymized.


11. Cookies

We use the following cookies:

WordPress functional cookies:

  • When leaving a comment — name, email, and website are saved in a cookie for 1 year for convenience on future comments
  • On login — a temporary technical cookie is set to check browser cookie support (deleted on browser close, contains no personal data)
  • Login cookies are stored for 2 days; screen preference cookies for 1 year
  • If you select “Remember Me”, login data is retained for 2 weeks; on logout, login cookies are deleted
  • When editing or publishing content, an additional cookie is set containing only the post ID — expires after 1 day

WPML cookies:

  • Current visitor language
  • Last visited language
  • Language of the logged-in user
  • When using multicurrency — basket data and order currency when switching between languages and domains

WooCommerce cookies:

  • Cart contents during the current session

Analytics cookies:

  • Help us understand how visitors use the site (anonymized where possible)

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent some features from working correctly.


12. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access — Request a copy of the personal data we hold about you, including a data export file
  • Right to rectification — Request correction of inaccurate or incomplete data; account holders can edit their profile data at any time
  • Right to erasure — Request deletion of your personal data (“right to be forgotten”); this does not include data we are required to retain by law or for security purposes
  • Right to restriction — Request that we limit processing of your data
  • Right to data portability — Receive your data in a structured, machine-readable format
  • Right to object — Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — Where processing is based on consent, withdraw it at any time
  • Right to lodge a complaint — File a complaint with your national supervisory authority

To exercise any of these rights, contact us at: [email protected]

We will respond within 30 days of receiving your request.


13. Data Security

We implement appropriate technical and organizational security measures to protect your personal data:

  • Encrypted data transmission (HTTPS/TLS)
  • Web Application Firewall (WAF) and DDoS protection via Cloudflare
  • Firewall rules and intrusion detection on our server
  • Encrypted passwords (bcrypt hashing)
  • Regular automated server backups
  • Restricted access to production systems

Despite our best efforts, no system is completely secure. If you suspect a security issue, please contact us immediately at [email protected].


14. Privacy of Minors

Our platform is accessible to users aged 12 and above. For users between the ages of 12 and 15 (inclusive), the consent of a parent or legal guardian is required for registration and the processing of personal data, in accordance with Article 8 of the GDPR.

By registering an account for a child or permitting a child to register independently, the parent or legal guardian confirms their consent to this Privacy Policy.

We do not knowingly collect personal data from children under the age of 12. If you believe a child under 12 has provided us with their data, please contact us and we will delete it immediately.


15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify registered users by email. The “Last updated” date at the top of this page reflects the most recent revision.

Continued use of our platform after changes take effect constitutes acceptance of the revised policy.


16. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

📧 [email protected] 🌐 https://sysadmin.courses