Privacy Policy

We take the protection of your personal data very seriously. This privacy policy informs you about the nature, scope and purpose of the processing of personal data on our platform eucodex.com.

1. Data Controller

CREATIVELIBRE OÜ, Pudisoo küla, Männimäe, 74626 Kuusalu vald, Harju maakond, Estonia. Email: kontakt@eucodex.com

2. Hosting

This platform is hosted on a server in the EU. When accessing the site, server log files are automatically recorded (IP address, browser type, access time, page accessed). This data is technically necessary for operation and is not merged with other data sources. Legal basis: Art. 6(1)(f) GDPR.

3. User Account & Course Data

When registering, we collect your name, email address and password. During course usage, we store your learning progress, test results and certificate data. This data is required for contract performance (Art. 6(1)(b) GDPR). Passwords are stored exclusively as bcrypt hashes.

4. Email Communication

For sending emails (invitations, password reset), we use the service Resend (Resend, Inc., USA). Your email address is transmitted to Resend. Resend processes data in accordance with the EU-U.S. Data Privacy Framework. Legal basis: Art. 6(1)(b) GDPR (contract performance).

5. Cookies

This platform uses strictly necessary cookies for authentication (NextAuth session token) and language selection (next-intl). These are permitted without consent under § 25(2) No. 2 TTDSG and Art. 6(1)(f) GDPR, as they are strictly necessary to provide the service you have explicitly requested. Audience measurement (Matomo, Statistics category): We use the open-source software Matomo (matomo.samsrv.site, operated by CREATIVELIBRE OÜ on its own server within the EU) to collect anonymous usage statistics (e.g. pages visited, time on page, source of visit, browser and device class). Matomo stores a first-party cookie and a pseudonym identifier in your browser. IP addresses are anonymised by Matomo before storage (last two octets truncated). No transfer to third parties takes place; the data remains on our EU server. Legal basis is your consent under Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG. Matomo is loaded only if you have actively accepted the "Statistics" category in the cookie banner. Consent management: You can choose between three categories: Essential (always on), Statistics (Matomo) and Marketing (currently no active services; prepared for future Mollie conversion tracking). Your choice is stored exclusively locally in your browser under the key "eucodex.consent.v1" in localStorage; no personal data is transmitted to us. You can change or withdraw your consent at any time with effect for the future via the "Cookie settings" link in the footer. Upon withdrawal, related cookies are deleted and corresponding scripts are no longer loaded.

6. Payment Processing

For payment processing we use the payment service provider Mollie (Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands). When you place an order, the data required to process the payment (name, email address, billing address, VAT ID if applicable, selected product, payment amount) and your selected payment-method details are transmitted to Mollie. Bank account and credit card details are processed exclusively by Mollie; we do not receive them. As a licensed payment service provider under PSD2, Mollie is itself a controller for the data collected to execute the payment and is supervised by the Dutch Central Bank (De Nederlandsche Bank, DNB). Legal basis is Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(c) GDPR (statutory obligations under payment services law). The contracting party and invoicing entity remains CREATIVELIBRE OÜ. Further information on Mollie's data processing: https://www.mollie.com/privacy

7. Contact Form

When you send a message via the contact form (eucodex.com/kontakt), the data you provide (name, email address, optionally company, message text) is processed to handle your enquiry and forwarded to our marketing automation platform Mautic, operated by CREATIVELIBRE OÜ on its own server within the EU. To protect against automated enquiries we use the open-source bot protection Altcha (proof-of-work); no personal data is processed in this step. Legal basis: Art. 6(1)(b) and (f) GDPR (pre-contractual measures / legitimate interest in handling your enquiry).

8. Processors & Third-Party Services

To deliver the platform's services we use the following service providers, with whom data processing agreements or the EU Standard Contractual Clauses have been concluded as appropriate: • Hosting & infrastructure: CREATIVELIBRE OÜ-owned servers in a data centre within the EU. • Email delivery: Resend, Inc., USA (transfer under the EU-U.S. Data Privacy Framework). • Payment processing: Mollie B.V., Netherlands (separate controller under PSD2; see section 6). • Marketing automation / contact enquiries: Mautic, operated by CREATIVELIBRE OÜ on its own server within the EU. • Audience measurement: Matomo (open-source software), operated by CREATIVELIBRE OÜ on its own server within the EU; only after consent to the "Statistics" category (see section 5). • Affiliate click attribution: go2.onl (affiliate tracker), operated by CREATIVELIBRE OÜ on its own server within the EU. When a page is opened with the URL parameter ?ref=, a counting impulse (affiliate code, optional UTM parameters, referrer URL) is sent to go2.onl in order to measure the effectiveness of marketing channels. IP addresses are hashed before storage. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the evaluation of marketing channels). • Bot protection: Altcha (open-source library executed locally on our server; no data transfer to third parties). No further disclosure of your data to third parties takes place unless we are legally required to do so.

9. Retention Periods

We store your personal data only for as long as necessary for the respective processing purposes or as required by law: • User account & learning progress: until the account is deleted by the user. • Certificates of participation: up to ten (10) years from issuance, to ensure the public verifiability of the certificate. • Contact enquiries: up to six (6) months after the enquiry has been handled. • Invoicing and tax data: seven (7) years pursuant to the Estonian Accounting Act (Raamatupidamise seadus). • Server log files: up to fourteen (14) days.

10. Your Rights

You have the right to access, rectification, erasure and restriction of processing of your personal data. You also have the right to object and the right to data portability. To exercise your rights, contact: kontakt@eucodex.com. You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority for CREATIVELIBRE OÜ is the Estonian Data Protection Inspectorate, Andmekaitse Inspektsioon (Tatari 39, 10134 Tallinn, Estonia; https://www.aki.ee). You may alternatively contact the supervisory authority of your habitual residence in the EU.

11. Changes

We reserve the right to adapt this privacy policy to comply with current legal requirements at all times. The current version is available at eucodex.com/datenschutz.