Skip to content
0%
Talents for Tech logo
Legal

Privacy & Cookies Policy

  1. Who we are

We are a non-profit organisation based in Lithuania, operating under the brands Women Go Tech and Talents for Tech, and coordinating an AI skills training project (hereinafter referred to as the “Project“) across several Central and Eastern European countries. This privacy policy (hereinafter referred to as the “Privacy Policy”) explains how we use personal data collected through our website and online forms (hereinafter together referred to as the “Website”). 

This Privacy Policy is based on the EU General Data Protection Regulation (GDPR) and applicable Lithuanian legislation, including national rules on accounting and record-keeping.

Controller

The main controller of personal data described in this Privacy Policy is:

VšĮ “Talentai technologijoms“
Registration number: 304925882
Registered office: Mokslininku str. 2A, LT-08412 Vilnius, Lithuania
Public brands: Women Go Tech, Talents For Tech

Contact for privacy matters:
Email:
Our website: www.aitraininghub.eu 

For certain processing activities related to learners and Project participants, we act as joint controllers together with local partner organisations, as explained in the section “Joint controllers and local partners” below.

  1. What personal data we collect, how we use it, and legal bases

The table below shows what we collect, why, and under which GDPR legal basis.

Category of individuals

Types of personal data

Purposes of processing

Legal basis (GDPR)

What happens if you do not provide data?

Website visitors

IP address, device and browser type, operating system, date and time of visit, pages viewed, referring URL, approximate location based on IP, cookie identifiers and other online identifiers, cookie consent records.

To run and display the Website; provide essential functions; maintain IT and data security; prevent abuse and fraud; understand how the Website is used (in aggregate) to improve it; manage cookie settings and record your choices.

Article 6(1)(f) GDPR – legitimate interests in operating a functional, secure, and user-friendly Website and understanding its use, balanced against your rights. 

Article 6(1)(a) GDPR – consent for non-essential / analytics / marketing cookies and similar technologies.

The provision of personal data generated by strictly necessary cookies and technical logs is required for the Website to function securely and correctly. If you disable such data (for example by blocking all cookies), some parts of the Website may not work properly. Non-essential cookies (such as analytics or marketing cookies) are entirely optional and will only be used with your consent.

People who contact us (contact forms, email or other channels)

Name, email address, phone number (if provided), organisation and role (if provided), country, subject and content of your enquiry, attached documents (if any), correspondence history, date and time of our replies.

To respond to your enquiry or request; provide the information or support you ask for; handle complaints; manage relationships with potential and existing learners, partners and other stakeholders.

Article 6(1)(f) GDPR – legitimate interests in responding to enquiries and managing our communications. 

Article 6(1)(b) GDPR – contract or pre-contractual steps where the enquiry relates to participating in training, entering into a partnership or similar arrangements. 

Note: if you do not provide necessary contact details, we may not be able to respond.

Providing at least your email address (or other contact details we request as mandatory in the form) and a description of your enquiry is necessary for us to respond. If you do not provide this information, we will not be able to answer your enquiry.

Training applicants and participants (learners)

Identification and contact data: name, surname, email address, phone number (if applicable), country, city or region. 

Demographic data: age range or year of birth, education level, field of study, years of experience. 

Professional and employment data: job title, sector, current employment status (employed, unemployed, self-employed, student etc.), information about whether your role is exposed to automation or AI-related changes.

Training data: registration date and status, selected programme, preferred language, cohort/group, participation history (logins, attendance), progress and completion records, certificates issued, test or assignment results (where applicable). 

Feedback and impact-measurement data: responses to pre- and post-training surveys, satisfaction scores, self-assessment of AI skills and confidence, perceived impact on employability, information about job or salary changes, recommendation scores, comments and suggestions, testimonials (where you agree to provide them). 

Communication data: emails and messages about registration, onboarding, technical support, content support, reminders and follow-up.

To assess eligibility and prioritise target groups (especially lower-skilled workers and those in AI-exposed roles); register and onboard you into the relevant programme within the Project; provide access to learning content; coordinate training and learner support with local partners; track participation, progress and completion; issue certificates or confirmations; provide learner support and coaching; measure the impact of the programme (for example on skills, confidence and employability); produce aggregated and anonymised statistics for internal analysis and reporting to funding partner in line with our grant agreement; improve the programme design and accessibility.

Article 6(1)(b) GDPR – contract or steps prior to entering into a contract for registering and managing your participation in the training, providing access to learning content, and issuing certificates.

Article 6(1)(f) GDPR – legitimate interests in planning and improving the programme, targeting outreach to relevant groups, and measuring impact using proportionate methods and safeguards. 

Article 6(1)(c) GDPR – legal obligation to meet accounting, audit, tax and other legal requirements where these involve personal data

For some optional questions in surveys (for example, where additional data goes beyond what is strictly necessary), we may rely on Article 6(1)(a) GDPR – consent.

Certain information requested in our application, onboarding and training forms is marked as required because it is needed to assess your eligibility, register you to the Project, provide access to learning content and issue certificates. If you do not provide required information, we will not be able to enrol you in the training or deliver the related services. Other questions (for example some survey questions or additional background information) are optional and non‑response will not affect your participation.

Representatives of partner organisations / sub-grantees

Name, job title, organisation name and type, business contact details (work email, work phone number), country, information about your role and responsibilities in the Project, communications and meeting records, reports you contribute to, and, where relevant, signature on agreements.

To assess and select partner organisations; negotiate and manage sub-grant agreements and other contracts; coordinate Project activities in each country; monitor implementation and performance; collect financial and impact data for reporting to the funding partner; manage risks, breaches and incidents; meet accountability and audit requirements.

Article 6(1)(b) GDPR – contract or pre-contractual steps where we process contact person data in the context of entering into or performing agreements with your organisation. 

Article 6(1)(f) GDPR – legitimate interests in managing partnerships, ensuring proper implementation of the Project and defending our legal rights (including potential disputes and audits). 

Article 6(1)(c) GDPR – legal obligation for data kept to comply with financial, tax and audit rules.

We need basic contact and role information in order to assess and select partners, conclude and perform agreements, communicate and meet our legal obligations. If you do not provide this information, we may not be able to enter into or perform the relevant agreement with your organisation.

Newsletter subscribers and marketing contacts

Email address, name (optional), country or language preference (if provided), records of your consent (date, method, content), records of your unsubscribe or objection, basic engagement data with emails (such as opens, clicks, bounces) 

To send newsletters and updates about this Project and related initiatives; invite you to events, surveys or calls for participation; manage subscription and unsubscribe lists; analyse overall communication effectiveness in aggregated or pseudonymised form and improve our outreach.

Article 6(1)(a) GDPR – consent where you actively subscribe (for example, by ticking a box or filling in a newsletter sign-up form). 

Article 6(1)(f) GDPR – legitimate interests where applicable law allows us to send similar Project-related information to existing contacts, always with a clear and easy opt-out. 

Note: You can withdraw your consent or object to marketing at any time via the unsubscribe link or by contacting us by email address specified in the first section of this Privacy Policy (”Who we are”).

Providing your email address is necessary to receive email updates. If you do not provide it, we cannot send you newsletters or similar communications. You can unsubscribe at any time, after which we will no longer send you marketing emails, we will only process limited data retained to respect your opt-out.

  1. Joint controllers and local partners

We coordinate the Project across several countries and work closely with local partner organisations. For learner-related data, we and the relevant local partner act as joint controllers. For website usage data, we act as the sole controller.

  1. When we act as sole controller

For most Website-only usage data (such as IP addresses, cookies and technical logs generated when you browse this Website), VšĮ “Talentai technologijoms“ acts as the sole controller. Local partners do not access this data unless it is necessary for a specific joint activity and we have appropriate arrangements in place.

  1. When we act as joint controllers

For personal data related to learners and Project participants in Czechia, Romania, Bulgaria, Moldova, Latvia, Lithuania and Poland, VšĮ  „Talentai technologijoms“ (the Coordinator) and the relevant local partner organisation in your country act as joint controllers within the meaning of Article 26 GDPR.

This joint controller arrangement applies in particular to:

  • data you provide when registering or applying for training within the Project;
  • data about your participation, progress and completion of the Project;
  • feedback and impact measurement data for the Project (for example, surveys before and after the course); and
  • metadata necessary to understand and report on the Project’s impact.

In simple terms, the roles are as follows:

The coordinator VšĮ  „Talentai technologijoms“  (Women Go Tech, Talents for Tech):

  1. defines and communicates the overall data collection framework, including categories of personal data, main purposes and core retention periods;
  2. approves core privacy notice templates and guidance for partners;
  3. coordinates responses to data subject requests where they relate to cross-country or aggregate Project data, or where it is not clear which partner is best placed to respond;
  4. leads on coordination and external communication in case of data breaches affecting multiple partners or countries, including communication with the funding partner if required under the grant agreement.

Each local Partner:

  1. prepares and uses its own local privacy notices, consistent with the framework approved by the Coordinator;
  2. collects and manages learner data locally, including recruitment, registration, training participation, completion and feedback;
  3. is the primary contact point for data subjects in its own territory;
  4. handles data subject requests concerning data it holds, in cooperation with the Coordinator where needed (for example, if data is also processed centrally);
  5. promptly informs the Coordinator of any data subject request or complaint that may materially affect the Project or the joint processing.

Each party is an independent controller for any processing that falls outside the jointly agreed purposes, for example:

  • their own unrelated projects or programmes;
  • separate marketing activities not covered by the Project;
  • internal HR and staff data;
  • other organisational activities not linked to the Project.

You may exercise your data protection rights by contacting:

  1. the coordinator VšĮ “Talentai technologijoms“ (Women Go Tech, Talents for Tech) using the contact details in section 1; and/or
  2. your local partner organisation in the country where you take part in the training. You can find information about some of the local partners and their own privacy notices here (the most up-to-date list is available on our Website):

Latvia – "Riga Tech Girls": https://rigatechgirls.com/privacy-policy/

Czechia – "AAVIT": https://aavit.cz/en/privacy-policy/

Romania – "Adfaber": https://adfaber.org/acord-gdpr/

Bulgaria – "Digital National Alliance": https://digitalalliance.bg/en/privacy-policy-en/

Moldova – "ATIC": https://ict.md/privacy-policy/

Note: Under Article 26 GDPR, you may exercise your rights against any of the joint controllers. We and our partners will cooperate and support each other to handle your request and to ensure your rights are respected.

  1. Sharing of personal data

We share the personal data only with trusted partners and service providers when necessary to run the Project, comply with our obligations, or operate our Website.

  1. Categories of recipients

We may share personal data, where necessary and appropriate, with the following categories of recipients:

  1. Local partner organisations (joint controllers)

Local partners in each Project country that implement the training locally, recruit participants, provide support and contribute to impact measurement. They act as joint controllers as described above. Example categories: NGOs, associations, public centres, employment agencies, libraries and similar institutions.

  1. Service providers / processors

We may share personal data with trusted third parties where this is necessary for the purposes described in this Privacy Policy, including:

  1. Service providers that host the Website and related databases, provide email and communication tools, operate learning management systems (LMS) and online course platforms (except where you enter into a direct relationship with the platform), support surveys and impact‑measurement tools, provide analytics services, and offer secure cloud storage and backup. These providers act on our instructions under data processing agreements and must apply appropriate security measures.
  2. Professional advisers, such as auditors, accountants and lawyers, where they need access to limited personal data for advisory, audit or compliance purposes. They are bound by confidentiality obligations.
  3. Public authorities and courts, where we are legally required to disclose information (for example for tax, accounting, regulatory or legal proceedings).

  1. Google Ireland Ltd as funding partner

Under our Google.org Social Impact Funding Agreement with Google Ireland Ltd, we may share aggregated and anonymised statistics about the Project’s reach and impact with Google as a funding partner. These statistics do not identify individual learners. In line with the funding agreement and applicable data protection laws, individual-level data about learners is not reported to Google in identifiable form. Google may use aggregated impact data (which does not identify individuals) for its own reporting, evaluation and communication about the programme.

Separately, learners may access Google’s “Prompting Essentials” course or other content on Google platforms or other external platforms. When you use those external platforms, your use is governed by the privacy policies and terms of those platforms, not this Privacy Policy. Therefore, we encourage you to review the privacy policy of each platform you use.

  1. International data transfers

We process personal data within the European Union / European Economic Area (EU/EEA). If, in the future, there is a need to transfer data outside the EU/EEA (for example because a service provider stores data on servers in a third country), we will ensure that such transfers comply with GDPR requirements, including the use of appropriate safeguards such as the European Commission’s adequacy decisions, EU Standard Contractual Clauses and additional technical and organisational security measures where necessary.

  1. How long we keep personal data (retention periods)

We keep personal data only for as long as needed for the purposes described in this notice, and to meet our legal and reporting obligations.

We apply the principle of storage limitation: personal data is kept in an identifiable form no longer than necessary for the purposes for which it was collected, unless a longer retention is required or allowed by law (for example, for tax, accounting or legal claims). 

In all cases we may retain data for longer where necessary to establish, exercise or defend legal claims. We will anonymise or delete data when it is no longer required in identifiable form.

Indicative retention periods are:

  1. Website logs and basic analytics data

Server logs and basic analytics data are kept for a short period, typically up to 12 months, in order to ensure security, troubleshoot issues and understand trends.

  1. Contact enquiries and general communications

Data from contact forms, emails and other enquiries is typically kept for the duration of the correspondence plus up to 3 years to manage follow-up, track history, and handle potential disputes.

  1. Training applicants and participants (learners)

Registration, participation, completion and impact-measurement data are kept for the duration of your involvement in the Project and for a further period necessary to meet audit, reporting and legal obligations under our funding agreement and applicable law.

As an indication, this may be for the duration of the Project (currently planned from September 2025 to January 2028) plus 10 years after the Project end, depending on the funding partner and legal requirements.

  1. Partner representatives and sub-grantees

Data about partner contacts and representatives is kept for the duration of the partnership and for a further period of typically 10 years to meet grant reporting, audit and legal requirements.

  1. Newsletter subscribers / marketing contacts

We keep your data for email updates until you unsubscribe or until your email address is consistently inactive for a defined period (for example, 2 years with no engagement), after which it will be removed or anonymised, except where we need to retain limited information (such as your email address on a suppression list) to document your opt-out.

  1. Cookies and similar technologies

We use cookies to make our Website work and, with your consent, to analyse how it is used. You can control your cookie settings at any time.

  1. What are cookies?

Cookies are small text files that a website stores on your device (computer, smartphone or tablet) when you visit it. They can be used to:

  • remember your settings and preferences;
  • keep you logged in;
  • help the site work securely and efficiently;
  • understand how people use the site, so it can be improved.
  1. Types of cookies we use

We distinguish between the following categories:

  1. Strictly necessary cookies

These cookies are essential for the proper functioning of the Website and cannot be switched off in our systems. They are usually set in response to actions you take, such as setting your privacy preferences, logging in, or filling in forms. We rely on legitimate interests as a legal ground to use these cookies, as the Website cannot function properly without them.

  1. Analytics / performance cookies

These cookies help us understand how visitors use the Website (for example, which pages are most popular, how long users stay, and how they navigate). This information is used in aggregated form to improve the Website and our services. We will only use such cookies with your consent, collected via our cookie banner or settings tool.

  1. Marketing or third-party cookies 

These cookies may be set by us or by third-party providers to track visitors across websites and build user profiles, for example to show relevant content or measure the success of campaigns. We will only use such cookies if they are necessary for our Project communication strategy and with your consent.

  1. Specific cookies used on the Website

Cookie name

Purpose

Type

Retention

cookie_consent

Stores the visitor’s consent preferences, including whether analytics and/or marketing cookies were accepted or rejected.

Strictly necessary

1 year

NEXT_LOCALE

Stores the visitor’s selected language or locale.

Strictly necessary

Session

_ga

Google Analytics cookie used to distinguish unique visitors.

Analytics, used only with consent

2 years

ga<container-id>

Google Analytics cookie used to preserve session state.

Analytics, used only with consent

2 years

_gid

Google Analytics cookie used to distinguish visitors within a 24-hour period.

Analytics, used only with consent

24 hours

_gat

Google Analytics cookie used to limit the rate of requests.

Analytics, used only with consent

1 minute

YouTube embed (youtube-nocookie.com)

Minimal third-party cookies may be set only when the user actively plays the embedded video.

Third-party embedded content

Decided by Google

  1. Managing cookies

When you first visit our Website, you will see a cookie banner or pop-up that allows you to:

  • accept all cookies;
  • reject non-essential cookies; or
  • choose more personalised settings.

You can change or withdraw your consent at any time via our cookie banner or settings tool (where available) or through your browser settings by choosing to block or delete cookies. Please note that blocking certain cookies may affect how the Website functions.

  1. Security of personal data

We take appropriate technical and organisational measures to keep your personal data secure and to prevent unauthorised access, loss or misuse, including:

  • Access control and limitation: personal data is accessible only to staff and authorised partners who need it for their tasks, under confidentiality obligations.
  • Secure systems: use of security measures such as firewalls, password protection and, where appropriate, multi-factor authentication.
  • Encryption and pseudonymisation where appropriate, for example for data in transit (TLS/HTTPS) and, where feasible, for data at rest.
  • Regular updates and monitoring of systems to reduce vulnerabilities and detect unusual activity.
  • Data minimisation: we collect only the data we need and, where possible, use aggregated or anonymised data for analytics and reporting.
  • Training and awareness: relevant staff and partners receive guidance on data protection responsibilities and good security practices.
  • Data processing agreements with service providers, requiring appropriate security and confidentiality measures.

While no system is completely secure, we aim to reduce risks and to respond promptly to any suspected issues. If we become aware of a personal data breach that poses a high risk to your rights and freedoms, we will inform you and the competent supervisory authority, as required by law.

  1. Your data protection rights

You have a range of rights over your personal data. You can contact us or your local partner to exercise them. Under GDPR, you have the following rights, subject to conditions and limitations:

  1. Right of access – You can ask us whether we process your personal data and, if so, obtain a copy of that data and information about how we use it.
  2. Right to rectification – You can ask us to correct inaccurate or incomplete personal data about you.
  3. Right to erasure (“right to be forgotten”) – You can ask us to delete your personal data in certain circumstances, for example where it is no longer needed for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis.
  4. Right to restriction of processing – You can ask us to restrict processing of your data in specific situations, for example while we check its accuracy or assess an objection.
  5. Right to data portability – For certain data you provided to us, and which we process by automated means based on your consent or a contract, you can ask to receive it in a structured, commonly used and machine-readable format, and to have it transmitted to another controller where technically feasible.
  6. Right to object – You can object at any time to processing based on our legitimate interests, including profiling, on grounds relating to your particular situation. We will stop the processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or if the processing is necessary for legal claims.
    You also have an absolute right to object at any time to direct marketing, including profiling related to it. If you object, we will stop using your data for this purpose.
  7. Right to withdraw consent – Where we rely on your consent (for example, for certain cookies or newsletters), you can withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal, but we will stop processing for those purposes from that point onwards.
  8. Right not to be subject to automated decisions with legal or similarly significant effects
    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless certain conditions are met and safeguards exist.
    We do not currently use such automated decision-making for this Project. 

11.1 How to exercise your rights

You can exercise your rights by contacting:

  1. The coordinator VšĮ “Talentai technologijoms“  (Women Go Tech, Talents for Tech):
    Email: support@womengotech.lt
    Postal address: Mokslininku str. 2A, LT-08412 Vilnius, Lithuania

and/or

  1. Your local partner organisation in the country where you participate in the training:
    Latvia – "Riga Tech Girls": https://rigatechgirls.com/privacy-policy/

Czechia – "AAVIT": https://aavit.cz/en/privacy-policy/

Romania – "Adfaber": https://adfaber.org/acord-gdpr/

Bulgaria – "Digital National Alliance": https://digitalalliance.bg/en/privacy-policy-en/

Moldova – "ATIC": https://ict.md/privacy-policy/

Please describe your request clearly and, if possible, indicate which processing activity it relates to. We may need to ask you for additional information to verify your identity when necessary. We will respond to your request without undue delay and in any case within the time limits set by GDPR (normally one month, which may be extended in complex cases).

Under our joint controller arrangement, we and our partners will cooperate to ensure your request is handled properly and consistently.

  1. Right to lodge a complaint

If you believe that your personal data has been processed in a way that does not comply with data protection law, we would encourage you to contact us first so that we can try to resolve your concerns. You also have the right to lodge a complaint with a supervisory authority.

The lead supervisory authority for VšĮ “Talentai technologijoms“  (Women Go Tech, Talents for Tech) is State Data Protection Inspectorate of the Republic of Lithuania. Website and contact details: https://vdai.lrv.lt/en/; e-mail ada@ada.lt 

  1. Changes to this Privacy Policy 

We may update this Privacy Policy from time to time, for example, if the way we use personal data changes; we introduce new services, tools or partners; or the legal or regulatory framework evolves.

When we make significant changes, we will update the “Last updated” date at the bottom of this page; and, where appropriate, provide a more prominent notice (for example, via a banner on the Website or email notification to registered users).

The current version of this Privacy Policy will always be available on our Website.

Last updated: 2026, May 27th

Newsletter