Privacy Policy

Last updated: February 28, 2025

1. Summary

This summary provides a quick overview of how we collect, use, and protect your personal data, and your rights regarding that data. We adhere to the EU General Data Protection Regulation (GDPR) and applicable international data protection standards to ensure your information is handled safely and lawfully:

• We collect personal information (such as name, email, IP address, user agent, time zone, test results, and exam recordings) to process scholarship admissions, ensure exam integrity, provide support, and improve our services.
• Your data is used only for the purposes stated and is not sold to third parties. We share it only with trusted partners and service providers as needed (e.g., partner schools for admissions, proctoring service for exams, analytics providers), and always in compliance with data protection laws.
• All personal data is stored securely on servers in the EU (in Germany). We employ appropriate security measures to protect your data from unauthorized access.
• You have rights under GDPR to access, correct, delete, or restrict the use of your data. You can also withdraw consent where applicable, and we will honor your choices.
• We do not transfer your data outside the EU except in limited cases (such as using specific analytics or exam proctoring tools). In such cases, we ensure equivalent data protection safeguards.
• If you have any questions or wish to exercise your rights, you can contact us at info@leaders.tech.

2. Data Collection and Processing

We collect and process personal data that you provide to us or that we obtain through your use of our platform. This section details what information we collect, why we collect it, and how it is processed.

Personal Data We Collect

We may collect the following categories of personal information from you:

• Identification and Contact Details: Your name, email address, and other contact information that you provide when applying or contacting us.
• Technical Information: Data about your device and connection, such as your IP address, browser type, operating system, device type, time zone, and user agent string. We collect these through your interactions with our site (including via analytics tools).
• Application and Exam Data: Information you submit during the application and testing process, such as your answers to test questions, test scores/results, and any essays or form responses. If online tests or exams are administered, this includes your responses and performance data.
• Proctoring Data: If we conduct remote proctored exams, we may collect audio, video, and screen recordings of your test sessions. This includes webcam footage, microphone audio, and desktop screen capture during the exam period to ensure academic integrity.
• Communications: Copies of communications you send to us or have with us, for example, emails or messages for support or admission inquiries. If you communicate with us via third-party platforms (such as Telegram), we may receive your username and the content of your messages.

Purpose of Data Collection and Use

We process your personal data for specific purposes and only when we have a valid legal basis to do so. These purposes include:

• Application and Admission Processing: We use your personal and academic information to evaluate your eligibility for the Technology Leaders of the Future program, process your application, and make admission decisions. This is necessary for entering into a potential student contract with you and is a core service of our platform.
• Exam Administration and Integrity: We process test answers and, if applicable, proctoring recordings to administer entrance exams and maintain their integrity. This includes verifying that testing is conducted honestly and identifying any misconduct. This processing is based on our legitimate interests in ensuring a fair selection process and on your consent for proctoring (when required).
• Communication and Support: We use your contact details to communicate with you about your application status, exam schedules, results, and program information. We also use data (like your email or messaging ID) to respond to your inquiries, provide customer support, and send necessary updates. These communications are part of servicing your application or based on your consent where required (for example, if you subscribe to optional updates).
• Analytics and Improvements: We utilize usage data (such as pages visited, time spent, and technical logs) via tools like Google Analytics and Yandex Metrica to understand how our platform is used and to improve our website and services. This helps us enhance user experience and fix technical issues. Where required by law, we will obtain your consent for analytics cookies or similar tracking technologies.
• Security and Fraud Prevention: We process certain technical data (like IP addresses and log information) and exam proctoring data to protect our website, users, and the integrity of the admissions process. This includes monitoring for suspicious activity, preventing cheating on exams, and diagnosing or preventing security incidents. This processing is based on our legitimate interests in maintaining a secure and fair system.

External Services and Processors

We use trusted third-party services to operate our platform and support our processes. These third parties process data on our behalf or in partnership with us, and they are bound by contracts to protect your information. The key external services we use include:

• Google Spreadsheets (Google Workspace): We may use Google Spreadsheets to organize and manage application and testing data internally. This means some of your information (like application details or scores) might be stored in our secure Google Sheets documents accessible only to our team. Google, as a service provider, maintains strict security and privacy standards (see Google’s Privacy Policy).
• Telegram: We use Telegram (a messaging service) to communicate with applicants and students who choose to contact us or receive notifications via Telegram. If you interact with us on Telegram, your Telegram username and message content will be processed by Telegram's servers (which may be outside the EU) and by us for the purpose of responding to you or sending you updates. (See Telegram’s Privacy Policy linked below.)
• Google Analytics: Provided by Google LLC (USA) – We use this service to collect anonymized website usage statistics (such as page views and traffic sources). Google may collect your IP address and usage data; we have configured Google Analytics to anonymize IP addresses in the EU when possible. Data may be stored on Google's servers. (See Google's Privacy Policy linked below.)
• ProctorFree: Provided by ProctorFree, Inc. (USA) – For online exam proctoring, we may use ProctorFree's platform. During a proctored exam, ProctorFree’s system will collect your webcam video, audio, screen activity, and possibly biometric data (e.g., facial recognition for identity verification) to monitor the exam. ProctorFree acts as our data processor for these recordings and exam data, which are stored on their secure servers. They will only use this data to report back to us on any integrity issues during the exam. (See ProctorFree’s Privacy Policy linked below.)
• Yandex Metrica: Provided by Yandex LLC (Russia) – This is another analytics tool that helps us understand user behavior and site performance. It may collect similar usage data and technical information. Data collected by Yandex Metrica could be transferred to servers outside the EU, so we use it in a manner compliant with GDPR. (See Yandex's Privacy Policy linked below.)
• Sentry: Provided by Functional Software, Inc. (USA) – We use Sentry for error monitoring and debugging of our website. When errors occur, Sentry captures technical data (such as error logs, device information, or user actions leading to the error) to help us diagnose and fix issues quickly. Personal data in error reports is minimized, but incidental data (like your IP or user ID) might be transmitted. Sentry is GDPR-compliant and offers data hosting in the EU, which we utilize.

All these service providers are engaged under GDPR-compliant agreements. They only receive the data necessary for their function, and they are not permitted to use your information for anything other than providing services to us. We carefully select and review our providers to ensure they meet high data protection standards.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. The retention periods for different categories of data are:

• Application Data: If you apply to the program but are not admitted, we typically retain your application information and test results for a short period after the admissions cycle (e.g., until the end of the selection process and any related review period). This allows us to address any questions or disputes about the selection. After this period, your application data will be deleted or anonymized.
• Admitted Students' Data: If you are admitted and enroll in the program, we will retain your personal information throughout your enrollment (to administer your education) and up to the completion of the course/program. Some data may be kept longer if required for academic records or legal obligations, but we will inform you of such retention if applicable.
• Test and Exam Data: Data from entrance tests or exams (including proctoring recordings) is kept until the examination and admission process is completed and results are finalized. Proctoring video/audio recordings may be retained for a defined period (for example, until all admission decisions are made and any appeals or reviews are resolved) and then deleted, unless a longer retention is legally required or justified.
• Technical Logs: We keep server logs and other technical logs (which may include IP addresses and visit timestamps) for up to 2 years. These logs are maintained for security, fraud detection, and troubleshooting purposes, and are typically purged on a rolling basis.

After the applicable retention period ends, we either securely delete your personal data or anonymize it (so it can no longer be associated with you). If we are required to keep data longer (for example, due to legal requirements or to protect our rights), we will ensure your data is stored securely and only used for those necessary purposes.

Data Storage and Security

We are committed to ensuring the security of your personal data. All the data you provide us is stored on secure servers located in the European Union. Specifically, our servers are hosted in the Hetzner Cloud data center in Nuremberg, Germany. Hetzner is a reputable hosting provider with strong physical and network security measures in place.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: Our website is secured via HTTPS, which encrypts data in transit between your device and our servers. Sensitive data is additionally encrypted at rest where appropriate.
• Access Control: Personal data is accessible only to authorized personnel who require it to perform their duties (e.g., admissions staff, technical staff for maintenance). Access to databases and systems is protected by strong authentication and role-based access controls.
• Monitoring and Maintenance: We use security monitoring tools (and services like Sentry for error detection) to track any anomalies. We regularly update our software and infrastructure and conduct security reviews to guard against vulnerabilities.
• Data Minimization: We collect only the personal information that is necessary for the purposes described, and we limit access and retention as described above.
• Third-Party Security: When we use third-party processors (like those listed above), we ensure they also employ high standards of security. We include provisions in our contracts to require them to protect your data and notify us of any incidents.

While we strive to protect your information, please note that no method of transmission over the internet or electronic storage is 100% secure. However, we continuously update and improve our security practices to adapt to new threats and protect your personal data.

3. User Rights Under GDPR

As a data subject under the GDPR (and similar international data protection laws), you have several rights regarding your personal data. You may exercise these rights at any time by contacting us. Your key rights include:

• Right of Access: You have the right to request a copy of the personal data we hold about you, as well as information on how we process it.
• Right of Rectification: If any personal data we have about you is incorrect or incomplete, you have the right to request that we correct or update it without undue delay.
• Right to Erasure: You can request that we delete your personal data if it is no longer necessary for the purposes for which it was collected, or if you withdraw consent (where applicable) or object to processing and we have no overriding legitimate grounds to continue, or if we are required to delete it to comply with a legal obligation. This is also known as the “right to be forgotten.”
• Right to Restrict Processing: You have the right to ask us to limit the processing of your data in certain circumstances – for example, if you contest the accuracy of your data (for a period enabling us to verify it) or if you have objected to processing (see below) and we are considering your request.
• Right to Data Portability: For data you provided to us, and which we process by automated means based on your consent or for the performance of a contract, you have the right to request that we provide that data to you or directly to another service provider in a commonly used, machine-readable format, where technically feasible.
• Right to Object: You may object to certain processing of your personal data, particularly where the processing is based on our legitimate interests. You always have the right to object to the use of your data for direct marketing purposes (note: we do not use your data for direct marketing without your consent).
• Right to Withdraw Consent: If we are processing any of your personal data based on your consent (for example, optional analytics cookies or receiving certain communications), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing done before the withdrawal.
• Right to Lodge a Complaint: If you believe we have infringed your data protection rights, you have the right to file a complaint with a supervisory authority in the EU member state where you reside, work, or where the alleged infringement occurred. For example, in Germany this would be the data protection authority of the respective federal state. We encourage you to contact us first, and we will do our best to address your concerns.

To exercise any of these rights, please contact us at info@leaders.tech. We will respond to your request as soon as possible, and no later than within the timeframes required by law (generally within one month). We may need to verify your identity before executing certain requests for security reasons.

4. Third-Party Data Sharing

We do not sell or rent your personal data to third parties. However, in the course of running our program and services, we do share certain data with third parties under strict conditions. Such sharing is limited to the following cases:

• Partner Educational Institutions: Our program is run in collaboration with partner schools such as H-FARM and The Island School. If you apply and are considered for admission, or if you are admitted to the program, we will share necessary information with these partner institutions. This may include your application details, test scores, and contact information so they can evaluate your candidacy, coordinate the educational offering, or enroll you as a student. These partners will treat your information in accordance with GDPR and their own privacy policies once they receive it.
• Proctoring and Exam Services: If we use a third-party proctoring service (like ProctorFree) for monitoring exams, we share the necessary data to conduct the proctoring. This means your identity details and exam schedule are provided to set up the proctored session, and the live or recorded exam data (video, audio, screen activity) is captured by that service and accessible to us. The proctoring provider acts under our instructions and is not allowed to use your data for any other purpose.
• Analytics and Technical Service Providers: As mentioned, we use analytics tools (Google Analytics, Yandex Metrica) and error tracking (Sentry). These involve sharing of technical data (like IP address, device info, and usage patterns) with those providers. This data sharing happens through embedding their scripts on our site, which collect data for us. The data may be available to these providers in order to provide us aggregated reports or to improve their services, but they are contractually or legally bound to process it in compliance with privacy laws. Similarly, if we use Google services (like Google Sheets or email) to process or communicate your information internally, your data may pass through Google's systems but remains protected under Google's data protection terms.
• Legal Compliance and Protection: In certain circumstances, we may be required to disclose personal data to third parties if mandated by law or necessary to protect our rights. For example, if a government authority legally requires access to specific data, or if we need to share information with law enforcement to investigate fraud or security incidents. In all such cases, we will ensure there is a valid legal basis for the disclosure and will document any requests as required by law.

Whenever we share your data with third parties, we ensure that we have appropriate agreements in place to protect your information. For example, with our service providers, we have Data Processing Agreements that bind them to GDPR standards of data protection and confidentiality. Our partner schools, as independent data controllers for their students, have their own obligations to protect your data. We remain committed to minimizing the data shared and ensuring that your data is used only for legitimate purposes aligned with those described in this Privacy Policy.

5. Data Transfers Outside the EU

We primarily store and process personal data within the European Union. Our servers and main databases are located in the EU (Germany), and we strive to keep your data within EU jurisdiction. In general, we do not transfer your personal data to countries outside the European Economic Area (EEA) without adequate protection.

However, some of the third-party services we use or certain operational needs may involve transferring data outside of the EU:

• ProctorFree or Other US-Based Services: If our proctoring provider (ProctorFree) or similar service providers store or process data in the United States or another country outside the EU, your data (such as exam recordings or related info) might be transferred to those locations. In such cases, we rely on legal mechanisms to lawfully transfer data (for example, Standard Contractual Clauses approved by the European Commission, or the service provider’s compliance certifications) to ensure your data remains protected. We also limit what is transferred to only what is necessary for the service.
• Yandex Metrica: If we utilize Yandex Metrica for analytics, data collected (such as website usage information and truncated IP addresses) might be transmitted to Yandex servers, which could be located in non-EU regions. Yandex has stated compliance with European data protection principles for services used by EU customers.
• International Staff Access: In scenarios where our staff or contractors who normally operate within the EU need to access the system while traveling or residing in a non-EU country, your data may be accessed from outside the EU. This is not a formal transfer to a third party, but we mention it for transparency. Such access is secured via encrypted channels (e.g., VPN or secure connection), and our data remains on EU servers. All GDPR protections and our internal security measures continue to apply regardless of where our team is located during access.

Whenever data is transferred outside the EU, we take steps to ensure an equivalent level of data protection as provided in the EU. This includes entering into Data Processing Agreements with standard contractual clauses, selecting providers with strong security practices, and monitoring the regulatory landscape for any changes in international data transfer rules. If you have questions about our data transfer practices, please contact us and we will provide additional information.

6. Consent Withdrawal & Contact Information

Where we rely on your consent to process your personal data (for instance, for using certain cookies or sending you optional updates), you have the right to withdraw that consent at any time. To withdraw consent, you can adjust your preferences (such as disabling certain cookies) if applicable, or simply contact us at our email address below. Once we receive a consent withdrawal request, we will cease processing the data for which you originally consented (unless we have another legal basis to continue, which we will communicate to you).

If you wish to withdraw consent, request access to your data, or exercise any other data rights, or if you have any questions or concerns about how we handle your personal information, please contact us at:
info@leaders.tech

In your request, please clearly state your identity and the right you wish to exercise (for example, "I withdraw consent for analytics tracking" or "I request deletion of my data"). We may need to verify your identity before processing certain requests (especially for data access, deletion, or modification) to ensure we do not disclose or alter data for the wrong person. We will confirm receipt of your request and respond within the legally required time frame (usually within one month).

For any privacy-related inquiries, you may also reach out to us at the above contact email. We are committed to respecting your rights and ensuring your privacy is protected, and we will assist you with any questions you have.

7. Privacy Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, to incorporate new services, or to comply with changes in privacy laws or regulations. When we make changes to this policy, we will update the "Last updated" date at the top of the policy. If the changes are significant, we will provide a more prominent notice (for example, on our website homepage or via email notification).

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our website and services after any updates take effect will constitute acceptance of those changes. If we seek to use your personal data for a new purpose not previously disclosed, we will notify you and obtain any necessary consent prior to that new processing, in accordance with the law.

8. Links to Partner and Service Privacy Policies

For more information on how our partners and service providers handle your data, you can refer to their privacy policies directly. Below are links to the privacy policies of key partners and services mentioned in this document:

• H-FARM Privacy Policy – H-FARM (an educational institution in Italy) is one of our partner schools in the program.
• The Island School Privacy Policy – The Island School (located in Cyprus) is another partner school. (See their privacy & policies page.)
• ProctorFree Privacy Policy – Details on how ProctorFree handles data for exam proctoring services.
• Telegram Privacy Policy – How Telegram Messenger Inc. processes user data (relevant if you communicate with us via Telegram).
• Google Privacy Policy – Covers Google services like Google Analytics and Google Workspace (including Google Sheets) that we utilize.
• Yandex Privacy Policy – Outlines data practices by Yandex (relevant for Yandex Metrica analytics data).
• Sentry Privacy Policy – Explains how Sentry (our error logging service) protects and processes data.

If you have any further questions about this Privacy Policy or our data practices, please do not hesitate to contact us at info@leaders.tech.