Menu
GET IN TOUCH
Envelope

Privacy Policy

Website: www.climb-project.eu
Contact Email: info@climb-project.eu
Effective Date: 09/04/2026
Technical Developer: LOOP Digital Marketing LTD
Developer Website: loopdigitalmarketing.com
Developer Contact: contact@loopdigitalmarketing.com

 

1. Identity of the Website and Roles of the Parties

For the purposes of applicable data protection law, including Regulation (EU) 2016/679 (“GDPR”), the entity that operates the CLIMB website and determines why and how personal data is processed is the website owner, project operator, or relevant project consortium member(s) responsible for the operation of www.climb-project.eu and reachable at info@climb-project.eu. Under the GDPR, the controller is the party that decides the purposes and means of the processing.

LOOP Digital Marketing LTD, reachable at contact@loopdigitalmarketing.com, acts as the technical developer, webmaster, support provider, integrator, maintenance provider, and/or processor only to the extent it provides website development, technical maintenance, bug fixing, hosting-related support, plugin/theme management, backups, security work, content implementation, or similar technical services on documented instructions from the website operator. Whether LOOP Digital Marketing LTD acts as an independent controller, joint controller, or processor depends on the actual activity in question and the factual allocation of decision-making power. The EDPB’s guidance makes clear that these roles depend on what each party actually does in practice.

Where the website is operated by a consortium, partner organizations may process personal data separately or jointly depending on their role in project administration, dissemination, reporting, participant management, or service delivery. In such cases, the website operator may provide supplementary notices, application forms, or participation terms where necessary.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal data collected through or in connection with:

  • the public website;

  • user registration and login pages;

  • educational platform and digital learning hub features;

  • subscriptions, newsletters, contact forms, and mailing tools;

  • public member directory profiles;

  • event registrations and mentoring/networking features;

  • downloadable resources, surveys, questionnaires, and feedback forms;

  • cookies and similar technologies;

  • third-party plugins, themes, embedded content, analytics, and support systems;

  • communications sent to info@climb-project.eu or otherwise initiated through the website.

This Privacy Policy applies to visitors, subscribers, members, applicants, course participants, mentors, partner representatives, directory users, newsletter recipients, and any other person whose data is processed through the website.

3. Legal Framework

This website is intended to operate in line with the GDPR and related EU privacy rules, including the ePrivacy framework governing cookies and similar technologies. The GDPR applies to the processing of personal data by much of the private sector and most of the public sector in the EU/EEA, and the ePrivacy rules work alongside the GDPR in relation to cookies, direct electronic communications, and terminal equipment access.

Depending on the country of establishment of the website operator and the actual audience reached, national laws implementing or supplementing the GDPR and ePrivacy framework may also apply.

4. Categories of Personal Data We May Collect

Depending on how the website is used, the website operator and authorized technical providers may collect and process the following categories of personal data:

4.1 Identity and Contact Data

Full name, email address, phone number, mailing address, organization name, role/title, country, region, language preference, and similar identifiers.

4.2 Account and Profile Data

Username, encrypted password credentials, profile photo, biography, expertise, interests, directory listing information, public-facing membership details, networking preferences, mentorship interests, and other information voluntarily added to a user profile.

4.3 Educational and Participation Data

Course enrollments, completion status, lesson progress, quiz results where applicable, certificates, saved materials, participation in webinars or training activities, feedback submissions, event registrations, attendance details, learning preferences, forum or community interactions, and mentoring participation details.

4.4 Communications Data

Messages sent via forms, email correspondence, support requests, comments, newsletter sign-up records, administrative notices, and records of communications concerning the website or project.

4.5 Technical and Usage Data

IP address, approximate location, browser type, device type, operating system, referral URLs, pages visited, timestamps, log files, session identifiers, interaction events, cookie identifiers, crash/error reports, and similar technical metadata.

4.6 Directory and Visibility Data

Where a public members directory exists, profile details chosen or required for public display may be visible to site visitors, including name, organization, role, country, project relevance, social links, public email or contact form access, profile image, professional summary, and other profile fields enabled by the website.

4.7 Payment or Subscription Data

If subscription, paid access, donation, or invoicing features are activated now or in the future, the website may process billing details, transaction references, subscription status, and limited payment metadata through third-party payment service providers. Full card details should not ordinarily be stored on the website unless expressly processed through a compliant payment provider.

4.8 Sensitive or Special Category Data

The website does not intentionally request or require special category data unless explicitly necessary and lawfully justified. Users should avoid submitting sensitive information unless specifically requested through a lawful process with an appropriate legal basis.

5. How Personal Data Is Collected

Personal data may be collected:

  • directly from users when they browse, register, subscribe, upload profile information, enroll in courses, contact the website, or participate in project activities;

  • automatically through cookies, server logs, analytics scripts, security tools, or similar technologies;

  • from partner organizations or project-related forms where users have engaged with CLIMB activities;

  • from integrations, plugins, embedded services, or third-party platforms used to operate website functionality;

  • from lawful public sources where relevant for project networking, dissemination, stakeholder engagement, or professional directory management.

6. Purposes of Processing

Personal data may be processed for one or more of the following purposes:

  1. to operate, maintain, secure, and improve the website and educational platform;

  2. to create and manage user accounts and subscriptions;

  3. to deliver courses, digital learning content, resources, and member services;

  4. to manage directories, profiles, mentoring, networking, and community features;

  5. to provide customer service, technical support, and administrative communications;

  6. to send newsletters, project updates, event notices, and dissemination content where lawful;

  7. to process registrations for workshops, webinars, consultations, or project activities;

  8. to monitor engagement, improve usability, and understand website performance;

  9. to enforce website rules, prevent abuse, maintain security, and investigate incidents;

  10. to comply with legal, regulatory, contractual, funding, audit, reporting, or record-keeping obligations;

  11. to protect the legal rights, interests, safety, property, systems, and reputation of the website operator, project partners, users, and technical service providers;

  12. to enable lawful publication of public profile or directory information where a public-facing member feature is offered.

7. Legal Bases for Processing

Depending on the context, personal data may be processed on the basis of:

  • consent, where the user has freely given specific, informed, and unambiguous permission;

  • performance of a contract or steps taken at the user’s request before entering into a contract;

  • compliance with legal obligations;

  • legitimate interests, provided those interests are not overridden by the rights and freedoms of the individual;

  • any other lawful basis recognized under applicable law. The EDPB has published guidance on controller/processor roles and on lawful processing concepts such as consent and legitimate interests.

Where consent is relied upon, users may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

8. Public Directory and Public Profile Visibility

The website may include a public directory or public member profile system. If enabled, certain user information may be visible to the public, searchable through the website, indexed by search engines unless restricted, and accessible to visitors worldwide.

By submitting information to a public profile or directory area, users acknowledge and accept that:

  • the information may become visible to any website visitor;

  • search engines or third parties may cache, index, copy, or archive publicly available information;

  • the website operator cannot fully control third-party reuse once information has been made public;

  • users should only upload or publish information they are comfortable sharing publicly;

  • the website operator may moderate, edit, hide, suspend, or remove directory content to protect the website, comply with legal obligations, or enforce quality and safety standards.

The website operator may provide privacy settings where technically feasible, but no public internet publication can be guaranteed to be fully reversible once disseminated.

9. Cookies, Analytics, and Similar Technologies

The website may use cookies, pixels, local storage, scripts, server-side tracking tools, consent tools, analytics integrations, security plugins, anti-spam technologies, embedded media, and other similar technologies. Under the EU ePrivacy rules, storing or accessing information on a user’s device generally requires prior consent unless the cookie or technology is strictly necessary for providing the requested service.

Cookies and similar technologies may be used for:

  • essential website functions and security;

  • login/session management;

  • user preferences and language settings;

  • analytics and performance measurement;

  • spam prevention and fraud mitigation;

  • embedded media and social integrations;

  • functional improvements and service optimization.

Users may manage cookie preferences through the website’s consent mechanism and/or their browser settings. Blocking certain cookies may affect site functionality.

10. WordPress, Plugins, Themes, and Third-Party Tools

The website is built on the WordPress platform and may rely on multiple third-party plugins, themes, APIs, widgets, hosting tools, video providers, analytics tools, email systems, form builders, membership tools, directory tools, security services, caching technologies, anti-spam services, backup systems, optimization utilities, and related components.

As a result:

  • certain personal data may be processed by third-party software vendors or service providers;

  • updates, patches, vulnerabilities, compatibility issues, and service changes may affect the website;

  • while reasonable care may be taken in selecting and maintaining components, the website operator and developer cannot guarantee that third-party services will always remain uninterrupted, error-free, or immune from defects;

  • data may be transferred to or accessed from countries outside the user’s jurisdiction, subject to applicable safeguards where legally required.

Where third parties process data on behalf of the website operator, they may act as processors or sub-processors depending on their actual role.

11. Sharing and Disclosure of Personal Data

Personal data may be shared where necessary with:

  • project partners, consortium members, or affiliated organizations involved in CLIMB activities;

  • website administrators, trainers, moderators, mentors, and authorized staff;

  • technical service providers, including LOOP Digital Marketing LTD, hosting providers, email providers, analytics providers, CRM tools, security vendors, and plugin/theme vendors;

  • regulators, supervisory authorities, courts, law enforcement bodies, insurers, auditors, legal advisers, and other professional advisers;

  • event, communication, payment, or certification providers where relevant;

  • other users or the public where information is intentionally posted in public profile, directory, or community areas.

Data will not be sold as a general commercial commodity. However, lawful disclosure may occur where necessary to protect rights, investigate abuse, comply with legal obligations, or support project delivery.

12. International Transfers

Because websites and third-party digital tools may involve global infrastructure, personal data may be stored in or accessed from countries outside the European Economic Area. Where such transfers occur, the website operator will seek to rely on lawful transfer mechanisms and appropriate safeguards where required under applicable data protection law.

13. Data Retention

Personal data will be retained only for as long as necessary for the purposes for which it was collected, including to provide services, maintain accounts, support project objectives, comply with legal obligations, resolve disputes, enforce agreements, conduct audits, or maintain security and business continuity.

Retention periods may vary depending on:

  • whether the user has an active account;

  • whether the data appears in a public profile or directory;

  • whether records are needed for project reporting, audit, funding compliance, or legal defense;

  • whether deletion requests can be honored immediately or must be balanced against legal obligations or legitimate interests;

  • backup cycles and disaster recovery processes.

Even where data is deleted from the live website, copies may temporarily remain in logs, archives, backups, or security systems until rotated out in the ordinary course.

14. Security

Reasonable technical and organizational measures may be used to protect personal data, including access controls, password protections, updates, monitoring, backup processes, security plugins, SSL/TLS encryption where implemented, role-based permissions, and incident management procedures. However, no internet-based system, WordPress installation, plugin ecosystem, hosting environment, API integration, email channel, or electronic transmission can ever be guaranteed to be completely secure.

Users are responsible for choosing strong passwords, protecting login credentials, and exercising caution when posting public information.

15. Data Subject Rights

Subject to applicable law, individuals may have rights including:

  • the right to be informed;

  • the right of access;

  • the right to rectification;

  • the right to erasure;

  • the right to restriction of processing;

  • the right to data portability;

  • the right to object;

  • rights related to automated decision-making where applicable;

  • the right to withdraw consent where consent is used.

Requests may be submitted to info@climb-project.eu. Proof of identity may be required before action is taken. If a user believes their rights have been infringed, they may also complain to the competent supervisory authority. In Cyprus, the Office of the Commissioner for Personal Data Protection is the national supervisory authority responsible for monitoring the application of the GDPR.

16. Children and Minors

The website is not intended for unlawful use by children and should not knowingly collect personal data from minors where parental or guardian authorization is required by law. If the website operator becomes aware that data has been submitted in breach of age-related legal requirements, it may suspend access and remove the data where appropriate.

17. Third-Party Links and Embedded Content

The website may contain links to third-party websites, platforms, embedded videos, social media plugins, partner pages, articles, funding bodies, or external tools. The website operator and developer are not responsible for the privacy, content, security, or practices of third-party services not under their direct control. Users should review the relevant third-party policies separately.

18. Data Breaches and Incident Response

If the website operator becomes aware of a personal data breach, it may investigate, contain, remediate, document, and where legally required notify competent authorities and/or affected individuals in accordance with applicable law. Nothing in this policy shall be interpreted as an admission of liability in relation to any incident.

19. Changes to This Privacy Policy

This Privacy Policy may be amended at any time to reflect legal, technical, operational, or project changes. Updated versions will be posted on the website with a revised effective date. Continued use of the website after updates constitutes acknowledgment of the revised policy to the extent permitted by law.