Privacy Policy – PNDAR Academy

Last updated: January 10, 2026

---

1. Introduction

We are committed to safeguarding the privacy of our website visitors, service users, individual customers, and learners.

This Privacy Policy applies where PNDAR – Privacy Network & Data Advisory Resources (“we“, “us“, “our“, or the “Company“) acts as a data controller with respect to your personal data. In other words, it covers instances where we determine the purposes and means of processing your personal data.

Our website incorporates privacy controls which affect how we will process your personal data. You can control your preferences by visiting the settings section in your user account.

We use cookies on our website. Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website (or as otherwise permitted under applicable law).

PNDAR Academy is accessible from: https://learn.pndar.com/

---

2. Definitions and Interpretation

For the purposes of this Privacy Policy:

• Account means a unique account created for you to access our Service or parts of our Service.
• Company refers to PNDAR – Privacy Network & Data Advisory Resources, Dublin, Ireland.
• Cookies are small files that are placed on your computer, mobile device, or any other device by a website, containing details of your browsing history on that website, among other uses.
• Country refers to: Ireland
• Device means any device that can access the Service, such as a computer, a cell phone, or a digital tablet.
• Personal Data is any information that relates to an identified or identifiable individual.
• Processing means any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Service refers to PNDAR Academy website and platform.
• Service Provider means any natural or legal person who processes personal data on behalf of the Company, including third-party companies or individuals employed by the Company to facilitate the Service, provide it on behalf of the Company, perform related services, or assist in analyzing Service usage.
• Transaction Data means information relating to transactions you enter into with us, including purchases of goods and/or services.
• Usage Data means data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit, pages accessed, IP address, browser information).
• You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

---

3. The Personal Data We Collect

3.1 Personal Data Collected Directly from You

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. This may include:

Contact Data:

• Email address
• First name and last name
• Telephone number (optional)
• Postal address (optional)
• Social media account identifiers (if you log in via social media)

Account Data:

• Your account identifier
• Your name and email address
• Account creation and modification dates
• Website settings and marketing preferences
• Business name (if applicable)
• Password (encrypted)
• Course enrollment history
• Certificate information

Transaction Data:

• Your name and contact details
• Payment card details or other payment information (processed by our Payment Service Provider; we do not store full credit card details)
• Transaction details (course purchased, price, date, refund information)
• Invoice and billing information
• Refund requests and status
• Tax identification information (where applicable, for EU/international transactions)

Communication Data:

• Content of communications you send to us
• Metadata associated with communications (date, time, recipient)
• Support tickets and inquiries
• Email correspondence
• Feedback and testimonials

3.2 Usage Data Collected Automatically

Usage Data is collected automatically when you use the Service:

• Your Device’s Internet Protocol address (e.g., IP address)
• Browser type, version, and language
• Operating system
• Referral source
• Pages and courses you access
• Time and date of your visits
• Time spent on pages and courses
• Unique device identifiers
• Mobile device information (if accessing via mobile)
• Course progress and completion data
• Video viewing patterns and timestamps
• Download history
• Search queries

---

4. How We Use Your Personal Data

4.1 Legal Basis for Processing

We only process your personal data where we have a legal basis to do so. The legal bases we rely on are:

• Performance of a Contract: Processing necessary to deliver the services you have requested (e.g., providing course access, processing payments, managing your account)
• Legitimate Interests: Where it is necessary for our legitimate business interests (e.g., improving our services, fraud prevention, security)
• Consent: Where you have given us explicit consent for a specific purpose
• Compliance with Legal Obligations: Where required by law (e.g., tax obligations, regulatory requirements)
• Vital Interests: Where processing is necessary to protect you or another person’s vital interests
• Public Task: Where necessary for tasks carried out in the public interest

4.2 Purposes of Processing

We may use your personal data for the following purposes:

Service Provision and Operations

• To provide, deliver, and maintain PNDAR Academy and our courses
• To process and fulfill your course enrollments
• To generate invoices, receipts, and payment-related documentation
• To provide technical support and customer service
• To monitor the usage of our Service and improve its functionality
• To diagnose technical problems and support your use of the Service

Legal Basis: Performance of contract; Legitimate interests

Payment Processing and Financial Management

• To process payments for course enrollments
• To manage refunds and cancellations (in accordance with our Refund Policy)
• To issue tax invoices and receipts
• To conduct fraud detection and prevention
• To manage payment disputes
• To comply with accounting and tax obligations

Legal Basis: Performance of contract; Compliance with legal obligations; Legitimate interests

Account Management

• To create and maintain your account
• To provide you access to courses you have purchased
• To manage your registration and user settings
• To enable you to update your account information
• To track your learning progress and course completion

Legal Basis: Performance of contract

Communications

• To contact you about your account, course progress, or inquiries
• To send administrative notices and support responses
• To deliver course-related communications and learning materials
• To notify you of updates to our terms, policies, or services
• To respond to your customer service requests
• To gather feedback via surveys (with your consent)

Legal Basis: Performance of contract; Legitimate interests

Marketing and Promotional Communications

• To send you information about new courses, special offers, promotions, and updates (only with your consent)
• To notify you about similar products, services, or events relevant to your interests (only if you have not opted out)
• To create targeted and personalized marketing communications

Legal Basis: Consent; Legitimate interests (for existing customers where permitted by law)

Research, Analytics, and Improvement

• To analyze how the Service is used and accessed
• To identify usage trends and patterns
• To evaluate the effectiveness of our marketing campaigns
• To assess and improve the quality of our courses and content
• To perform statistical analysis
• To develop new products or features

Legal Basis: Legitimate interests

Security and Fraud Prevention

• To detect, investigate, and prevent fraudulent transactions
• To prevent unauthorized access to your account
• To protect against hacking or phishing attempts
• To enhance security measures and safeguards
• To verify your identity for account access

Legal Basis: Legitimate interests; Compliance with legal obligations

Legal Compliance and Disputes

• To comply with applicable laws, regulations, and legal processes
• To respond to government requests or regulatory authorities
• To establish, exercise, or defend legal claims
• To resolve disputes and complaints
• To enforce our Terms of Service and other agreements

Legal Basis: Compliance with legal obligations; Legitimate interests

Business Operations

• To maintain and manage our business records and databases
• To conduct business transfers, mergers, or acquisitions
• To manage insurance coverage and risks
• To obtain professional advice (legal, accounting)
• To create backups and ensure data security

Legal Basis: Legitimate interests; Compliance with legal obligations

---

5. Who We Share Your Personal Data With

5.1 Service Providers

We may disclose your personal data to the following categories of service providers who process data on our behalf:

Payment Service Providers

• Stripe (stripe.com) – for processing course payments and managing transactions
• We share only the transaction data necessary to process your payment
• You can review Stripe’s Privacy Policy at: https://stripe.com/privacy

Website Hosting and Infrastructure

• We use cloud hosting services to store and maintain the website
• Your data may be stored on secure servers; details available upon request

Learning Management System Provider

• LearnPress (if applicable) and related hosting services
• Your course enrollment, progress, and learning data are stored and managed through these platforms

Email Service Providers

• We may use email service providers to send course communications and updates
• These providers process your email address to deliver messages on our behalf

Analytics Providers

• Google Analytics (to analyze website usage)
• Privacy Policy: https://policies.google.com/privacy

Customer Support Tools

• We may use customer relationship management (CRM) or support ticketing systems
• These services help us manage and respond to your inquiries

Marketing and Communication Tools

• Email marketing platforms (if you subscribe to our newsletter or communications)

5.2 Legal Requirements and Compliance

We may disclose your personal data where required by law or in response to valid legal requests from:

• Government agencies or regulatory authorities
• Law enforcement
• Courts or legal proceedings
• Where necessary to protect public safety or prevent criminal activity

5.3 Business Transfers

If the Company is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your personal data may be transferred as part of that transaction. We will provide notice before your personal data becomes subject to a different privacy policy.

5.4 With Your Consent

We may disclose your personal data for other purposes with your explicit consent.

5.5 Other Users

If you participate in forums, discussion areas, or community features within PNDAR Academy, information you share may be visible to other users.

---

6. International Transfers of Personal Data

6.1 Transfers Within the EEA

Your personal data is primarily processed and stored within Ireland and the European Union. Since PNDAR Academy is based in Ireland (EU), most processing occurs within the EU/EEA where adequate data protection is ensured under EU data protection law.

6.2 Transfers Outside the EEA

Some of our service providers (such as Stripe and cloud hosting providers) may be located outside the EEA. Where transfers to non-EEA countries occur, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use EU-approved standard contractual clauses for transfers to countries without adequacy decisions
• Adequacy Decisions: Where applicable, we rely on decisions that recognize equivalent data protection
• Your Rights: You have the right to obtain a copy of the safeguards used for international transfers by contacting us

6.3 Your Acknowledgment

By using PNDAR Academy, you acknowledge that personal data you provide may be transferred to and processed in countries outside the EEA, and you consent to such transfers in accordance with applicable law.

---

7. How Long We Retain Your Personal Data

7.1 Retention Principles

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

7.2 Specific Retention Periods

Account and User Data:

• While your account is active: indefinitely (as long as you maintain your account)
• After account closure: up to 1 year (unless you request immediate deletion)

Course and Learning Data:

• Course enrollment and completion records: for the duration of your access + 3 years (for certificate validation and legal compliance)
• Progress tracking data: for the duration of course enrollment + 1 year

Payment and Transaction Data:

• Transaction records: 7 years (Irish Companies Act 2014 + tax law)
• Payment card data: we do not store full card details; Stripe manages this in accordance with their retention policies

Communication Data:

• Support emails and tickets: up to 2 years
• Marketing communications: until you unsubscribe

Contact Data:

• If you are not a customer: up to 1 year
• If you are a customer: for the duration of our business relationship + 1 year

Usage and Analytics Data:

• Generally retained for 12-24 months
• Aggregated/anonymized data may be retained indefinitely

Cookies:

• Session cookies: deleted when you close your browser
• Persistent cookies: as specified in our Cookies Policy (typically 1-2 years)

7.3 Extended Retention

We may retain your personal data for longer periods where:

• Required by law or regulation
• Necessary for legal claims or disputes
• To comply with accounting, tax, or financial obligations
• You have not requested deletion and we have a legitimate interest in retention

7.4 Deletion

Subject to legal obligations, you can request deletion of your personal data. We will delete data unless there is a legal or business reason to retain it.

---

8. Your Rights Under Data Protection Law

8.1 Your Principal Rights

You have the following rights under GDPR and applicable data protection law:

Right to Access (Article 15)

• You can request a copy of the personal data we hold about you
• We will provide this information within 30 days
• How to exercise: Contact us at hello@pndar.com

Right to Rectification (Article 16)

• You can request that we correct inaccurate or incomplete personal data
• You can update your account information directly in your account settings
• How to exercise: Update your profile or contact us

Right to Erasure – “Right to Be Forgotten” (Article 17)

• You can request deletion of your personal data in certain circumstances
• This right is not absolute – we may need to retain data for legal, tax, or contractual reasons
• How to exercise: Contact us with a deletion request; we will respond within 30 days

Right to Restrict Processing (Article 18)

• You can ask us to restrict how we use your personal data
• We will store but not actively process the data during the restriction period
• How to exercise: Contact us with a specific restriction request

Right to Object (Article 21)

• You can object to processing based on legitimate interests or direct marketing
• We will stop processing unless we have compelling reasons to continue
• How to exercise: Contact us to object; automated opt-out for marketing is available in emails

Right to Data Portability (Article 20)

• You can request your personal data in a structured, portable format (e.g., CSV, JSON)
• You can transfer this data to another service provider
• How to exercise: Contact us with a portability request

Right to Withdraw Consent (Article 7)

• If we rely on your consent for processing, you can withdraw it at any time
• Withdrawal does not affect processing that occurred before withdrawal
• How to exercise: Update your preferences or contact us

Right to Lodge a Complaint

• You have the right to lodge a complaint with your local supervisory authority
• Irish Data Protection Commissioner: dataprotection.ie / +353 578 684 800
• EU Data Protection Authorities: edpb.europa.eu

8.2 How to Exercise Your Rights

To exercise any of these rights:

1. Email: hello@pndar.com
2. Write to us: PNDAR – Privacy Network & Data Advisory Resources, Dublin, Ireland
3. Online: Update account settings directly (for certain data)

Please include:

• Your name and email address
• The right you wish to exercise
• Any relevant details about your request
• Proof of identity (for security purposes)

We will respond to all requests within 30 days (or up to 90 days for complex requests under GDPR).

---

9. About Cookies and Tracking Technologies

9.1 What Are Cookies?

A cookie is a small file containing an identifier that is sent by a web server to a web browser and stored by the browser. The identifier is sent back to the server each time the browser requests a page from the server.

Cookies are not exclusively used to identify you personally. Personal data that we store about you may be linked to information stored in and obtained from cookies.

9.2 Types of Cookies

Session Cookies: Expire at the end of your browser session and are deleted when you close your browser.

Persistent Cookies: Remain on your device until you delete them or they reach their expiration date, allowing us to recognize you on future visits.

9.3 Cookies We Use

We use the following categories of cookies:

Essential/Necessary Cookies (Not Optional)

• Type: Session Cookies
• Administered by: PNDAR Academy
• Purpose:
  • Authentication and login management
  • User account security
  • Prevention of fraudulent activity
  • Essential website functionality
  • CSRF protection
• Legal Basis: Necessary for service provision; consent not required

Functionality Cookies (Optional)

• Type: Persistent Cookies
• Administered by: PNDAR Academy
• Purpose:
  • Remember your login credentials and preferences
  • Store language and display preferences
  • Maintain shopping cart information
  • Remember your course progress and bookmarks
  • Personalize your user experience
• Duration: Typically 1 year
• Legal Basis: Consent required (where optional)

Analytics Cookies (Optional)

• Type: Persistent Cookies
• Administered by: Google Analytics and similar services
• Purpose:
  • Analyze how you use the Service
  • Understand user behavior and preferences
  • Identify usage trends
  • Improve website functionality and content
  • Generate anonymous reports
• Legal Basis: Consent required
• Provider Information: https://policies.google.com/privacy

Advertising Cookies (Optional, if applicable)

• Type: Persistent Cookies
• Purpose:
  • Display relevant advertisements
  • Measure advertising effectiveness
  • Create user segments for targeted marketing
• Legal Basis: Consent required

Cookie Consent Cookies (Necessary)

• Type: Persistent Cookies
• Purpose:
  • Store your cookie consent preferences
  • Remember your choices about cookie usage
• Legal Basis: Necessary for compliance with cookie consent requirements

Full list: Cookie Policy

9.4 Cookie Consent

When you first visit PNDAR Academy, we will ask for your consent before placing non-essential cookies on your device. You can:

• Accept all cookies
• Reject optional cookies
• Customize your preferences
• Review and manage your choices at any time

9.5 Managing Cookies

Browser Settings: Most browsers allow you to refuse or delete cookies. You can:

• Chrome: https://support.google.com/chrome/answer/95647
• Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
• Safari: https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac
• Edge: https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-data-and-privacy
• Opera: https://help.opera.com/en/latest/security-and-privacy/

Important Note: Blocking cookies may negatively impact your ability to use certain features of PNDAR Academy, such as logging in or maintaining course progress.

---

10. Security of Your Personal Data

10.1 Security Measures

The security of your personal data is important to us. We implement appropriate technical and organizational measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit (HTTPS/SSL)
• Encryption of sensitive data at rest
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Firewalls and network security
• Regular software updates and security patches
• Employee training on data protection
• Strict access policies for sensitive data

10.2 Limitations

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data using commercially reasonable means, we cannot guarantee absolute security. You assume the risk of using the Internet and transmitting your personal data to us.

10.3 Payment Security

Payment card information is processed by Stripe, a certified Payment Card Industry Data Security Standard (PCI DSS) Level 1 compliant service provider. We do not store full credit card details on our servers. For information about Stripe’s security practices, see: https://stripe.com/security

---

11. Children’s Privacy

11.1 Age Restrictions

Our Service is not intended for children under the age of 13. We do not knowingly collect personally identifiable information from anyone under 13 without verifiable parental consent.

11.2 What to Do If a Child Has Provided Data

If you are a parent or guardian and you believe your child has provided personal data to us, please contact us immediately at hello@pndar.com. If we become aware that we have collected personal data from anyone under 13 without verifiable parental consent, we will take steps to remove that information from our servers.

11.3 Consent from Parents (where applicable)

Where applicable law requires parental consent, we will seek it before collecting or processing a child’s personal data.

---

12. Third-Party Links and Services

Our Service may contain links to websites, applications, and services operated by third parties. This Privacy Policy applies only to PNDAR Academy and does not cover third-party websites or services.

12.1 Third-Party Responsibility

We are not responsible for the privacy practices, content, or policies of third-party websites and services. We strongly advise you to:

• Review the privacy policy of any site before providing personal data
• Understand the data practices of third parties
• Contact third parties directly with privacy questions

12.2 Third-Party Links

When you click on external links or use third-party services, you are leaving PNDAR Academy and entering a third party’s site. We have no control over these sites and assume no responsibility for their practices.

---

13. Refund Policy and Data Retention

13.1 Refunds and Data

If you request a refund for a course:

• We will process the refund through your original payment method (via Stripe)
• Refund records are retained for 6 years (tax compliance)
• Your course enrollment data will be removed after 30 days
• Your progress data will be deleted unless legally required to retain it
• We will notify you of the refund status via email

13.2 Course Access After Refund

Once a refund is processed, your access to the course will be terminated. You will not be able to:

• Access course materials
• Download resources
• View your progress

13.3 Retiree Discounts or Promotions

If you received a promotional discount, you may not be eligible for a refund.

---

14. EU AI Act Compliance (Where Applicable)

We are committed to responsible AI practices. Where we use artificial intelligence or machine learning in our services, we:

• Transparently disclose use of AI/ML
• Ensure algorithmic transparency
• Implement human oversight and review
• Regularly audit AI systems for bias
• Comply with the EU AI Act and relevant regulations

If you encounter any AI-driven features, we will provide clear information about how they process your data.

---

15. Amendments and Updates to This Privacy Policy

15.1 Changes

We may update this Privacy Policy from time to time to reflect:

• Changes in our data processing practices
• Changes in applicable law
• Feedback from users or regulatory authorities
• New features or services

15.2 Notification

We will notify you of:

• Significant changes (via email and prominent notice on the website)
• The effective date of changes (updated at the top of this policy)
• Your rights regarding the changes

15.3 Your Responsibility

You are responsible for reviewing this Privacy Policy periodically. Your continued use of PNDAR Academy following changes constitutes your acceptance of the updated policy.

---

16. Data Protection Officer

While PNDAR Academy does not currently have a formally designated Data Protection Officer, we are committed to data protection compliance. For any data protection concerns, inquiries, or to exercise your rights:

Contact Information:

• Email: hello@pndar.com
• Telephone: +353 [Your Number]
• Mailing Address: PNDAR – Privacy Network & Data Advisory Resources, Dublin, Ireland

---

17. Supervisory Authority

You have the right to lodge a complaint with your data protection supervisory authority if you believe your rights have been violated.

For Ireland/EU:

• Data Protection Commissioner (DPC)
• Phone: +353 578 684 800
• Website: https://www.dataprotection.ie/
• Email: info@dataprotection.ie

For other EU countries, visit: https://edpb.europa.eu/about-edpb/board/members_en

---

18. Our Details

18.1 Company Information

Legal Entity: PNDAR – Privacy Network & Data Advisory Resources

Location: Dublin, Ireland

Email: hello@pndar.com

Website: https://learn.pndar.com/

18.2 Contact Methods

You can contact us by:

1. Email: hello@pndar.com
2. Postal Address: [Your Dublin Address]
3. Contact Form: Available on the PNDAR Academy website
4. Telephone: [Your Contact Number]

For data subject access requests or privacy-related inquiries, please mark your email with “DATA PROTECTION REQUEST” in the subject line.

---

19. Acknowledgment of Docular Template

This Privacy Policy was adapted from a template provided by Docular Limited and distributed by the International Association of Privacy Professionals (IAPP).

Template Credit: https://seqlegal.com/free-legal-documents/privacy-policy

Original Terms: Use of this template is subject to Docular’s terms and conditions: https://seqlegal.com/our-terms-and-conditions

---

20. Interpretation

In case of any conflict between translated versions of this Privacy Policy, the English version shall prevail.

This Privacy Policy uses plain language to ensure accessibility and understanding by all users.

---

Effective Date: January 10, 2026

Last Updated: January 10, 2026