BOLT Consultancy Privacy Policy

Effective Date: January, 2025

1. Who We Are

BOLT Consultancy is a UAE-based innovation consulting firm specializing in startup accelerator programs, strategic events, and government consulting services. We help build the startup ecosystem across the MENA region and internationally, working with entrepreneurs, mentors, investors, and government partners to drive innovation and economic growth.

Contact Information:

Data Protection Officer: aya@boltconsultancy.io
Legal Inquiries: legal@boltconsultancy.io
Address: [Insert UAE Address]
Phone: [Insert Contact Number]
Website: [Insert Website URL]

2. What This Privacy Policy Covers

This Privacy Policy explains how we collect, use, share, and protect your personal information when you:

Apply to our startup accelerator programs or innovation challenges
Participate in our hackathons, competitions, and strategic events
Work with us as a mentor, expert, trainer, or investor
Partner with us through government contracts and initiatives
Visit our website, use our online platforms, or interact with our digital services
Engage with our ecosystem as an alumni or community member

Important Note: This Privacy Policy applies globally to all users of our services, unless specifically noted otherwise for particular jurisdictions.

3. Information We Collect

3.1 Information You Provide Directly

3.1.1 Registration and Profile Information

When you apply to programs or register with BOLT:

Personal Details: Name, username, email address, password, contact information
Profile Information: Professional headshot, additional contact details, company/organization name, job title, country of residence, social media handles, professional biography
Identity Information: Nationality, visa status (for international participants), government ID numbers (where required for security clearances)

3.1.2 Application and Program Information

For startup accelerator applications:

Founder Information: Personal and professional backgrounds, educational history, previous startup experience
Business Details: Company information, business plans, financial projections, intellectual property descriptions, technical documentation
Application Materials: Essays, video submissions, pitch decks, demo materials, team composition details
Financial Information: Funding history, revenue projections, investment requirements, banking details (for selected participants)

3.1.3 Program Participation Data

During active participation:

Attendance Records: Session participation, workshop completion, milestone achievements
Progress Tracking: Mentor session notes, peer feedback, assessment scores, development metrics
Communication Content: Messages, forum posts, feedback submissions, survey responses
Event Participation: Demo day materials, investor meeting records, networking information

3.1.4 Recordings and Media Content

We may record and transcribe:

Video Conferences: Calls with mentors, investors, and program staff for record-keeping and training purposes
Event Documentation: Program sessions, demo days, pitch presentations, and strategic events
Marketing Materials: Success stories, testimonials, promotional content (with explicit consent)
Training Content: Educational sessions and workshops for knowledge sharing

3.1.5 Government Contract Information

For government partnerships:

Security Information: Background check results, security clearance data, classified project participation
Stakeholder Data: Government contact information, project requirements, compliance documentation
Contract Materials: Deliverables, reporting data, regulatory compliance information

3.2 Information We Collect Automatically

3.2.1 Device and Usage Information

Device Data: Device type, operating system, browser information, language preferences, hardware identifiers
Network Information: IP address, location data, connection details, mobile network information
Usage Analytics: Pages visited, time spent, click patterns, feature usage, search queries
Performance Data: Load times, error reports, system interactions

3.2.2 Cookies and Tracking Technologies

We use various technologies to enhance your experience:

Essential Cookies: For basic website functionality, security, and user authentication
Analytics Cookies: To understand usage patterns and improve our services (Google Analytics and similar tools)
Preference Cookies: To remember your settings and customize your experience
Marketing Cookies: For relevant advertising and content personalization (with consent)

3.2.3 Email and Communication Tracking

Email Interactions: Open rates, click-through rates, device information, email client details
Communication Preferences: Response patterns, engagement metrics, subscription management
Marketing Effectiveness: Campaign performance, content preferences, conversion tracking

3.3 Information from Third Parties

3.3.1 Partners and Ecosystem

Investment Partners: Due diligence information, investment committee feedback, portfolio tracking data
Mentor Networks: Professional references, expertise verification, performance evaluations
Government Entities: Security clearance updates, contract compliance data, regulatory information
Ecosystem Partners: University collaborations, accelerator networks, industry partnerships

3.3.2 Service Providers and Vendors

Technology Platforms: Google Workspace data, Airtable records, communication platform information
Background Check Providers: Professional verification, security screening results
Social Media Monitoring: Public profile information, industry engagement data
Marketing Platforms: Lead enrichment data, contact verification, business intelligence

3.3.3 Public Sources

Business Information: Company registrations, public filings, press releases, industry reports
Professional Networks: LinkedIn profiles, industry publications, conference participation
Media Coverage: News articles, success stories, public recognition and awards

4. Why We Don't Collect Sensitive Information

BOLT does not intentionally collect sensitive personal data such as:

Genetic information or biometric data
Health information or medical records
Religious beliefs or philosophical views
Political opinions or affiliations
Trade union membership
Sexual orientation or intimate personal details

Limited Exceptions: We may collect certain sensitive information only when:

Accommodation Needs: Dietary requirements, accessibility needs for events (with consent)

Legal Requirements: Government security clearances, background investigations (as required by law)

Demographic Analysis: Gender and ethnicity information for diversity initiatives (entirely optional)

Safety and Security: Emergency contact information, relevant health conditions affecting participation

Age Restrictions: BOLT services are designed for adults (18+). We do not knowingly collect information from minors. If you are under 18, please do not provide personal information. If we learn that we have collected information from a minor, we will delete it promptly.

5. How We Use Your Information

5.1 Program Delivery and Management

Application Processing: Evaluating applications, conducting due diligence, selecting participants
Program Operations: Delivering training, facilitating mentorship, coordinating investor introductions
Progress Tracking: Monitoring participant development, measuring program outcomes, providing feedback
Event Management: Organizing demo days, hackathons, networking events, and strategic conferences
Alumni Engagement: Maintaining relationships with program graduates, facilitating ongoing ecosystem connections

5.2 Ecosystem Development

Network Building: Connecting entrepreneurs, mentors, investors, and government partners
Matching Services: Facilitating appropriate mentor-startup pairings, investor introductions
Knowledge Sharing: Creating educational content, best practices, industry insights
Impact Measurement: Tracking long-term outcomes, success stories, economic impact
Partnership Development: Coordinating with ecosystem partners, universities, research institutions

5.3 Communication and Outreach

Program Updates: Sending information about opportunities, deadlines, program changes
Marketing Communications: Promoting programs globally, sharing success stories, thought leadership content
Event Invitations: Notifying relevant stakeholders about upcoming events, opportunities
Newsletters: Regular updates on ecosystem developments, industry trends, alumni achievements
Customized Content: Personalized recommendations, relevant opportunities, targeted information

5.4 Research and Development

Program Improvement: Analyzing participation data to enhance program effectiveness
Industry Research: Understanding startup trends, innovation patterns, market developments
Policy Development: Contributing to innovation policy discussions, regulatory improvements
Academic Collaboration: Supporting research on entrepreneurship, innovation ecosystems
Methodology Development: Creating new approaches to accelerator programming, mentorship models

5.5 Legal and Compliance

Government Contracts: Meeting deliverable requirements, regulatory compliance, security obligations
Legal Protection: Protecting rights of BOLT, participants, and third parties
Regulatory Adherence: Complying with UAE and international data protection laws
Security Management: Preventing fraud, ensuring platform security, protecting against abuse
Audit and Oversight: Supporting internal and external audits, compliance verification

5.6 Business Operations

Service Provision: Delivering contracted services, managing vendor relationships
Financial Management: Processing payments, managing budgets, financial reporting
Quality Assurance: Maintaining service quality, monitoring performance metrics
Risk Management: Identifying and mitigating operational, security, and compliance risks
Strategic Planning: Informing business decisions, market expansion, service development

6. Legal Basis for Processing

Our processing of your personal information is based on the following legal grounds:

6.1 Consent

We process information with your explicit consent for:

Marketing Communications: Newsletters, promotional materials, event invitations
Media Usage: Photography, video recordings, success story publications
Optional Services: Alumni networks, advanced mentorship programs, research participation
Third-Party Sharing: Specific introductions, partnership opportunities, investment connections
Special Categories: Dietary requirements, accessibility needs, demographic information

Your Control: You can withdraw consent at any time by contacting aya@boltconsultancy.io or using opt-out mechanisms provided.

6.2 Contract Performance

We process information to deliver services you've requested:

Program Participation: Application processing, program delivery, mentorship facilitation
Government Contracts: Delivering contracted services, meeting compliance requirements
Service Agreements: Mentor services, expert consultation, event participation
Payment Processing: Financial transactions, invoicing, expense management

6.3 Legitimate Interests

We process information for legitimate business purposes:

Ecosystem Development: Building startup community, facilitating connections, knowledge sharing
Security and Safety: Preventing fraud, ensuring platform security, protecting user safety
Business Operations: Service improvement, vendor management, strategic planning
Research and Development: Program effectiveness analysis, industry research, innovation studies

Balancing Test: We carefully balance our legitimate interests against your privacy rights and will not process information where your interests override ours.

6.4 Legal Obligations

We process information to comply with legal requirements:

Government Regulations: UAE data protection law, international compliance requirements
Contract Obligations: Government contract deliverables, regulatory reporting
Security Requirements: Background checks, security clearance processing (where applicable)
Legal Proceedings: Responding to lawful requests, court orders, regulatory investigations

7. How We Share Your Information

7.1 Within the Innovation Ecosystem

7.1.1 Mentor and Expert Networks

Relevant Startup Information: Business concepts, founder backgrounds, development needs (with consent)
Session Documentation: Progress notes, feedback, development recommendations
Performance Metrics: Program participation, milestone achievements, networking interests

7.1.2 Investor Community

Investment Opportunities: Startup profiles, business plans, financial projections (with explicit consent)
Due Diligence Materials: Founder information, company details, market analysis
Demo Day Content: Pitch presentations, business overviews, contact information
Follow-up Coordination: Meeting scheduling, continued engagement facilitation

7.1.3 Government Partners

Contract Deliverables: Required reporting, program outcomes, participant information (as specified in contracts)
Policy Development: Aggregated insights, industry trends, ecosystem development data
Security Compliance: Background verification, clearance information (where required)
Partnership Coordination: Joint program development, resource sharing, strategic initiatives

7.1.4 Ecosystem Partners

Program Collaboration: Joint initiatives with universities, accelerators, research institutions
Referral Networks: Appropriate opportunities, partnership introductions, knowledge sharing
Industry Development: Market insights, best practices, collaborative projects

7.2 Service Providers and Vendors

We share information with trusted service providers who help us deliver our services:

7.2.1 Technology Platforms

Google Workspace: Email, document storage, collaboration tools, calendar management
Airtable: Database management, participant tracking, program administration
Communication Tools: Slack, video conferencing, messaging platforms
Website and Analytics: Hosting, analytics, performance monitoring, security services

7.2.2 Professional Services

Legal Counsel: IP attorneys, compliance specialists, contract management
Financial Services: Accounting, audit, payment processing, expense management
Security Providers: Background checks, venue security, cybersecurity services
Event Management: Venue providers, catering, photography, logistics coordination

7.2.3 Marketing and Outreach

Marketing Platforms: Email marketing, social media management, content distribution
Public Relations: Media relations, success story development, thought leadership
Event Promotion: Registration platforms, ticketing services, promotional partnerships

Vendor Requirements: All service providers are contractually required to:

Use information only for specified purposes
Implement appropriate security measures
Comply with applicable data protection laws
Delete information when services are terminated

7.3 Legal and Regulatory Sharing

We may disclose information when required by law:

7.3.1 Government Authorities

UAE Regulators: Compliance with UAE Federal Law No. 45/2021 and other applicable regulations
International Authorities: Lawful requests from relevant jurisdictions where we operate
Law Enforcement: Criminal investigations, national security matters, court orders
Regulatory Bodies: Financial regulators, industry oversight authorities

7.3.2 Legal Proceedings

Court Orders: Subpoenas, discovery requests, judicial proceedings
Arbitration: Dispute resolution proceedings, contractual arbitration
Regulatory Investigations: Compliance audits, regulatory examinations
Emergency Situations: Immediate threats to safety, security, or legal rights

7.4 Business Transfers

In the event of a merger, acquisition, or business transfer:

Due Diligence: Information sharing with potential buyers (under confidentiality agreements)
Asset Transfer: Personal information as part of transferred business assets
Successor Rights: New entity assuming privacy obligations and commitments
Participant Notification: Advance notice of any ownership changes affecting privacy practices

8. International Transfers and Safeguards

8.1 Global Operations Context

As a global innovation consultancy, we regularly transfer information internationally for:

International Programs: Supporting startups and participants from multiple countries
Global Mentor Networks: Connecting with experts and mentors worldwide
Investor Relationships: Facilitating investment opportunities across jurisdictions
Government Partnerships: Bilateral innovation cooperation, diplomatic initiatives
Ecosystem Development: International accelerator networks, cross-border programs

8.2 Transfer Mechanisms and Safeguards

8.2.1 Adequacy Decisions

We prioritize transfers to countries with adequate protection:

European Commission Adequacy Decisions: For EU data subjects
UAE-Approved Jurisdictions: Countries recognized by UAE authorities as providing adequate protection
Regional Frameworks: GCC data protection cooperation mechanisms

8.2.2 Standard Contractual Clauses (SCCs)

For transfers without adequacy decisions:

Updated EU SCCs: Latest European Commission standard contractual clauses
Supplementary Measures: Additional technical and organizational safeguards
Regular Assessments: Ongoing evaluation of transfer risks and safeguard effectiveness
Documentation: Comprehensive records of all international transfers and safeguards

8.2.3 Enhanced Technical Safeguards

Advanced Encryption: AES-256 encryption with keys managed outside recipient country
Pseudonymization: Replacing identifiers with artificial identifiers where possible
Access Controls: Strict limitations on who can access transferred information
Audit Trails: Comprehensive logging of all access to internationally transferred data

8.2.4 Organizational Safeguards

Contractual Commitments: Legal obligations to challenge unlawful access requests
Staff Training: Specialized training on international transfer requirements
Incident Response: Enhanced procedures for international transfer security incidents
Legal Analysis: Regular assessment of legal access risks in recipient countries

8.3 Specific Regional Considerations

8.3.1 EU/EEA Data Subjects

Enhanced protections for European participants:

GDPR Compliance: Full compliance with all GDPR requirements
EU Representative: Designated representative for EU regulatory matters
Supervisory Authority Cooperation: Proactive engagement with relevant Data Protection Authorities
Enhanced Rights: Full exercise of GDPR rights regardless of transfer location

8.3.2 Government Contract Restrictions

Special limitations for government data:

UAE Sovereign Data: No transfer outside UAE without explicit government authorization
Classification Restrictions: Security classified information subject to special geographic limitations
Contract Terms: Specific transfer limitations defined in government agreements
National Security: Enhanced review for any transfers involving national security information

9. Your Privacy Rights and Choices

9.1 Universal Rights

Regardless of your location, BOLT provides you with comprehensive privacy rights:

9.1.1 Right to Information and Transparency

Privacy Notices: Clear, understandable information about our data practices
Processing Details: Specific information about how your data is used
Processing Details: Specific information about how your data is used
Recipient Information: Details about who has access to your information
Retention Periods: How long we keep different types of information
Contact Information: Direct access to our Data Protection Officer

9.1.2 Right of Access

You can request:

Complete Data Copy: All personal information we hold about you
Processing Activities: Details about how your information has been used
Sharing History: Information about who has received your data
Source Information: Where we obtained your information
Machine-Readable Format: Data in commonly used electronic formats

9.1.3 Right to Rectification

You can:

Correct Inaccuracies: Fix any incorrect or outdated information
Update Details: Modify contact information, preferences, profile details
Complete Records: Add missing information to make records more complete
Real-Time Updates: Changes propagated across all systems within 72 hours

9.1.4 Right to Deletion ("Right to be Forgotten")

You may request deletion when:

Original Purpose Fulfilled: Information no longer needed for its original purpose
Consent Withdrawn: You withdraw consent for processing
Unlawful Processing: Information was processed without proper legal basis
Legal Obligation: Deletion required by applicable law
No Overriding Interests: Our legitimate interests don't override your privacy rights

Limitations: We may retain information when required by:

Legal obligations or regulatory requirements
Government contract terms
Ongoing legal proceedings
Vital interests of you or others

9.1.5 Right to Data Portability

For information you provided with consent or for contract performance:

Structured Format: Data in machine-readable format (JSON, CSV, XML)
Direct Transfer: Direct transmission to another service provider (where technically feasible)
Personal Use: Right to receive and use your data for your own purposes
No Additional Cost: Portability provided free of charge

9.1.6 Right to Object

You can object to processing based on:

Legitimate Interests: Object to processing for our business purposes
Direct Marketing: Opt-out of all marketing communications (absolute right)
Research and Statistics: Object to use for research purposes
Automated Decision-Making: Object to purely automated decisions affecting you

9.2 How to Exercise Your Rights

9.2.1 Contact Methods

Primary Contact: aya@boltconsultancy.io Subject Line: "Privacy Rights Request - [Type of Request]" Legal Inquiries: legal@boltconsultancy.io

9.2.2 Information to Include

Full Name: As registered in our systems
Email Address: Used for your account or program participation
Program/Relationship: How you're connected to BOLT (e.g., "Startup Accelerator 2024")
Specific Request: Clearly state what you want (access, deletion, correction, etc.)
Identity Verification: We may request additional information to verify your identity

9.2.3 Response Timeline

Acknowledgment: Within 48 hours of receiving your request
Standard Response: Within 30 days for most requests
Complex Requests: Up to 60 days with notification of extension
Urgent Requests: Expedited handling for security or safety concerns

9.2.4 No Cost Policy

Free Exercise: No charge for legitimate rights requests
Excessive Requests: We may charge reasonable fees for clearly unfounded or excessive requests
Transparent Pricing: Any fees clearly communicated in advance

9.3 Automated Decision-Making and Profiling

9.3.1 Limited Automated Processing

BOLT uses minimal automated decision-making:

Application Screening: Initial filtering of applications based on basic criteria (with human review)
Matching Algorithms: Suggesting mentor-startup pairings (subject to human approval)
Content Personalization: Customizing website and email content based on interests
Fraud Detection: Automated security monitoring (with human investigation)

9.3.2 Your Rights Regarding Automation

Human Review: Request human review of any automated decisions
Explanation: Understanding of logic involved in automated processing
Challenge Rights: Ability to contest automated decisions
Alternative Processing: Request manual processing instead of automation

9.4 Marketing and Communications

9.4.1 Subscription Management

Opt-Out Links: Unsubscribe links in all marketing emails
Preference Center: Granular control over communication types
Instant Processing: Opt-out requests processed immediately
Confirmation: Email confirmation of subscription changes

9.4.2 Communication Types

You can separately control:

Program Updates: Information about current programs and opportunities
Newsletter: General ecosystem news and insights
Event Invitations: Invitations to events, demo days, networking opportunities
Success Stories: Alumni achievements and ecosystem developments
Marketing Content: Promotional materials and thought leadership

Transactional Communications: You'll continue to receive essential communications about your active participation or contractual relationships even after opting out of marketing.

10. Data Security and Protection

10.1 Comprehensive Security Framework

BOLT implements enterprise-grade security measures specifically designed for innovation consulting:

10.1.1 Technical Safeguards

Encryption Standards: AES-256 encryption for data at rest, TLS 1.3 for data in transit
Access Controls: Multi-factor authentication, role-based permissions, hardware security keys for administrators
Network Security: Firewalls, intrusion detection, DDoS protection, VPN access for remote work
Database Security: Encrypted databases, automated backups, geographic distribution
Application Security: Regular security testing, vulnerability assessments, secure coding practices

10.1.2 Organizational Measures

Staff Training: Regular security awareness training, phishing simulation, incident response drills
Background Checks: Security screening for personnel with data access
Vendor Management: Security assessments of all service providers, contractual security requirements
Incident Response: 24/7 monitoring, rapid response procedures, breach notification protocols
Regular Audits: Internal security assessments, external audits, penetration testing

10.1.3 Platform-Specific Security

Google Workspace:

Advanced Protection Program for administrators
Context-aware access controls
Data Loss Prevention (DLP) policies
Comprehensive audit logging
Geographic restrictions for sensitive data

Airtable:

SSO integration with multi-factor authentication
Field-level permissions
API access monitoring
Automated backup procedures
Export controls with logging

Communication Platforms:

End-to-end encryption for sensitive communications
Guest access controls for external participants
Message retention policies
Integration security monitoring

10.2 Government Contract Security

Enhanced security measures for government partnerships:

10.2.1 Classification Handling

Compartmentalized Access: Strict need-to-know access based on security clearances
Physical Security: Secure facilities meeting government requirements
Document Security: Classified document handling procedures, secure storage
Communication Security: Encrypted channels for government communications

10.2.2 Personnel Security

Security Clearances: Background investigations as required by contracts
Ongoing Monitoring: Continuous evaluation of personnel with classified access
Training Requirements: Government-specific security training and certification
Incident Reporting: Enhanced reporting for government-related security incidents

10.3 Startup and IP Protection

Special protections for startup intellectual property:

10.3.1 Business Plan Security

Segregated Storage: Isolated systems for sensitive startup information
Version Control: Secure versioning preventing unauthorized access to historical data
Watermarking: Digital watermarks for tracking document distribution
Time-Limited Access: Automated expiration of access to sensitive documents

10.3.2 Competitive Information Safeguards

Conflict Screening: Automated detection of potential competitive conflicts
Information Barriers: Technical controls preventing cross-contamination between competing startups
Mentor Confidentiality: Enhanced confidentiality agreements and monitoring
Investor Confidentiality: Controlled information sharing with appropriate NDAs

10.4 International Security Considerations

10.4.1 Cross-Border Protection

Encryption Keys: Key management systems with geographic controls
Data Residency: Options for keeping data within specific jurisdictions
Transfer Monitoring: Automated monitoring of international data transfers
Compliance Verification: Regular verification of international security compliance

10.4.2 Incident Response

Global Coordination: 24/7 incident response across time zones
Regulatory Notification: Automated breach notification to relevant authorities
Participant Communication: Clear, timely communication about security incidents
Recovery Procedures: Rapid recovery and business continuity planning

11. Data Retention and Deletion

11.1 Retention Principles

BOLT retains personal information only as long as necessary for legitimate business purposes:

11.1.1 Purpose-Based Retention

Active Participation: During program duration plus reasonable follow-up period
Alumni Engagement: Until withdrawal from alumni networks or request for deletion
Legal Compliance: As required by applicable laws, regulations, and contractual obligations
Legitimate Interests: Only while interests remain valid and proportionate

11.1.2 Automated Deletion

System Controls: Automated deletion schedules based on data type and purpose
Regular Reviews: Quarterly assessments of retention necessity
Secure Deletion: Cryptographic erasure and physical destruction of storage media
Verification Procedures: Confirmation of successful deletion across all systems

11.2 Specific Retention Schedules

Data Category Active Retention Archive Period Total Retention Deletion Trigger Startup Applications (Rejected) 6 months 18 months 2 years Program completion + 2 years Startup Applications (Selected) Program duration + 1 year 2 years Program + 3 years Alumni network opt-out Government Contract Data Contract duration As per contract terms Contract + required period Contract termination + legal requirement Mentor/Expert Information Relationship duration 18 months Relationship + 18 months Relationship termination Investor Network Data Relationship duration 2 years Relationship + 2 years Opt-out or relationship end Event Participant Data Event + 6 months 18 months 2 years Event completion + 2 years Media and Marketing Content Permission duration N/A As per consent Consent withdrawal Website Analytics 2 years N/A 2 years Automated deletion Financial Records 7 years N/A 7 years UAE legal requirement Security and Audit Logs 3 years N/A 3 years Security requirement

11.3 Extended Retention Circumstances

We may retain information longer when:

11.3.1 Legal Requirements

UAE Commercial Law: 15-year retention for certain commercial records
Government Contracts: Specific retention terms (typically 7+ years)
Tax Obligations: 7-year retention for financial records
Regulatory Requirements: Industry-specific retention mandates

11.3.2 Ongoing Legal Matters

Active Litigation: Until resolution of legal proceedings
Regulatory Investigations: During investigation and appeal periods
Contract Disputes: Until dispute resolution completion
Audit Requirements: During audit periods and follow-up

11.3.3 Legitimate Interests

Alumni Success Tracking: Long-term impact measurement (with consent)
Industry Research: Anonymized data for ecosystem development research
Historical Records: Significant achievements and milestones (with consent)
Reference Materials: Best practices and case studies (anonymized)

11.4 Data Minimization and Archiving

11.4.1 Progressive Data Reduction

6 Months: Remove unnecessary personal identifiers
1 Year: Archive detailed interaction logs
2 Years: Aggregate individual data for analytics
5 Years: Convert to anonymized statistical summaries

11.4.2 Secure Archiving

Encrypted Storage: Enhanced encryption for archived data
Limited Access: Restricted access to archived information
Regular Validation: Periodic verification of archive integrity
Migration Planning: Technology updates to maintain accessibility

12. Cookies and Website Technologies

12.1 Types of Cookies We Use

12.1.1 Essential Cookies

Purpose: Basic website functionality and security Examples:

User authentication and session management
Security features and fraud prevention
Load balancing and performance optimization
Language and regional preferences

Legal Basis: Necessary for service provision Retention: Session duration or up to 1 year for security features

12.1.2 Analytics Cookies

Purpose: Understanding website usage and performance Examples:

Google Analytics for visitor statistics
Page performance monitoring
User journey analysis
Feature usage tracking

Legal Basis: Legitimate interest in service improvement Retention: Up to 26 months (Google Analytics standard) Opt-Out: Available through browser settings or our cookie preferences

12.1.3 Preference Cookies

Purpose: Remembering your choices and customizing experience Examples:

Language and region settings
Display preferences and accessibility options
Form data for convenience
Newsletter subscription preferences

Legal Basis: Legitimate interest in user experience Retention: Up to 2 years Control: Managed through your account settings

12.1.4 Marketing and Advertising Cookies

Purpose: Delivering relevant content and measuring campaign effectiveness Examples:

Interest-based advertising
Social media integration
Email campaign tracking
Content personalization

Legal Basis: Consent (required before placement) Retention: Up to 13 months Control: Full opt-in/opt-out control through cookie banner and preferences

12.2 Third-Party Cookies and Integrations

12.2.1 Analytics Providers

Google Analytics:

Purpose: Website traffic analysis, user behavior insights
Data Shared: Anonymized usage data, demographic information
Privacy Controls: IP anonymization, data retention controls
Opt-Out: Available at https://tools.google.com/dlpage/gaoptout

12.2.2 Social Media Plugins

LinkedIn, Twitter, Facebook:

Purpose: Content sharing, professional networking integration
Data Shared: Page visits, content interactions
Control: Social media login required for data sharing
Privacy: Governed by respective platform privacy policies

12.2.3 Video and Content Platforms

YouTube, Vimeo:

Purpose: Educational content, program videos, testimonials
Data Shared: Video viewing behavior, engagement metrics
Control: Embedded videos with privacy-enhanced mode
Opt-Out: Available through platform settings

12.3 Cookie Management and Control

12.3.1 Browser Controls

Cookie Settings:

Block All: Disable all cookies (may impair website functionality)
Block Third-Party: Allow only first-party cookies
Selective Blocking: Choose specific categories
Regular Clearing: Automatic deletion of stored cookies

Popular Browser Instructions:

Chrome: Settings > Privacy and Security > Cookies
Firefox: Settings > Privacy & Security > Cookies and Site Data
Safari: Preferences > Privacy > Cookies and Website Data
Edge: Settings > Site Permissions > Cookies and Site Data

12.3.2 Our Cookie Preference Center

Granular Controls:

Essential: Cannot be disabled (required for basic functionality)
Analytics: Enable/disable usage tracking
Preferences: Control convenience features
Marketing: Full control over advertising and personalization

Access: Cookie preferences available through:

Initial cookie banner when you visit our site
Footer link on every page
Account settings (for registered users)